X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Fmanifests%2Fsso.pp;h=dc2837f882b6e21d688b03b8cdda31f5709d9271;hb=4bcc03b6b6893ed1f6cddc277930cc48756b40a3;hp=6cda237e622e33a4ce06eb827335bd654f641733;hpb=69fbd668fcafaa6a02007acb59210367ee18ec7f;p=mirror%2Fdsa-puppet.git

diff --git a/modules/roles/manifests/sso.pp b/modules/roles/manifests/sso.pp
index 6cda237e6..dc2837f88 100644
--- a/modules/roles/manifests/sso.pp
+++ b/modules/roles/manifests/sso.pp
@@ -1,5 +1,15 @@
-class roles::sso {
+# Debian SSO class.
+#
+# This sets up the web service as well as the LDAP backend for ftmg
+#
+# @param db_address     hostname of the postgres server for this service
+# @param db_port        port of the postgres server for this service
+class roles::sso (
+  String  $db_address,
+  Integer $db_port,
+) {
   include apache2
+  include roles::sso_rp
 
   ssl::service { 'sso.debian.org':
     notify => Exec['service apache2 reload'],
@@ -10,6 +20,8 @@ class roles::sso {
     key    => true,
   }
 
+  $ftmg_dsa_root_password = hkdf('/etc/puppet/secret', "roles::sso::slapd-ftmg::${::fqdn}")
+
   ensure_packages ( [
     'slapd',
     ], {
@@ -28,11 +40,33 @@ class roles::sso {
     notify => Service['slapd'],
   }
   file { '/etc/ldap/slapd-ftmg.conf':
-    source => 'puppet:///modules/roles/sso/slapd-ftmg.conf',
-    notify => Service['slapd'],
+    content => template('roles/sso/slapd-ftmg.conf.erb'),
+    notify  => Service['slapd'],
+    group   => 'openldap',
+    mode    => '0440',
   }
   file { '/etc/default/slapd':
     source => 'puppet:///modules/roles/sso/default-slapd',
     notify => Service['slapd'],
   }
+  file { '/var/lib/ldap-ftmg':
+    ensure => directory,
+    mode   => '0700',
+    owner  => 'openldap',
+    group  => 'openldap',
+    notify => Service['slapd'],
+  }
+
+  file { '/etc/ldap/schema/openssh-ldap.schema':
+    source => 'puppet:///modules/roles/sso/openssh-ldap.schema',
+    notify => Service['slapd'],
+  }
+
+  @@postgres::cluster::hba_entry { "debsso-${::fqdn}":
+    tag      => "postgres::cluster::${db_port}::hba::${db_address}",
+    pg_port  => $db_port,
+    database => 'debsso',
+    user     => ['debsso', 'debssoweb'],
+    address  => $base::public_addresses,
+  }
 }