|
|
@ -11,6 +11,7 @@ class wmdeit_ldap ( |
|
|
|
$database, |
|
|
|
$rootdn, |
|
|
|
$rootpw, |
|
|
|
$starttls = "no", |
|
|
|
|
|
|
|
$serverid, |
|
|
|
$simple_bind_tls = "128", |
|
|
@ -92,9 +93,8 @@ class wmdeit_ldap ( |
|
|
|
], |
|
|
|
|
|
|
|
# let users modify their passwords, and disable read acess to all others |
|
|
|
# '4 to attrs=userPassword filter=(!(memberof=cn=NOLOGIN,ou=Groups,dc=wikimedia,dc=de))' => [ |
|
|
|
# '4 to attrs=userPassword filter=(!(shadowExpire=0))' => [ |
|
|
|
'4 to attrs=userPassword' => [ |
|
|
|
'4 to attrs=userPassword filter=(!(memberof=cn=NOLOGIN,ou=Groups,dc=wikimedia,dc=de))' => [ |
|
|
|
# '4 to attrs=userPassword' => [ |
|
|
|
"by self write", |
|
|
|
"by anonymous auth", |
|
|
|
"by * none", |
|
|
@ -280,7 +280,7 @@ class wmdeit_ldap ( |
|
|
|
$mirrormode=true |
|
|
|
$syncrepl = $syncrepl_providers.map |Integer $index, $provider| { |
|
|
|
$i = $index+1 |
|
|
|
"rid=00$i provider=${provider[proto]}://${provider[host]}:${provider[port]} binddn=\"$rootdn\" bindmethod=simple credentials=$rootpw searchbase=\"$database\" scope=sub attrs=\"*,+\" filter=\"(objectClass=*)\" type=refreshAndPersist tls_cacert=$cacert tls_key=$privkey tls_cert=$pubcert starttls=yes retry=\"3 60 6 300 30 +\" timeout=1" |
|
|
|
"rid=00$i provider=${provider[proto]}://${provider[host]}:${provider[port]} binddn=\"$rootdn\" bindmethod=simple credentials=$rootpw searchbase=\"$database\" scope=sub attrs=\"*,+\" filter=\"(objectClass=*)\" type=refreshAndPersist tls_cacert=$cacert tls_key=$privkey tls_cert=$pubcert starttls=$starttls retry=\"3 60 6 300 30 +\" timeout=1" |
|
|
|
} |
|
|
|
$syncrepl_providers.each |Integer $index, $provider| { |
|
|
|
if $provider[ip] { |
|
|
@ -315,9 +315,10 @@ class wmdeit_ldap ( |
|
|
|
ensure => present, |
|
|
|
} |
|
|
|
-> |
|
|
|
openldap::server::overlay { "smbk5pwd on $database": |
|
|
|
ensure => present, |
|
|
|
} |
|
|
|
# openldap::server::overlay { "smbk5pwd on $database": |
|
|
|
# ensure => present, |
|
|
|
# } |
|
|
|
|
|
|
|
# openldap::server::overlay { "ppolicy on $database": |
|
|
|
# ensure => absent, |
|
|
|
# } |
|
|
|