Rush has submitted this change and it was merged.
Change subject: nslcd specifying shell override
......................................................................
nslcd specifying shell override
Originally looked at in 223828 but
we already specify in nslcd.conf which seems to take
precedence so moving the override to match
Bug: T131541
Change-Id: I2c5967d51dcb73898725b9943d850ab3fcba008d
---
M modules/ldap/manifests/client/nss.pp
M modules/ldap/templates/ldap.conf.erb
M modules/ldap/templates/nslcd.conf.erb
3 files changed, 11 insertions(+), 11 deletions(-)
Approvals:
Yuvipanda: Looks good to me, but someone else must approve
Rush: Looks good to me, approved
jenkins-bot: Verified
diff --git a/modules/ldap/manifests/client/nss.pp
b/modules/ldap/manifests/client/nss.pp
index 970dc43..4ee931e 100644
--- a/modules/ldap/manifests/client/nss.pp
+++ b/modules/ldap/manifests/client/nss.pp
@@ -47,12 +47,10 @@
source => $nsswitch_conf_source,
}
- # Allow labs projects to give people custom shells
- $shell_override = hiera('user_login_shell', false)
file { '/etc/ldap.conf':
- notify => Service['nscd','nslcd'],
- require => File['/etc/nslcd.conf', '/etc/nscd.conf'],
content => template('ldap/ldap.conf.erb'),
+ require => File['/etc/nslcd.conf', '/etc/nscd.conf'],
+ notify => Service['nscd','nslcd'],
}
# So scripts don't have to parse the ldap.conf format
@@ -68,12 +66,13 @@
content => ordered_yaml($client_readable_config),
}
-
+ # Allow labs projects to give people custom shells
+ $shell_override = hiera('user_login_shell', false)
file { '/etc/nslcd.conf':
+ content => template('ldap/nslcd.conf.erb'),
+ mode => '0440',
require => Package['nslcd'],
notify => Service[nslcd],
- mode => '0440',
- content => template('ldap/nslcd.conf.erb'),
}
}
diff --git a/modules/ldap/templates/ldap.conf.erb
b/modules/ldap/templates/ldap.conf.erb
index d20d0b4..dc76732 100644
--- a/modules/ldap/templates/ldap.conf.erb
+++ b/modules/ldap/templates/ldap.conf.erb
@@ -12,9 +12,6 @@
nss_schema rfc2307bis
nss_map_attribute uniquemember member
nss_map_objectclass groupofuniquenames groupofnames
-<%- if @shell_override %>
-nss_override_attribute_value loginshell <%= @shell_override %>
-<%- end %>
tls_checkpeer yes
tls_cacertfile /etc/ssl/certs/<%= @ldapconfig["ca"] %>
tls_cacertdir /etc/ssl/certs
diff --git a/modules/ldap/templates/nslcd.conf.erb
b/modules/ldap/templates/nslcd.conf.erb
index 5e6c088..447e14b 100644
--- a/modules/ldap/templates/nslcd.conf.erb
+++ b/modules/ldap/templates/nslcd.conf.erb
@@ -44,7 +44,11 @@
# Limit user names to this regex. This needs to be kept in sync with
OpenStackManager's regex.
validnames /^[a-z][.a-z0-9_-]*$/i
-<% if @realm == "labs" %>map passwd loginshell "/bin/bash"<% end %>
+<%- if @shell_override %>
+map passwd loginshell "<%= @shell_override %>"
+<%- elsif @realm == "labs" %>
+map passwd loginshell "/bin/bash"
+<%- end %>
pagesize <%= @ldapconfig["pagesize"] %>
nss_min_uid <%= @ldapconfig["nss_min_uid"] %>
--
To view, visit https://gerrit.wikimedia.org/r/282060
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I2c5967d51dcb73898725b9943d850ab3fcba008d
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush <[email protected]>
Gerrit-Reviewer: Rush <[email protected]>
Gerrit-Reviewer: Yuvipanda <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
