[MediaWiki-commits] [Gerrit] ldap: Allow projects to override user's loginshells - change (operations/puppet)

Yuvipanda (Code Review) Thu, 09 Jul 2015 09:58:07 -0700

Yuvipanda has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/223828


Change subject: ldap: Allow projects to override user's loginshells
......................................................................

ldap: Allow projects to override user's loginshells

Bug: T102395
Change-Id: I9f720637a17e94c356a9bd84ff1ce38350a70d88
---
M modules/ldap/manifests/client.pp
M modules/ldap/templates/nss_ldap.erb
2 files changed, 5 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/28/223828/1

diff --git a/modules/ldap/manifests/client.pp b/modules/ldap/manifests/client.pp
index 8be4bed..5aeb3f5 100644
--- a/modules/ldap/manifests/client.pp
+++ b/modules/ldap/manifests/client.pp
@@ -75,6 +75,8 @@
         source => 'puppet:///modules/ldap/nsswitch.conf',
     }
 
+    # Allow labs projects to give people custom shells
+    $shell_override = hiera('user_login_shell', false)
     file { '/etc/ldap.conf':
         notify  => Service['nscd'],
         content => template('ldap/nss_ldap.erb'),
diff --git a/modules/ldap/templates/nss_ldap.erb 
b/modules/ldap/templates/nss_ldap.erb
index dc76732..d20d0b4 100644
--- a/modules/ldap/templates/nss_ldap.erb
+++ b/modules/ldap/templates/nss_ldap.erb
@@ -12,6 +12,9 @@
 nss_schema      rfc2307bis
 nss_map_attribute   uniquemember member
 nss_map_objectclass groupofuniquenames groupofnames
+<%- if @shell_override %>
+nss_override_attribute_value loginshell <%= @shell_override %>
+<%- end %>
 tls_checkpeer   yes
 tls_cacertfile  /etc/ssl/certs/<%= @ldapconfig["ca"] %>
 tls_cacertdir   /etc/ssl/certs

-- 
To view, visit https://gerrit.wikimedia.org/r/223828
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I9f720637a17e94c356a9bd84ff1ce38350a70d88
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Yuvipanda <yuvipa...@gmail.com>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] ldap: Allow projects to override user's loginshells - change (operations/puppet)

Reply via email to