From 48d5fd616bf812a8cdb3a2add8cfd3b3ee7bed90 Mon Sep 17 00:00:00 2001 From: Andrea Cristofori Date: Wed, 4 Nov 2015 16:11:26 +0000 Subject: [PATCH 1/4] Added: $ldap_group_search_base = 'ou=Groups,dc=org', $ldap_user_search_base = 'ou=People,dc=org', parameters --- manifests/init.pp | 2 ++ templates/sssd.conf.erb | 2 ++ 2 files changed, 4 insertions(+) diff --git a/manifests/init.pp b/manifests/init.pp index b6be1bd..2ebc248 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -120,6 +120,8 @@ $manage_nsswitch = true, $logsagent = undef, $debug_level = '0x02F0', + $ldap_group_search_base = 'ou=Groups,dc=org', + $ldap_user_search_base = 'ou=People,dc=org', ){ validate_re($provider, ['^ldap$', '^ipa$'], 'Supported providers for SSSD are ldap and ipa') diff --git a/templates/sssd.conf.erb b/templates/sssd.conf.erb index 7631a79..a08d3da 100644 --- a/templates/sssd.conf.erb +++ b/templates/sssd.conf.erb @@ -45,6 +45,8 @@ ldap_chpass_update_last_change = true ldap_pwd_policy = <%= scope.lookupvar('sssd::ldap_pwd_policy') %> ldap_account_expire_policy = shadow ldap_access_order = expire +ldap_group_search_base = <%= scope.lookupvar('sssd::ldap_group_search_base') %> +ldap_user_search_base = <%= scope.lookupvar('sssd::ldap_user_search_base') %> <% elsif scope.lookupvar('sssd::provider') == 'ipa' %> krb5_store_password_if_offline = true ipa_domain = <%= scope.lookupvar('sssd::domain') %> From 92d065bfd57e834551be60da88d7851e163db74c Mon Sep 17 00:00:00 2001 From: Andrea Cristofori Date: Wed, 11 Nov 2015 09:23:14 +0000 Subject: [PATCH 2/4] - undef for new parameters - chek if the proprerties are set --- manifests/init.pp | 4 ++-- templates/sssd.conf.erb | 4 ++++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 2ebc248..b6c9d91 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -120,8 +120,8 @@ $manage_nsswitch = true, $logsagent = undef, $debug_level = '0x02F0', - $ldap_group_search_base = 'ou=Groups,dc=org', - $ldap_user_search_base = 'ou=People,dc=org', + $ldap_group_search_base = undef, + $ldap_user_search_base = undef, ){ validate_re($provider, ['^ldap$', '^ipa$'], 'Supported providers for SSSD are ldap and ipa') diff --git a/templates/sssd.conf.erb b/templates/sssd.conf.erb index a08d3da..957047a 100644 --- a/templates/sssd.conf.erb +++ b/templates/sssd.conf.erb @@ -45,8 +45,12 @@ ldap_chpass_update_last_change = true ldap_pwd_policy = <%= scope.lookupvar('sssd::ldap_pwd_policy') %> ldap_account_expire_policy = shadow ldap_access_order = expire +<% if scope.lookupvar('sssd::ldap_group_search_base') -%> ldap_group_search_base = <%= scope.lookupvar('sssd::ldap_group_search_base') %> +<% end -%> +<% if scope.lookupvar('sssd::ldap_user_search_base') -%> ldap_user_search_base = <%= scope.lookupvar('sssd::ldap_user_search_base') %> +<% end -%> <% elsif scope.lookupvar('sssd::provider') == 'ipa' %> krb5_store_password_if_offline = true ipa_domain = <%= scope.lookupvar('sssd::domain') %> From 88a82cf1dec62385c8abea62aa094ec463f8a329 Mon Sep 17 00:00:00 2001 From: Andrea Cristofori Date: Thu, 12 Nov 2015 11:52:48 +0000 Subject: [PATCH 3/4] Test and comment --- manifests/init.pp | 10 ++++++++++ spec/classes/sssd_config_spec.rb | 10 ++++++++++ 2 files changed, 20 insertions(+) diff --git a/manifests/init.pp b/manifests/init.pp index b6c9d91..3b5e066 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -88,6 +88,16 @@ # Default: '' # Valid options: beaver # +# [*$ldap_group_search_base*] +# String. An optional base DN, search scope and LDAP filter to restrict LDAP searches for this attribute type +# Default: '' +# Valid options: [?scope?[filter][?search_base?scope?[filter]]*] +# +# [*$ldap_user_search_base*] +# String. An optional base DN, search scope and LDAP filter to restrict LDAP searches for this attribute type +# Default: '' +# Valid options: [?scope?[filter][?search_base?scope?[filter]]*] +# # === Examples # # * Installation: diff --git a/spec/classes/sssd_config_spec.rb b/spec/classes/sssd_config_spec.rb index 86f3ce6..2dd3096 100644 --- a/spec/classes/sssd_config_spec.rb +++ b/spec/classes/sssd_config_spec.rb @@ -84,6 +84,16 @@ let(:params) { { :ldap_tls_cacert => '/tmp/cert' } } it { should contain_file('/etc/sssd/sssd.conf').with_content(/ldap_tls_cacert = \/tmp\/cert/)} end + + context 'setting ldap_group_search_base' do + let(:params) { { :ldap_group_search_base => 'dc=Group,dc=org' } } + it { should contain_file('/etc/sssd/sssd.conf').with_content(/ldap_search_base = dc=Group,dc=org/)} + end + + context 'setting ldap_user_search_base' do + let(:params) { { :ldap_user_search_base => 'dc=User,dc=org' } } + it { should contain_file('/etc/sssd/sssd.conf').with_content(/ldap_search_base = dc=User,dc=org/)} + end end context 'ipa' do From 1a19c5c4705351abbdee7804eae9cd416d61cf61 Mon Sep 17 00:00:00 2001 From: Andrea Cristofori Date: Thu, 12 Nov 2015 12:02:10 +0000 Subject: [PATCH 4/4] Test corrected --- spec/classes/sssd_config_spec.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/classes/sssd_config_spec.rb b/spec/classes/sssd_config_spec.rb index 2dd3096..661a954 100644 --- a/spec/classes/sssd_config_spec.rb +++ b/spec/classes/sssd_config_spec.rb @@ -87,12 +87,12 @@ context 'setting ldap_group_search_base' do let(:params) { { :ldap_group_search_base => 'dc=Group,dc=org' } } - it { should contain_file('/etc/sssd/sssd.conf').with_content(/ldap_search_base = dc=Group,dc=org/)} + it { should contain_file('/etc/sssd/sssd.conf').with_content(/ldap_group_search_base = dc=Group,dc=org/)} end context 'setting ldap_user_search_base' do let(:params) { { :ldap_user_search_base => 'dc=User,dc=org' } } - it { should contain_file('/etc/sssd/sssd.conf').with_content(/ldap_search_base = dc=User,dc=org/)} + it { should contain_file('/etc/sssd/sssd.conf').with_content(/ldap_user_search_base = dc=User,dc=org/)} end end