X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Fmanifests%2Fsso.pp;h=4da64ebd298ac540221b19e882922c6170368772;hb=bf716a4daf9652bc9d1b77deac83a2b384fd78bc;hp=de296bdfff21794a0706aeb334e65678f573ffe0;hpb=901e4b7c11f0208519992c3230aebec0895b747a;p=mirror%2Fdsa-puppet.git

diff --git a/modules/roles/manifests/sso.pp b/modules/roles/manifests/sso.pp
index de296bdff..4da64ebd2 100644
--- a/modules/roles/manifests/sso.pp
+++ b/modules/roles/manifests/sso.pp
@@ -1,38 +1,58 @@
+# Debian SSO class.
+#
+# This sets up the web service as well as the LDAP backend for ftmg
 class roles::sso {
-	ssl::service { 'sso.debian.org':
-		notify  => Exec['service apache2 reload'],
-		key => true,
-	}
+  include apache2
+  include roles::sso_rp
 
-	ensure_packages ( [
-		"slapd",
-		], {
-		ensure => 'installed',
-	})
-	service { 'slapd':
-		ensure  => running,
-	}
-	file { '/etc/ldap/slapd.d':
-		ensure => absent,
-		force  => true,
-		notify  => Service['slapd'],
-	}
-	file { '/etc/ldap/slapd.conf':
-		source => 'puppet:///modules/roles/sso/slapd.conf',
-		notify  => Service['slapd'],
-	}
-	file { '/etc/ldap/slapd-ftmg.conf':
-		source => 'puppet:///modules/roles/sso/slapd-ftmg.conf',
-		notify  => Service['slapd'],
-	}
-	file { '/etc/default/slapd':
-		source => 'puppet:///modules/roles/sso/default-slapd',
-		notify  => Service['slapd'],
-	}
+  ssl::service { 'sso.debian.org':
+    notify => Exec['service apache2 reload'],
+    key    => true,
+  }
+  ssl::service { 'ftmg.sso.debian.org':
+    notify => Exec['service apache2 reload'],
+    key    => true,
+  }
 
+  $ftmg_dsa_root_password = hkdf('/etc/puppet/secret', "roles::sso::slapd-ftmg::${::fqdn}")
 
-	ssl::service { 'ftmg.sso.debian.org':
-		notify  => Exec['service apache2 reload'],
-		key => true,
-	}
+  ensure_packages ( [
+    'slapd',
+    ], {
+    ensure => 'installed',
+  })
+  service { 'slapd':
+    ensure  => running,
+  }
+  file { '/etc/ldap/slapd.d':
+    ensure => absent,
+    force  => true,
+    notify => Service['slapd'],
+  }
+  file { '/etc/ldap/slapd.conf':
+    source => 'puppet:///modules/roles/sso/slapd.conf',
+    notify => Service['slapd'],
+  }
+  file { '/etc/ldap/slapd-ftmg.conf':
+    content => template('roles/sso/slapd-ftmg.conf.erb'),
+    notify  => Service['slapd'],
+    group   => 'openldap',
+    mode    => '0440',
+  }
+  file { '/etc/default/slapd':
+    source => 'puppet:///modules/roles/sso/default-slapd',
+    notify => Service['slapd'],
+  }
+  file { '/var/lib/ldap-ftmg':
+    ensure => directory,
+    mode   => '0700',
+    owner  => 'openldap',
+    group  => 'openldap',
+    notify => Service['slapd'],
+  }
+
+  file { '/etc/ldap/schema/openssh-ldap.schema':
+    source => 'puppet:///modules/roles/sso/openssh-ldap.schema',
+    notify => Service['slapd'],
+  }
 }