From 2be2f8ead5926e8de333a2a33b581c664484c2f8 Mon Sep 17 00:00:00 2001
From: tohe <tobias.herre@wikimedia.de>
Date: Tue, 25 Aug 2020 09:32:19 +0200
Subject: [PATCH] Sets a password for LAM config

---
 manifests/lam.pp        | 22 +++++++++++++++++++++-
 templates/wmde.conf.erb |  3 ++-
 2 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/manifests/lam.pp b/manifests/lam.pp
index 1912515..ba437ca 100644
--- a/manifests/lam.pp
+++ b/manifests/lam.pp
@@ -11,7 +11,7 @@ class wmdeit_ldap::lam(
 	$master_password_salt = "ABCD1234",
 
 	$configs = {
-		"wmde" => ""
+		"wmde" => {}
 	}
 
 ) {
@@ -83,6 +83,26 @@ class wmdeit_ldap::lam(
 	}
 
 	$configs.each | String $name, $conf | {
+		$password =  $conf['password'] ? {
+			undef          => '1234',
+			default        => $conf['password'],
+		}
+		$password_salt =  $conf['password_salt'] ? {
+			undef          => '5678',
+			default        => $conf['password_salt'],
+		}
+
+		$encoded_password= strip (regsubst(
+			generate ("/bin/sh", "-c", "echo -n $password$password_salt | openssl dgst -binary -sha1 | openssl base64")
+		, '\n', "\n "))
+
+		$encoded_password_salt = strip(regsubst(
+		 generate("/bin/sh","-c", "echo -n $password_salt | openssl base64")
+		,  '\n', "\n "))
+
+
+
+
 		file {"$docroot/config/$name.conf":
 			ensure => file,
 			content => template("wmdeit_ldap/wmde.conf.erb"),
diff --git a/templates/wmde.conf.erb b/templates/wmde.conf.erb
index bef25d3..a1fe504 100644
--- a/templates/wmde.conf.erb
+++ b/templates/wmde.conf.erb
@@ -13,7 +13,8 @@ ServerURL: ldap://localhost:389
 Admins: cn=admin,dc=wikimedia,dc=de
 
 # password to change these preferences via webfrontend (default: lam)
-Passwd: {SSHA}T7uRmkbOgzr9k0BVJi1GvqqwJJQ= iaZAeQ==
+#Passwd: {SSHA}T7uRmkbOgzr9k0BVJi1GvqqwJJQ= iaZAeQ==
+Passwd: {SSHA}<%= @encoded_password %> <%= @encoded_password_salt %>
 
 # suffix of tree view
 # e.g. dc=yourdomain,dc=org