X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Fmanifests%2Fsso.pp;h=4da64ebd298ac540221b19e882922c6170368772;hb=78a3e4b7ce4106394e9687ace9f910bd41242bf2;hp=052ddc1f5282449f11b1bc1e6daee0a7b8434300;hpb=d43ef61f9eac309f7fd70901a9e8bdd771258529;p=mirror%2Fdsa-puppet.git

diff --git a/modules/roles/manifests/sso.pp b/modules/roles/manifests/sso.pp
index 052ddc1f5..4da64ebd2 100644
--- a/modules/roles/manifests/sso.pp
+++ b/modules/roles/manifests/sso.pp
@@ -1,3 +1,6 @@
+# Debian SSO class.
+#
+# This sets up the web service as well as the LDAP backend for ftmg
 class roles::sso {
   include apache2
   include roles::sso_rp
@@ -11,6 +14,8 @@ class roles::sso {
     key    => true,
   }
 
+  $ftmg_dsa_root_password = hkdf('/etc/puppet/secret', "roles::sso::slapd-ftmg::${::fqdn}")
+
   ensure_packages ( [
     'slapd',
     ], {
@@ -29,13 +34,22 @@ class roles::sso {
     notify => Service['slapd'],
   }
   file { '/etc/ldap/slapd-ftmg.conf':
-    source => 'puppet:///modules/roles/sso/slapd-ftmg.conf',
-    notify => Service['slapd'],
+    content => template('roles/sso/slapd-ftmg.conf.erb'),
+    notify  => Service['slapd'],
+    group   => 'openldap',
+    mode    => '0440',
   }
   file { '/etc/default/slapd':
     source => 'puppet:///modules/roles/sso/default-slapd',
     notify => Service['slapd'],
   }
+  file { '/var/lib/ldap-ftmg':
+    ensure => directory,
+    mode   => '0700',
+    owner  => 'openldap',
+    group  => 'openldap',
+    notify => Service['slapd'],
+  }
 
   file { '/etc/ldap/schema/openssh-ldap.schema':
     source => 'puppet:///modules/roles/sso/openssh-ldap.schema',