5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
# File 'modules/ldap/manifests/client/sssd.pp', line 5
class ldap::client::sssd(
$ldapconfig,
) {
# this provides the /etc/ldap.yaml file, which is used to
# lookup for sshkeys. We could switch at some point to a native
# sssd mechanism for that, but meanwhile...
include ::ldap::yamlcreds
$packages_present = [
'libpam-sss',
'libnss-sss',
'libsss-sudo',
'sssd',
]
# On bullseye, the services are started by socket, so there's no need to duplicate them in the sssd config itself.
$services = debian::codename::eq('bullseye') ? {
true => [],
default => [
'nss',
'pam',
'ssh',
'sudo',
]
}
# mkhomedir is not enabled automatically; activate it if needed
exec { 'pam-auth-enable-mkhomedir':
command => '/usr/sbin/pam-auth-update --force --enable mkhomedir',
unless => '/bin/grep pam_mkhomedir.so /etc/pam.d/common-session',
require => Package['sssd', 'libpam-sss'],
}
package { $packages_present:
ensure => 'present',
}
file { '/etc/nsswitch.conf':
ensure => 'present',
content => file('ldap/nsswitch-sssd.conf'),
}
file { '/etc/sssd/sssd.conf':
ensure => 'present',
owner => 'root',
group => 'root',
mode => '0600',
content => template('ldap/sssd.conf.erb'),
notify => Service['sssd'],
require => Package['sssd'],
}
service { 'sssd':
ensure => 'running',
require => [Package['sssd'], File['/etc/sssd/sssd.conf']],
}
file { '/etc/ldap.conf':
content => template('ldap/ldap.conf.erb'),
}
#
# start of avoid confusions section
$packages_absent = [
'nscd',
'nslcd',
'sudo-ldap',
]
package { $packages_absent:
ensure => 'absent',
}
$files_absent = [
'/etc/nscd.conf',
'/etc/nslcd.conf',
'/etc/sudo-ldap.conf',
]
file { $files_absent:
ensure => 'absent',
}
# end of avoid confusions section
#
}
|