1 |
class pam { |
2 |
|
3 |
class base { |
4 |
package { ["pam_ldap","nss_ldap"]: |
5 |
ensure => installed, |
6 |
} |
7 |
|
8 |
file { "system-auth": |
9 |
path => "/etc/pam.d/system-auth", |
10 |
owner => root, |
11 |
group => root, |
12 |
mode => 644, |
13 |
content => template("pam/system-auth") |
14 |
} |
15 |
|
16 |
file { "nsswitch.conf": |
17 |
path => "/etc/nsswitch.conf", |
18 |
owner => root, |
19 |
group => root, |
20 |
mode => 644, |
21 |
content => template("pam/nsswitch.conf") |
22 |
} |
23 |
|
24 |
$nssldap_password = extlookup("nssldap_password",'x') |
25 |
|
26 |
file { "ldap.conf": |
27 |
path => "/etc/ldap.conf", |
28 |
owner => root, |
29 |
group => root, |
30 |
mode => 644, |
31 |
content => template("pam/ldap.conf") |
32 |
} |
33 |
} |
34 |
|
35 |
# for server where only admin can connect |
36 |
class admin_access inherits base { |
37 |
$access_class = "admin" |
38 |
# not sure if this line is needed anymore, wil check later |
39 |
} |
40 |
|
41 |
# for server where people can connect with ssh ( git, svn ) |
42 |
class commiters_access inherits base { |
43 |
$access_class = "commiters" |
44 |
} |
45 |
} |