forked from Mylezeem/puppet-authconfig
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request Mylezeem#36 from jearls/improve-sssd-configuration
Improve sssd configuration
- Loading branch information
Showing
3 changed files
with
53 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -119,6 +119,11 @@ | |
# | ||
#Whether to automatically create user home dir on first login | ||
# | ||
# [*rfc2307bis*] | ||
# Boolean to determine if the LDAP schema uses rfc2307 (false) or rfc2307bis (true). | ||
# If this value is `true` on a system that does not support rfc2307bis, a catalog error will be generated. | ||
# (Default: false) | ||
# | ||
# === Authors | ||
# | ||
# Yanis Guenane <[email protected]> | ||
|
@@ -165,6 +170,7 @@ | |
$smartc = false, | ||
$smartcaction = false, | ||
$smartcrequire = false, | ||
$rfc2307bis = false, | ||
) inherits authconfig::params { | ||
|
||
case $::osfamily { | ||
|
@@ -204,6 +210,8 @@ | |
|
||
if $ldaploadcacert { | ||
$ldaploadcacert_val = "--ldaploadcacert='${ldaploadcacert}'" | ||
} else { | ||
$ldaploadcacert_val = '' | ||
} | ||
|
||
if $ldapserver { | ||
|
@@ -220,8 +228,22 @@ | |
default => '--disablesssdauth', | ||
} | ||
|
||
if $authconfig::params::enablerfc2307bis_allowed { | ||
$rfc2307bis_flg = $rfc2307bis ? { | ||
true => '--enablerfc2307bis' , | ||
default => '--disablerfc2307bis' , | ||
} | ||
} elsif $rfc2307bis { | ||
fail('rfc2307bis is not supported on client operating system') | ||
} else { | ||
$rfc2307bis_flg = '' | ||
} | ||
|
||
if $::osfamily == 'RedHat' { | ||
if versioncmp($::operatingsystemmajrelease, '6') >= 0 { | ||
# put $::operatingsystemmajrelease in quotes to force it to a string. | ||
# to make lint happy, the string has to have more than just the bare variable. :P | ||
# so compare ${::operatingsystemmajrelease}.0 against 6.0 | ||
if versioncmp("${::operatingsystemmajrelease}.0", '6.0') >= 0 { | ||
$forcelegacy_flg = $forcelegacy ? { | ||
true => '--enableforcelegacy', | ||
default => '--disableforcelegacy', | ||
|
@@ -461,7 +483,7 @@ | |
$extra_flags = "${preferdns_flg} ${forcelegacy_flg} ${pamaccess_flg}" | ||
|
||
$pass_flags = "${md5_flg} ${passalgo_val} ${shadow_flg}" | ||
$authconfig_flags = "${ldap_flags} ${nis_flags} ${pass_flags} ${krb5_flags} ${winbind_flags} ${extra_flags} ${cache_flg} ${mkhomedir_flg} ${sssd_flg} ${sssdauth_flg} ${locauthorize_flg} ${sysnetauth_flg} ${smartcard_flags}" | ||
$authconfig_flags = "${ldap_flags} ${nis_flags} ${pass_flags} ${krb5_flags} ${winbind_flags} ${extra_flags} ${cache_flg} ${mkhomedir_flg} ${sssd_flg} ${sssdauth_flg} ${rfc2307bis_flg} ${locauthorize_flg} ${sysnetauth_flg} ${smartcard_flags}" | ||
$authconfig_update_cmd = "authconfig ${authconfig_flags} --updateall" | ||
$authconfig_test_cmd = "authconfig ${authconfig_flags} --test" | ||
$exec_check_cmd = "/usr/bin/test \"`${authconfig_test_cmd}`\" = \"`authconfig --test`\"" | ||
|
@@ -484,7 +506,23 @@ | |
} | ||
} | ||
|
||
if $ldap { | ||
if $sssd { | ||
# if we're using sssd, then sssd takes care of ldap connectivity. | ||
# therefore, we only need the sssd packages and services, not the | ||
# ldap packages and services | ||
package { $authconfig::params::sssd_packages: | ||
ensure => installed, | ||
} | ||
# sssd services must only run after the authconfig command has set | ||
# up the config. | ||
service { $authconfig::params::sssd_services: | ||
ensure => running, | ||
enable => true, | ||
hasstatus => true, | ||
hasrestart => true, | ||
require => Exec['authconfig command'], | ||
} | ||
} elsif $ldap { | ||
package { $authconfig::params::ldap_packages: | ||
ensure => installed, | ||
} -> | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters