Yuvipanda has submitted this change and it was merged. Change subject: ldap: Allow projects to override user's loginshells ......................................................................
ldap: Allow projects to override user's loginshells Bug: T102395 Change-Id: I9f720637a17e94c356a9bd84ff1ce38350a70d88 --- M modules/ldap/manifests/client.pp M modules/ldap/templates/nss_ldap.erb 2 files changed, 5 insertions(+), 0 deletions(-) Approvals: Andrew Bogott: Looks good to me, but someone else must approve Yuvipanda: Verified; Looks good to me, approved diff --git a/modules/ldap/manifests/client.pp b/modules/ldap/manifests/client.pp index 8be4bed..5aeb3f5 100644 --- a/modules/ldap/manifests/client.pp +++ b/modules/ldap/manifests/client.pp @@ -75,6 +75,8 @@ source => 'puppet:///modules/ldap/nsswitch.conf', } + # Allow labs projects to give people custom shells + $shell_override = hiera('user_login_shell', false) file { '/etc/ldap.conf': notify => Service['nscd'], content => template('ldap/nss_ldap.erb'), diff --git a/modules/ldap/templates/nss_ldap.erb b/modules/ldap/templates/nss_ldap.erb index dc76732..d20d0b4 100644 --- a/modules/ldap/templates/nss_ldap.erb +++ b/modules/ldap/templates/nss_ldap.erb @@ -12,6 +12,9 @@ nss_schema rfc2307bis nss_map_attribute uniquemember member nss_map_objectclass groupofuniquenames groupofnames +<%- if @shell_override %> +nss_override_attribute_value loginshell <%= @shell_override %> +<%- end %> tls_checkpeer yes tls_cacertfile /etc/ssl/certs/<%= @ldapconfig["ca"] %> tls_cacertdir /etc/ssl/certs -- To view, visit https://gerrit.wikimedia.org/r/223828 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I9f720637a17e94c356a9bd84ff1ce38350a70d88 Gerrit-PatchSet: 2 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Yuvipanda <yuvipa...@wikimedia.org> Gerrit-Reviewer: Andrew Bogott <abog...@wikimedia.org> Gerrit-Reviewer: Yuvipanda <yuvipa...@wikimedia.org> Gerrit-Reviewer: coren <mpellet...@wikimedia.org> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits