Puppet Class: ldap::client::sssd

Defined in:
modules/ldap/manifests/client/sssd.pp

Overview

Parameters:

  • ldapconfig (Any)
  • ldapincludes (Any)


5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
# File 'modules/ldap/manifests/client/sssd.pp', line 5

class ldap::client::sssd(
    $ldapconfig,
    $ldapincludes,
) {
    # this provides the /etc/ldap.yaml file, which is used to
    # lookup for sshkeys. We could switch at some point to a native
    # sssd mechanism for that, but meanwhile...
    include ::ldap::yamlcreds

    $packages_present = [
        'libpam-sss',
        'libnss-sss',
        'libsss-sudo',
        'sssd',
    ]

    # mkhomedir is not enabled automatically; activate it if needed
    exec { 'pam-auth-enable-mkhomedir':
        command => '/usr/sbin/pam-auth-update --force --enable mkhomedir',
        unless  => '/bin/grep pam_mkhomedir.so /etc/pam.d/common-session',
        require => Package['sssd', 'libpam-sss'],
    }

    package { $packages_present:
        ensure => 'present',
    }

    file { '/etc/nsswitch.conf':
        ensure  => 'present',
        content => file('ldap/nsswitch-sssd.conf'),
    }

    file { '/etc/sssd/sssd.conf':
        ensure  => 'present',
        owner   => 'root',
        group   => 'root',
        mode    => '0600',
        content => template('ldap/sssd.conf.erb'),
        notify  => Service['sssd'],
        require => Package['sssd'],
    }

    service { 'sssd':
        ensure  => 'running',
        require => [Package['sssd'], File['/etc/sssd/sssd.conf']],
    }

    #
    # start of avoid confusions section
    $packages_absent = [
        'nscd',
        'nslcd',
        'sudo-ldap',
    ]

    package { $packages_absent:
        ensure => 'absent',
    }

    $files_absent = [
        '/etc/nscd.conf',
        '/etc/nslcd.conf',
        '/etc/sudo-ldap.conf',
    ]

    file { $files_absent:
        ensure => 'absent',
    }
    # end of avoid confusions section
    #
}