slapd-ftmg.conf has credentials, lock down modes

diff --git a/modules/roles/manifests/sso.pp b/modules/roles/manifests/sso.pp
index 6a119d4..4da64eb 100644 (file)
--- a/modules/roles/manifests/sso.pp
+++ b/modules/roles/manifests/sso.pp
@@ -36,6 +36,8 @@ class roles::sso {
   file { '/etc/ldap/slapd-ftmg.conf':
     content => template('roles/sso/slapd-ftmg.conf.erb'),
     notify  => Service['slapd'],
+    group   => 'openldap',
+    mode    => '0440',
   }
   file { '/etc/default/slapd':
     source => 'puppet:///modules/roles/sso/default-slapd',