ghoneycutt / puppet-module-nsswitch Goto Github PK

View Code? Open in Web Editor NEW

1.0 4.0 34.0 67 KB

Puppet module to manage nsswitch

License: Other

Ruby 55.81% Puppet 35.80% HTML 8.39%

nsswitch vas puppet puppet-module ldap

puppet-module-nsswitch's Introduction

puppet-module-nsswitch

Puppet module to manage nsswitch that optionally allows for LDAP and VAS integration.

===

Compatibility

This module has been tested to work on the following systems with Puppet v3 (with and without the future parser), v4, v5 and v6 with the ruby versions associated with those releases. See .travis.yml for an exact matrix.

Debian 6
EL 5
EL 6
EL 7
Solaris 10
Suse

===

Parameters

config_file

Path to configuration file.

Default: /etc/nsswitch.conf

ensure_ldap

Should LDAP be used? Valid values are 'absent' and 'present'

Default: 'absent'

ensure_vas

Should VAS (Quest Authentication Services) be used? Valid values are 'absent' and 'present'.

Default: 'absent'

vas_nss_module

Name of NSS module to use for VAS.

Default: 'vas4'

vas_nss_module_passwd

Source for vas to be included in the passwd database.

Default:'vas4'

vas_nss_module_group

Source for vas to be included in the group database.

Default:'vas4'

vas_nss_module_automount

Source for vas to be included in the automount database.

Default:'nis'

vas_nss_module_netgroup

Source for vas to be included in the netgroup database.

Default:'nis'

vas_nss_module_aliases

Source for vas to be included in the aliases database.

Default:''

vas_nss_module_services

Source for vas to be included in the services database.

Default: ''

protocols

Sources to be included in the protocols database.

Default: 'USE_DEFAULTS'

ethers

Sources to be included in the ethers database.

Default: 'USE_DEFAULTS'

rpc

Sources to be included in the rpc database.

Default: 'USE_DEFAULTS'

nsswitch_ipnodes

String of list of sources for ipnodes database. 'USE_DEFAULTS' allows the module to choose defaults based on the platform.

Default: 'USE_DEFAULTS'

nsswitch_printers

String of list of sources for printers database. 'USE_DEFAULTS' allows the module to choose defaults based on the platform.

Default: 'USE_DEFAULTS'

nsswitch_auth_attr

String of list of sources for auth_attr database. 'USE_DEFAULTS' allows the module to choose defaults based on the platform.

Default: 'USE_DEFAULTS'

nsswitch_prof_attr

String of list of sources for prof_attr database. 'USE_DEFAULTS' allows the module to choose defaults based on the platform.

Default: 'USE_DEFAULTS'

nsswitch_project

String of list of sources for project database. 'USE_DEFAULTS' allows the module to choose defaults based on the platform.

Default: 'USE_DEFAULTS'

sudoers

String of list of sources to use for sudoers. 'USE_DEFAULTS' allows the module to choose defaults based on the platform.

Default: 'USE_DEFAULTS'

puppet-module-nsswitch's People

Contributors

Stargazers

Watchers

puppet-module-nsswitch's Issues

sssd support for sudoers

In recent versions of sudo and sssd, sudo can query sssd for rules.

http://www.freeipa.org/images/7/77/Freeipa30_SSSD_SUDO_Integration.pdf

Can the template be modified to accept a sudo_real?

remove testing of puppet 2.6 from travis and document puppet compatibility

Supporting SSSD and optional databases

I'm curious what level of changes to this module would be accepted in a PR to support 'sssd'. The simplest I'm implementing is to add a parameter called ldap_nss_module which defaults to ldap but can be changed to sssd. However in some of my environments I do not enable SSSD to manage automount, for example, so leaving some lines in nsswitch.conf to only have files would be ideal since SSSD's supported services are individually enabled.

A few more extensive "refactor" ideas:

Add a parameter for each database in nsswitch.conf, for example ensure_ldap_passwd, ensure_sssd_passwd, etc. That list of parameters could get long.
Replace current ensure parameters with ones like passwd, shadow, etc that is either a string or array that is joined to form a string used in the template.

integrate with travis-ci.org

add nis support

have travis check for parser validation and lint

https://github.com/ghoneycutt/puppet-module-utils/blob/master/Rakefile
https://github.com/ghoneycutt/puppet-module-utils/blob/master/.travis.yml

Release 1.0

Release 1.0 version

spec tests

We need them

validate parameters

Need to validate the parameters. See the validation functions in https://github.com/puppetlabs/puppetlabs-stdlib/tree/3.2.0

RHEL7: sudoers and value "sss"

Hello,

Pull request #37 introduced a bug with its default settings causing an error message every time a user runs the sudo command. This only occurs if the package sssd is not installed. The missing library seems to be present in sssd-common.

Since sssd is not always installed on RHEL7 systems I would propose to remove 'sss' for the default sudoers nsswitch configuration or make a test which only applies if the package sssd is present on the system.

sudo: Unable to dlopen /usr/lib64/libsss_sudo.so: (null)
sudo: Unable to initialize SSS source. Is SSSD installed on your machine?