disabled smbk5pwd, new parammter starttls, disable lgoin for members of NOLOGIN

This commit is contained in:
Tobias Herre 2021-05-31 15:06:55 +02:00
parent c396989424
commit 12369da5ab
1 changed files with 8 additions and 7 deletions

View File

@ -11,6 +11,7 @@ class wmdeit_ldap (
$database, $database,
$rootdn, $rootdn,
$rootpw, $rootpw,
$starttls = "no",
$serverid, $serverid,
$simple_bind_tls = "128", $simple_bind_tls = "128",
@ -92,9 +93,8 @@ class wmdeit_ldap (
], ],
# let users modify their passwords, and disable read acess to all others # let users modify their passwords, and disable read acess to all others
# '4 to attrs=userPassword filter=(!(memberof=cn=NOLOGIN,ou=Groups,dc=wikimedia,dc=de))' => [ '4 to attrs=userPassword filter=(!(memberof=cn=NOLOGIN,ou=Groups,dc=wikimedia,dc=de))' => [
# '4 to attrs=userPassword filter=(!(shadowExpire=0))' => [ # '4 to attrs=userPassword' => [
'4 to attrs=userPassword' => [
"by self write", "by self write",
"by anonymous auth", "by anonymous auth",
"by * none", "by * none",
@ -280,7 +280,7 @@ class wmdeit_ldap (
$mirrormode=true $mirrormode=true
$syncrepl = $syncrepl_providers.map |Integer $index, $provider| { $syncrepl = $syncrepl_providers.map |Integer $index, $provider| {
$i = $index+1 $i = $index+1
"rid=00$i provider=${provider[proto]}://${provider[host]}:${provider[port]} binddn=\"$rootdn\" bindmethod=simple credentials=$rootpw searchbase=\"$database\" scope=sub attrs=\"*,+\" filter=\"(objectClass=*)\" type=refreshAndPersist tls_cacert=$cacert tls_key=$privkey tls_cert=$pubcert starttls=yes retry=\"3 60 6 300 30 +\" timeout=1" "rid=00$i provider=${provider[proto]}://${provider[host]}:${provider[port]} binddn=\"$rootdn\" bindmethod=simple credentials=$rootpw searchbase=\"$database\" scope=sub attrs=\"*,+\" filter=\"(objectClass=*)\" type=refreshAndPersist tls_cacert=$cacert tls_key=$privkey tls_cert=$pubcert starttls=$starttls retry=\"3 60 6 300 30 +\" timeout=1"
} }
$syncrepl_providers.each |Integer $index, $provider| { $syncrepl_providers.each |Integer $index, $provider| {
if $provider[ip] { if $provider[ip] {
@ -315,9 +315,10 @@ class wmdeit_ldap (
ensure => present, ensure => present,
} }
-> ->
openldap::server::overlay { "smbk5pwd on $database": # openldap::server::overlay { "smbk5pwd on $database":
ensure => present, # ensure => present,
} # }
# openldap::server::overlay { "ppolicy on $database": # openldap::server::overlay { "ppolicy on $database":
# ensure => absent, # ensure => absent,
# } # }