184 lines
4.5 KiB
Puppet
184 lines
4.5 KiB
Puppet
#
|
|
# insalls lam (LDAP Account Manager)
|
|
#
|
|
|
|
class wmdeit_ldap::lam(
|
|
$archive = "lam_7_2.tar.gz",
|
|
$domain = 'default1',
|
|
$logdestination = "SYSLOG",
|
|
$lamloglevel = 4,
|
|
$master_password = "lam",
|
|
$master_password_salt = "ABCD1234",
|
|
|
|
$configs = {
|
|
"wmde" => {}
|
|
}
|
|
|
|
) {
|
|
$arcfile = "/tmp/$archive"
|
|
$extractdir = "/var/www/ldapaccountmanager"
|
|
$docroot = "$extractdir/lam"
|
|
|
|
$encoded_master_password= strip (regsubst(
|
|
generate ("/bin/sh", "-c", "echo -n $master_password$master_password_salt | openssl dgst -binary -sha1 | openssl base64")
|
|
, '\n', "\n "))
|
|
|
|
$encoded_master_password_salt = strip(regsubst(
|
|
generate("/bin/sh","-c", "echo -n $master_password_salt | openssl base64")
|
|
, '\n', "\n "))
|
|
|
|
class { 'apache':
|
|
default_vhost => false,
|
|
mpm_module => 'prefork',
|
|
}
|
|
|
|
class { 'apache::mod::php':
|
|
# php_version => '7.3'
|
|
}
|
|
|
|
class { '::php':
|
|
extensions => {
|
|
curl => {},
|
|
ldap => {},
|
|
gd => {},
|
|
gmp => {},
|
|
zip => {},
|
|
},
|
|
notify => Service["apache2"],
|
|
require => Class["apache"]
|
|
}
|
|
|
|
file {"/var/www":
|
|
ensure => "directory"
|
|
} ->
|
|
archive {"$arcfile":
|
|
ensure => present,
|
|
source => "https://srcsrv.wikimedia.de/WMDE/LDAPAccountManager/archive/$archive",
|
|
extract => true,
|
|
extract_path => "/var/www",
|
|
creates => $extractdir
|
|
} ->
|
|
apache::vhost { $domain:
|
|
port => '80',
|
|
docroot => $docroot
|
|
} ->
|
|
file {["$docroot/tmp","$docroot/sess"]:
|
|
ensure => directory,
|
|
owner => "www-data"
|
|
} ->
|
|
file {"$docroot/config/config.cfg":
|
|
ensure => file,
|
|
content => template("wmdeit_ldap/lam-config.cfg.erb"),
|
|
owner => "www-data",
|
|
} ->
|
|
file {"$docroot/config/profiles":
|
|
ensure => directory,
|
|
} ->
|
|
file {"$docroot/config/pdf":
|
|
ensure => directory,
|
|
} ->
|
|
file {"$docroot/lib/modules/wmdeGroup.inc":
|
|
ensure => file,
|
|
content => file("wmdeit_ldap/wmdeGroup.inc")
|
|
}
|
|
|
|
$configs.each | String $name, $conf | {
|
|
$password = $conf['password'] ? {
|
|
undef => '1234',
|
|
default => $conf['password'],
|
|
}
|
|
$password_salt = $conf['password_salt'] ? {
|
|
undef => '5678',
|
|
default => $conf['password_salt'],
|
|
}
|
|
|
|
$encoded_password= strip (regsubst(
|
|
generate ("/bin/sh", "-c", "echo -n $password$password_salt | openssl dgst -binary -sha1 | openssl base64")
|
|
, '\n', "\n "))
|
|
|
|
$encoded_password_salt = strip(regsubst(
|
|
generate("/bin/sh","-c", "echo -n $password_salt | openssl base64")
|
|
, '\n', "\n "))
|
|
|
|
$base64pw = base64( 'encode',"LAM_OBFUSCATE:${conf['login_search_password']}")
|
|
$spw = strip (regsubst(
|
|
generate("/bin/sh","-c", "echo -n '$base64pw' | /usr/bin/rot13")
|
|
, '\n', "\n "))
|
|
|
|
wmdeit_ldap::lam::config {$name:
|
|
encoded_password => $encoded_password,
|
|
encoded_password_salt => $encoded_password_salt,
|
|
suffix_user => $conf['suffix_user'],
|
|
suffix_group => $conf['suffix_group'],
|
|
tree_suffix => $conf['tree_suffix'],
|
|
admins => $conf['admins'],
|
|
login_method => $conf['login_method'] ? {undef => "list", default => $conf['login_method']},
|
|
login_search_suffix => $conf['login_search_suffix'],
|
|
login_search_dn => $conf['login_search_dn'],
|
|
login_search_filter => $conf['login_search_filter'] ? {
|
|
undef => "uid=%USER%",
|
|
default => $conf['login_search_filter']
|
|
},
|
|
|
|
login_search_password => $conf['login_search_password'] ? {
|
|
undef => "",
|
|
default => $spw
|
|
},
|
|
|
|
server_url => $conf['server_url'] ? {
|
|
undef => 'ldap://localhost:389',
|
|
default => $conf['server_url'],
|
|
},
|
|
}
|
|
}
|
|
|
|
}
|
|
|
|
|
|
define wmdeit_ldap::lam::config
|
|
(
|
|
$encoded_password,
|
|
$encoded_password_salt,
|
|
$tree_suffix,
|
|
$suffix_user = "ou=People,$tree_suffix",
|
|
$suffix_group = "ou=Groups,$tree_suffix",
|
|
$docroot = $::wmdeit_ldap::lam::docroot,
|
|
$admins = [],
|
|
$login_method = "search",
|
|
$login_search_suffix = "",
|
|
$login_search_dn = "",
|
|
$login_search_filter = "",
|
|
$login_search_password = "",
|
|
$server_url ,
|
|
|
|
|
|
){
|
|
if (!$suffix_user) or (!$suffix_group) {
|
|
fail("no suffix_user or suffix_group given")
|
|
}
|
|
|
|
file {"$docroot/config/$title.conf":
|
|
ensure => file,
|
|
content => template("wmdeit_ldap/wmde.conf.erb"),
|
|
owner => "www-data",
|
|
require => File["$docroot/config/pdf"],
|
|
} ->
|
|
file {"$docroot/config/profiles/$title":
|
|
ensure=>directory
|
|
}->
|
|
file{"$docroot/config/profiles/$title/default.user":
|
|
ensure=>file,
|
|
content => template("wmdeit_ldap/default.user.erb")
|
|
} ->
|
|
file{"$docroot/config/profiles/$title/default.group":
|
|
ensure=>file,
|
|
content => template("wmdeit_ldap/default.group.erb")
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|