Add domain parameter and deliver idmapd.conf. Ensure /etc/pam_ldap.conf, /etc/openldap/ldap.conf and /etc/ldap.conf all have the same content as different tools look for them in different places.

Author: erwbgy

manifests/config.pp

@@ -1,6 +1,7 @@
 class pamldap::config (
   $base_dn,
   $uris,
+  $domain,
 ) {
   $uris_space = join($uris, ' ')
   $uris_comma = join($uris, ',')
@@ -23,18 +24,31 @@
     require => Class['pamldap::install'],
     notify  => Class['pamldap::service'],
   }
-  file { [ '/etc/ldap.conf', '/etc/openldap/ldap.conf' ]:
+  file { '/etc/ldap.conf':
     ensure  => present,
     mode    => '0444',
     content => template('pamldap/ldap.conf.erb'),
     require => Class['pamldap::install'],
     notify  => Class['pamldap::service'],
   }
+  file { [ '/etc/pam_ldap.conf', '/etc/openldap/ldap.conf' ]:
+    ensure  => link,
+    target  => '/etc/ldap.conf',
+    require => File['/etc/ldap.conf'],
+    notify  => Class['pamldap::service'],
+  }
   file { '/etc/sssd/sssd.conf':
     ensure  => present,
     mode    => '0600',
     content => template('pamldap/sssd.conf.erb'),
     require => Class['pamldap::install'],
     notify  => Class['pamldap::service'],
   }
+  file { '/etc/idmapd.conf':
+    ensure  => present,
+    mode    => '0644',
+    content => template('pamldap/idmapd.conf.erb'),
+    require => Class['pamldap::install'],
+    notify  => Class['pamldap::service'],
+  }
 }

manifests/init.pp

@@ -1,9 +1,11 @@
 class pamldap (
   $base_dn = hiera('pamldap::base_dn'),
+  $domain  = hiera('pamldap::domain'),
   $uris    = hiera('pamldap::uris'),
 ) {
   class { 'pamldap::config':
     base_dn => $base_dn,
+    domain  => $domain,
     uris    => $uris,
   }
   include pamldap::install

templates/idmapd.conf.erb

@@ -0,0 +1,13 @@
+# Managed by Puppet
+[General]
+Domain = <%= @domain %>
+
+[Mapping]
+Nobody-User = nobody
+Nobody-Group = nobody
+
+[Translation]
+Method = nsswitch
+
+[Static]
+