diff --git a/manifests/init.pp b/manifests/init.pp index 6684095..c31c95d 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -615,7 +615,7 @@ default: { $vas_conf_libvas_use_server_referrals_real = pick($vas_conf_libvas_use_server_referrals, true) } # smaller (-1) } } else { - $vas_conf_libvas_use_server_referrals_default = false + $vas_conf_libvas_use_server_referrals_real = false } case $package_version { @@ -664,6 +664,7 @@ $require_yp_package = Package['vasyp'] $require_yp_service = Service['vasypd'] } else { + $nisdomainname_real = $facts['networking']['domain'] $require_yp_package = undef $require_yp_service = undef } @@ -799,7 +800,90 @@ owner => $vas_config_owner, group => $vas_config_group, mode => $vas_config_mode, - content => template('vas/vas.conf.erb'), + content => epp('vas/vas.conf.epp', + { + domain_realms => $domain_realms_real, + # libdefaults + realm => $realm, + libdefaults_tgs_default_enctypes => $vas_conf_libdefaults_tgs_default_enctypes, + libdefaults_tkt_default_enctypes => $vas_conf_libdefaults_tkt_default_enctypes, + libdefaults_default_etypes => $vas_conf_libdefaults_default_etypes, + libdefaults_forwardable => $vas_conf_libdefaults_forwardable, + libdefaults_default_cc_name => $vas_conf_libdefaults_default_cc_name, + # libvas + libvas_vascache_ipc_timeout => $vas_conf_libvas_vascache_ipc_timeout, + libvas_use_server_referrals => $vas_conf_libvas_use_server_referrals_real, + sitenameoverride => $sitenameoverride, + libvas_mscldap_timeout => $vas_conf_libvas_mscldap_timeout, + libvas_use_dns_srv => $vas_conf_libvas_use_dns_srv, + libvas_use_tcp_only => $vas_conf_libvas_use_tcp_only, + libvas_auth_helper_timeout => $vas_conf_libvas_auth_helper_timeout, + libvas_site_only_servers => $vas_conf_libvas_site_only_servers, + use_srv_infocache => $use_srv_infocache, + # pam_vas + prompt_vas_ad_pw => $vas_conf_prompt_vas_ad_pw, + pam_vas_prompt_ad_lockout_msg => $vas_conf_pam_vas_prompt_ad_lockout_msg, + manage_nis => $manage_nis, + # nis + nismaps_ou => $nismaps_ou, + vasypd_update_interval => $vas_conf_vasypd_update_interval, + nisdomainname => $nisdomainname_real, + update_process => $vas_conf_update_process, + full_update_interval => $vas_conf_full_update_interval, + client_addrs => $vas_conf_client_addrs, + # vasd + vasd_update_interval => $vas_conf_vasd_update_interval, + upm_search_path => $upm_search_path_real, + vasd_workstation_mode => $vas_conf_vasd_workstation_mode, + vasd_workstation_mode_users_preload => $vas_conf_vasd_workstation_mode_users_preload, + vasd_workstation_mode_group_do_member => $vas_conf_vasd_workstation_mode_group_do_member, + vasd_workstation_mode_groups_skip_update => $vas_conf_vasd_workstation_mode_groups_skip_update, + vasd_ws_resolve_uid => $vas_conf_vasd_ws_resolve_uid, + user_search_path => $user_search_path, + group_search_path => $group_search_path, + vas_user_override_path => $vas_user_override_path, + vas_group_override_path => $vas_group_override_path, + vasd_auto_ticket_renew_interval => $vas_conf_vasd_auto_ticket_renew_interval, + vasd_lazy_cache_update_interval => $vas_conf_vasd_lazy_cache_update_interval, + vasd_cross_domain_user_groups_member_search => $vas_conf_vasd_cross_domain_user_groups_member_search, + vasd_timesync_interval => $vas_conf_vasd_timesync_interval, + preload_nested_memberships => $vas_conf_preload_nested_memberships, + upm_computerou_attr => $vas_conf_upm_computerou_attr, + vasd_password_change_script => $vas_conf_vasd_password_change_script, + vasd_password_change_script_timelimit => $vas_conf_vasd_password_change_script_timelimit, + vasd_deluser_check_timelimit => $vas_conf_vasd_deluser_check_timelimit, + vasd_delusercheck_interval => $vas_conf_vasd_delusercheck_interval, + vasd_delusercheck_script => $vas_conf_vasd_delusercheck_script, + vasd_netgroup_mode => $vas_conf_vasd_netgroup_mode, + vasd_username_attr_name => $vas_conf_vasd_username_attr_name, + vasd_groupname_attr_name => $vas_conf_vasd_groupname_attr_name, + vasd_uid_number_attr_name => $vas_conf_vasd_uid_number_attr_name, + vasd_gid_number_attr_name => $vas_conf_vasd_gid_number_attr_name, + vasd_gecos_attr_name => $vas_conf_vasd_gecos_attr_name, + vasd_home_dir_attr_name => $vas_conf_vasd_home_dir_attr_name, + vasd_login_shell_attr_name => $vas_conf_vasd_login_shell_attr_name, + vasd_group_member_attr_name => $vas_conf_vasd_group_member_attr_name, + vasd_memberof_attr_name => $vas_conf_vasd_memberof_attr_name, + vasd_unix_password_attr_name => $vas_conf_vasd_unix_password_attr_name, + # nss_vas + group_update_mode => $vas_conf_group_update_mode, + root_update_mode => $vas_conf_root_update_mode, + disabled_user_pwhash => $vas_conf_disabled_user_pwhash, + expired_account_pwhash => $vas_conf_expired_account_pwhash, + locked_out_pwhash => $vas_conf_locked_out_pwhash, + lowercase_names => $vas_conf_lowercase_names, + lowercase_homedirs => $vas_conf_lowercase_homedirs, + # vas_auth + vas_users_allow_path => $vas_users_allow_path, + vas_users_deny_path => $vas_users_deny_path, + vas_auth_uid_check_limit => $vas_conf_vas_auth_uid_check_limit, + vas_auth_allow_disconnected_auth => $vas_conf_vas_auth_allow_disconnected_auth, + vas_auth_expand_ac_groups => $vas_conf_vas_auth_expand_ac_groups, + # realms + kdcs => $kdcs_real, + kpasswd_servers => $kpasswd_servers_real, + } + ), require => [Package['vasclnt'], Package['vasgp'], $require_yp_package], } @@ -810,7 +894,11 @@ owner => $vas_users_allow_owner, group => $vas_users_allow_group, mode => $vas_users_allow_mode, - content => template('vas/users.allow.erb'), + content => epp('vas/arraylist.epp', + { + entries => $users_allow_entries_real, + } + ), require => [Package['vasclnt'], Package['vasgp'], $require_yp_package], } } @@ -821,7 +909,11 @@ owner => $vas_users_deny_owner, group => $vas_users_deny_group, mode => $vas_users_deny_mode, - content => template('vas/users.deny.erb'), + content => epp('vas/arraylist.epp', + { + entries => $users_deny_entries, + } + ), require => [Package['vasclnt'], Package['vasgp'], $require_yp_package], } @@ -831,7 +923,11 @@ owner => $vas_user_override_owner, group => $vas_user_override_group, mode => $vas_user_override_mode, - content => template('vas/user-override.erb'), + content => epp('vas/arraylist.epp', + { + entries => $user_override_entries, + } + ), require => [Package['vasclnt'], Package['vasgp'], $require_yp_package], before => [Service['vasd'], $require_yp_service], } @@ -842,7 +938,11 @@ owner => $vas_group_override_owner, group => $vas_group_override_group, mode => $vas_group_override_mode, - content => template('vas/group-override.erb'), + content => epp('vas/arraylist.epp', + { + entries => $group_override_entries, + } + ), require => [Package['vasclnt'], Package['vasgp'], $require_yp_package], before => [Service['vasd'], $require_yp_service], } diff --git a/templates/arraylist.epp b/templates/arraylist.epp new file mode 100644 index 0000000..f51a960 --- /dev/null +++ b/templates/arraylist.epp @@ -0,0 +1,7 @@ +<%- | Array[String] $entries, +| -%> +# This file is being maintained by Puppet. +# DO NOT EDIT +<% $entries.each |$entry| { -%> +<%= $entry %> +<% } -%> diff --git a/templates/group-override.erb b/templates/group-override.erb deleted file mode 100644 index 329eb27..0000000 --- a/templates/group-override.erb +++ /dev/null @@ -1,5 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -<% @group_override_entries.each do |overrideentry| -%> -<%= overrideentry %> -<% end -%> diff --git a/templates/user-override.erb b/templates/user-override.erb deleted file mode 100644 index c50e394..0000000 --- a/templates/user-override.erb +++ /dev/null @@ -1,5 