# # insalls lam (LDAP Account Manager) # class wmdeit_ldap::lam( $archive = "lam_7_2.tar.gz", $domain = 'default1', $logdestination = "SYSLOG", $lamloglevel = 4, $master_password = "lam", $master_password_salt = "ABCD1234", $configs = { "wmde" => {} } ) { $arcfile = "/tmp/$archive" $extractdir = "/var/www/ldapaccountmanager" $docroot = "$extractdir/lam" $encoded_master_password= strip (regsubst( generate ("/bin/sh", "-c", "echo -n $master_password$master_password_salt | openssl dgst -binary -sha1 | openssl base64") , '\n', "\n ")) $encoded_master_password_salt = strip(regsubst( generate("/bin/sh","-c", "echo -n $master_password_salt | openssl base64") , '\n', "\n ")) class { 'apache': default_vhost => false, mpm_module => 'prefork', } class { 'apache::mod::php': # php_version => '7.3' } class { '::php': extensions => { curl => {}, ldap => {}, gd => {}, gmp => {}, zip => {}, }, notify => Service["apache2"], require => Class["apache"] } file {"/var/www": ensure => "directory" } -> archive {"$arcfile": ensure => present, source => "https://srcsrv.wikimedia.de/WMDE/LDAPAccountManager/archive/$archive", extract => true, extract_path => "/var/www", creates => $extractdir } -> apache::vhost { $domain: port => '80', docroot => $docroot } -> file {["$docroot/tmp","$docroot/sess"]: ensure => directory, owner => "www-data" } -> file {"$docroot/config/config.cfg": ensure => file, content => template("wmdeit_ldap/lam-config.cfg.erb"), owner => "www-data", } -> file {"$docroot/config/profiles": ensure => directory, } -> file {"$docroot/config/pdf": ensure => directory, } -> file {"$docroot/lib/modules/wmdeGroup.inc": ensure => file, content => file("wmdeit_ldap/wmdeGroup.inc") } $configs.each | String $name, $conf | { $password = $conf['password'] ? { undef => '1234', default => $conf['password'], } $password_salt = $conf['password_salt'] ? { undef => '5678', default => $conf['password_salt'], } $encoded_password= strip (regsubst( generate ("/bin/sh", "-c", "echo -n $password$password_salt | openssl dgst -binary -sha1 | openssl base64") , '\n', "\n ")) $encoded_password_salt = strip(regsubst( generate("/bin/sh","-c", "echo -n $password_salt | openssl base64") , '\n', "\n ")) $base64pw = base64( 'encode',"LAM_OBFUSCATE:${conf['login_search_password']}") $spw = strip (regsubst( generate("/bin/sh","-c", "echo -n '$base64pw' | /usr/bin/rot13") , '\n', "\n ")) wmdeit_ldap::lam::config {$name: encoded_password => $encoded_password, encoded_password_salt => $encoded_password_salt, suffix_user => $conf['suffix_user'], suffix_group => $conf['suffix_group'], tree_suffix => $conf['tree_suffix'], admins => $conf['admins'], login_method => $conf['login_method'] ? {undef => "list", default => $conf['login_method']}, login_search_suffix => $conf['login_search_suffix'], login_search_dn => $conf['login_search_dn'], login_search_filter => $conf['login_search_filter'] ? { undef => "uid=%USER%", default => $conf['login_search_filter'] }, login_search_password => $conf['login_search_password'] ? { undef => "", default => $spw }, server_url => $conf['server_url'] ? { undef => 'ldap://localhost:389', default => $conf['server_url'], }, } } } define wmdeit_ldap::lam::config ( $encoded_password, $encoded_password_salt, $tree_suffix, $suffix_user = "ou=People,$tree_suffix", $suffix_group = "ou=Groups,$tree_suffix", $docroot = $::wmdeit_ldap::lam::docroot, $admins = [], $login_method = "search", $login_search_suffix = "", $login_search_dn = "", $login_search_filter = "", $login_search_password = "", $server_url , ){ if (!$suffix_user) or (!$suffix_group) { fail("no suffix_user or suffix_group given") } file {"$docroot/config/$title.conf": ensure => file, content => template("wmdeit_ldap/wmde.conf.erb"), owner => "www-data", require => File["$docroot/config/pdf"], } -> file {"$docroot/config/profiles/$title": ensure=>directory }-> file{"$docroot/config/profiles/$title/default.user": ensure=>file, content => template("wmdeit_ldap/default.user.erb") } -> file{"$docroot/config/profiles/$title/default.group": ensure=>file, content => template("wmdeit_ldap/default.group.erb") } }