Register manualroutes from the service class for the three services that had it hardc...

[mirror/dsa-puppet.git] / modules / roles / manifests / sso.pp

diff --git a/modules/roles/manifests/sso.pp b/modules/roles/manifests/sso.pp
index 6cda237..4da64eb 100644 (file)
--- a/modules/roles/manifests/sso.pp
+++ b/modules/roles/manifests/sso.pp
@@ -1,5 +1,9 @@
+# Debian SSO class.
+#
+# This sets up the web service as well as the LDAP backend for ftmg
 class roles::sso {
   include apache2
+  include roles::sso_rp
 
   ssl::service { 'sso.debian.org':
     notify => Exec['service apache2 reload'],
@@ -10,6 +14,8 @@ class roles::sso {
     key    => true,
   }
 
+  $ftmg_dsa_root_password = hkdf('/etc/puppet/secret', "roles::sso::slapd-ftmg::${::fqdn}")
+
   ensure_packages ( [
     'slapd',
     ], {
@@ -28,11 +34,25 @@ class roles::sso {
     notify => Service['slapd'],
   }
   file { '/etc/ldap/slapd-ftmg.conf':
-    source => 'puppet:///modules/roles/sso/slapd-ftmg.conf',
-    notify => Service['slapd'],
+    content => template('roles/sso/slapd-ftmg.conf.erb'),
+    notify  => Service['slapd'],
+    group   => 'openldap',
+    mode    => '0440',
   }
   file { '/etc/default/slapd':
     source => 'puppet:///modules/roles/sso/default-slapd',
     notify => Service['slapd'],
   }
+  file { '/var/lib/ldap-ftmg':
+    ensure => directory,
+    mode   => '0700',
+    owner  => 'openldap',
+    group  => 'openldap',
+    notify => Service['slapd'],
+  }
+
+  file { '/etc/ldap/schema/openssh-ldap.schema':
+    source => 'puppet:///modules/roles/sso/openssh-ldap.schema',
+    notify => Service['slapd'],
+  }
 }