43 |
content => template("pam/ldap.conf") |
content => template("pam/ldap.conf") |
44 |
} |
} |
45 |
} |
} |
46 |
|
|
47 |
|
define multiple_ldap_access($access_classes) { |
48 |
|
include base |
49 |
|
} |
50 |
|
|
51 |
# beware , this two classes are exclusive |
# beware , this two classes are exclusives |
52 |
|
# if you need multiple group access, you need to define you own class |
53 |
|
# of access |
54 |
|
|
55 |
# for server where only admins can connect |
# for server where only admins can connect |
56 |
class admin_access { |
class admin_access { |
57 |
$access_class = "admin" |
multiple_ldap_access { "admin_access": |
58 |
include base |
access_classes => ['mga-sysadmin'] |
59 |
|
} |
60 |
} |
} |
61 |
|
|
62 |
# for server where people can connect with ssh ( git, svn ) |
# for server where people can connect with ssh ( git, svn ) |
66 |
# user, and erase the password ( see pam_auth.c in openssh code, seek badpw ) |
# user, and erase the password ( see pam_auth.c in openssh code, seek badpw ) |
67 |
# so the file must exist |
# so the file must exist |
68 |
# permission to use svn, git, etc must be added separatly |
# permission to use svn, git, etc must be added separatly |
69 |
|
|
70 |
include restrictshell::shell |
include restrictshell::shell |
71 |
$access_class = "committers" |
|
72 |
include base |
multiple_ldap_access { "committers_access": |
73 |
|
access_classes => ['mga-commiters'] |
74 |
|
} |
75 |
} |
} |
76 |
} |
} |