puppet-pamldap/manifests/config.pp at master · erwbgy/puppet-pamldap · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
class pamldap::config (
  $base_dn,
  $uris,
) {
  $uris_space = join($uris, ' ')
  $uris_comma = join($uris, ',')

  # defaults
  File {
    owner => 'root',
    group => 'root',
  }
  file { '/etc/pam.d/system-auth-ac':
    ensure  => present,
    mode    => '0444',
    content => template('pamldap/system-auth.erb'),
    require => Class['pamldap::install'],
    notify  => Class['pamldap::service'],
  }
  file { '/etc/pam.d/system-auth':
    ensure  => present,
    target  => 'system-auth-ac',
    require => File['/etc/pam.d/system-auth-ac'],
  }
  file { '/etc/pam.d/password-auth-ac':
    ensure  => present,
    mode    => '0444',
    content => template('pamldap/password-auth.erb'),
    require => Class['pamldap::install'],
    notify  => Class['pamldap::service'],
  }
  file { '/etc/pam.d/password-auth':
    ensure  => present,
    target  => 'password-auth-ac',
    require => File['/etc/pam.d/password-auth-ac'],
  }
  file { '/etc/nsswitch.conf':
    ensure  => present,
    mode    => '0444',
    content => template('pamldap/nsswitch.conf.erb'),
    require => Class['pamldap::install'],
    notify  => Class['pamldap::service'],
  }
  file { '/etc/sssd/sssd.conf':
    ensure  => present,
    mode    => '0600',
    content => template('pamldap/sssd.conf.erb'),
    require => Class['pamldap::install'],
    notify  => Class['pamldap::service'],
  }

  case $::osfamily {
    'RedHat': {
      file { '/etc/ldap.conf':
        ensure  => present,
        mode    => '0444',
        content => template('pamldap/ldap.conf.erb'),
        require => Class['pamldap::install'],
        notify  => Class['pamldap::service'],
      }
      file { [ '/etc/pam_ldap.conf', '/etc/openldap/ldap.conf' ]:
        ensure  => link,
        target  => '/etc/ldap.conf',
        require => File['/etc/ldap.conf'],
        notify  => Class['pamldap::service'],
      }
    }
    'Debian': {
      file { '/etc/ldap/ldap.conf':
        ensure  => present,
        mode    => '0444',
        content => template('pamldap/ldap.conf.erb'),
        require => Class['pamldap::install'],
        notify  => Class['pamldap::service'],
      }
    }
  }
}