+# Debian SSO class.
+#
+# This sets up the web service as well as the LDAP backend for ftmg
class roles::sso {
include apache2
include roles::sso_rp
key => true,
}
+ $ftmg_dsa_root_password = hkdf('/etc/puppet/secret', "roles::sso::slapd-ftmg::${::fqdn}")
+
ensure_packages ( [
'slapd',
], {
notify => Service['slapd'],
}
file { '/etc/ldap/slapd-ftmg.conf':
- source => 'puppet:///modules/roles/sso/slapd-ftmg.conf',
- notify => Service['slapd'],
+ content => template('roles/sso/slapd-ftmg.conf.erb'),
+ notify => Service['slapd'],
}
file { '/etc/default/slapd':
source => 'puppet:///modules/roles/sso/default-slapd',
notify => Service['slapd'],
}
+ file { '/var/lib/ldap-ftmg':
+ ensure => directory,
+ mode => '0700',
+ owner => 'openldap',
+ group => 'openldap',
+ notify => Service['slapd'],
+ }
file { '/etc/ldap/schema/openssh-ldap.schema':
source => 'puppet:///modules/roles/sso/openssh-ldap.schema',
--- /dev/null
+# slapd configuration for SSO's user management DB, ftmg
+
+moduleload back_mdb
+database mdb
+directory "/var/lib/ldap-ftmg"
+suffix "dc=ftmg,dc=sso,dc=debian,dc=org"
+
+rootdn "cn=root,dc=ftmg,dc=sso,dc=debian,dc=org"
+rootpw "<%= @ftmg_dsa_root_password %>"
+
+maxsize 134217728
+checkpoint 131072 5
+
+index cn,sn,uid pres,eq,approx,sub
+index objectClass eq
+
+access to *
+ by dn="cn=admin,dc=ftmg,dc=sso,dc=debian,dc=org" write
+ by * break
+
+access to attrs=userPassword
+ by self write
+ by * break
+
+access to *
+ by anonymous auth
+ by * break
projects / mirror / dsa-puppet.git / commitdiff