disabled smbk5pwd, new parammter starttls, disable lgoin for members of NOLOGIN

This commit is contained in:
Tobias Herre 2021-05-31 15:06:55 +02:00
parent c396989424
commit 12369da5ab
1 changed files with 8 additions and 7 deletions

View File

@ -11,6 +11,7 @@ class wmdeit_ldap (
$database,
$rootdn,
$rootpw,
$starttls = "no",
$serverid,
$simple_bind_tls = "128",
@ -92,9 +93,8 @@ class wmdeit_ldap (
],
# let users modify their passwords, and disable read acess to all others
# '4 to attrs=userPassword filter=(!(memberof=cn=NOLOGIN,ou=Groups,dc=wikimedia,dc=de))' => [
# '4 to attrs=userPassword filter=(!(shadowExpire=0))' => [
'4 to attrs=userPassword' => [
'4 to attrs=userPassword filter=(!(memberof=cn=NOLOGIN,ou=Groups,dc=wikimedia,dc=de))' => [
# '4 to attrs=userPassword' => [
"by self write",
"by anonymous auth",
"by * none",
@ -280,7 +280,7 @@ class wmdeit_ldap (
$mirrormode=true
$syncrepl = $syncrepl_providers.map |Integer $index, $provider| {
$i = $index+1
"rid=00$i provider=${provider[proto]}://${provider[host]}:${provider[port]} binddn=\"$rootdn\" bindmethod=simple credentials=$rootpw searchbase=\"$database\" scope=sub attrs=\"*,+\" filter=\"(objectClass=*)\" type=refreshAndPersist tls_cacert=$cacert tls_key=$privkey tls_cert=$pubcert starttls=yes retry=\"3 60 6 300 30 +\" timeout=1"
"rid=00$i provider=${provider[proto]}://${provider[host]}:${provider[port]} binddn=\"$rootdn\" bindmethod=simple credentials=$rootpw searchbase=\"$database\" scope=sub attrs=\"*,+\" filter=\"(objectClass=*)\" type=refreshAndPersist tls_cacert=$cacert tls_key=$privkey tls_cert=$pubcert starttls=$starttls retry=\"3 60 6 300 30 +\" timeout=1"
}
$syncrepl_providers.each |Integer $index, $provider| {
if $provider[ip] {
@ -315,9 +315,10 @@ class wmdeit_ldap (
ensure => present,
}
->
openldap::server::overlay { "smbk5pwd on $database":
ensure => present,
}
# openldap::server::overlay { "smbk5pwd on $database":
# ensure => present,
# }
# openldap::server::overlay { "ppolicy on $database":
# ensure => absent,
# }