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -<% @user_override_entries.each do |overrideentry| -%> -<%= overrideentry %> -<% end -%> diff --git a/templates/users.allow.erb b/templates/users.allow.erb deleted file mode 100644 index 41e293f..0000000 --- a/templates/users.allow.erb +++ /dev/null @@ -1,5 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -<% @users_allow_entries_real.each do |allowentry| -%> -<%= allowentry %> -<% end -%> diff --git a/templates/users.deny.erb b/templates/users.deny.erb deleted file mode 100644 index 6acc276..0000000 --- a/templates/users.deny.erb +++ /dev/null @@ -1,5 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -<% @users_deny_entries.each do |denyentry| -%> -<%= denyentry %> -<% end -%> diff --git a/templates/vas.conf.epp b/templates/vas.conf.epp new file mode 100644 index 0000000..7fd0ccb --- /dev/null +++ b/templates/vas.conf.epp @@ -0,0 +1,277 @@ +<%- | Hash $domain_realms, + # libdefaults + Stdlib::Host $realm, + String[1] $libdefaults_tgs_default_enctypes, + String[1] $libdefaults_tkt_default_enctypes, + String[1] $libdefaults_default_etypes, + Boolean $libdefaults_forwardable, + Optional[String[1]] $libdefaults_default_cc_name, + # libvas + Integer[0] $libvas_vascache_ipc_timeout, + Variant[Boolean, Enum['']] $libvas_use_server_referrals, + Optional[String[1]] $sitenameoverride, + Integer[0] $libvas_mscldap_timeout, + Boolean $libvas_use_dns_srv, + Boolean $libvas_use_tcp_only, + Integer[0] $libvas_auth_helper_timeout, + Boolean $libvas_site_only_servers, + Optional[Boolean] $use_srv_infocache, + # pam_vas + String[1] $prompt_vas_ad_pw, + Optional[String[1]] $pam_vas_prompt_ad_lockout_msg, + Boolean $manage_nis, + # nis + String[1] $nismaps_ou, + Integer[0] $vasypd_update_interval, + String[1] $nisdomainname, + Stdlib::Absolutepath $update_process, + Optional[Integer] $full_update_interval, + Optional[String[1,1024]] $client_addrs, + # vasd + Integer[0] $vasd_update_interval, + Optional[String] $upm_search_path, + Boolean $vasd_workstation_mode, + Optional[String[1]] $vasd_workstation_mode_users_preload, + Boolean $vasd_workstation_mode_group_do_member, + Boolean $vasd_workstation_mode_groups_skip_update, + Boolean $vasd_ws_resolve_uid, + Optional[String[1]] $user_search_path, + Optional[String[1]] $group_search_path, + Stdlib::Absolutepath $vas_user_override_path, + Stdlib::Absolutepath $vas_group_override_path, + Integer[0] $vasd_auto_ticket_renew_interval, + Integer[0] $vasd_lazy_cache_update_interval, + Optional[Boolean] $vasd_cross_domain_user_groups_member_search, + Optional[Integer] $vasd_timesync_interval, + Optional[Boolean] $preload_nested_memberships, + Optional[String[1]] $upm_computerou_attr, + Optional[Stdlib::Absolutepath] $vasd_password_change_script, + Optional[Integer] $vasd_password_change_script_timelimit, + Optional[Integer] $vasd_deluser_check_timelimit, + Optional[Integer] $vasd_delusercheck_interval, + Optional[Stdlib::Absolutepath] $vasd_delusercheck_script, + Optional[Enum['NSS', 'NIS', 'OFF']] $vasd_netgroup_mode, + Optional[String[1]] $vasd_username_attr_name, + Optional[String[1]] $vasd_groupname_attr_name, + Optional[String[1]] $vasd_uid_number_attr_name, + Optional[String[1]] $vasd_gid_number_attr_name, + Optional[String[1]] $vasd_gecos_attr_name, + Optional[String[1]] $vasd_home_dir_attr_name, + Optional[String[1]] $vasd_login_shell_attr_name, + Optional[String[1]] $vasd_group_member_attr_name, + Optional[String[1]] $vasd_memberof_attr_name, + Optional[String[1]] $vasd_unix_password_attr_name, + # nss_vas + String[1] $group_update_mode, + String[1] $root_update_mode, + Optional[String[1]] $disabled_user_pwhash, + Optional[String[1]] $expired_account_pwhash, + Optional[String[1]] $locked_out_pwhash, + Optional[Boolean] $lowercase_names, + Optional[Boolean] $lowercase_homedirs, + # vas_auth + Stdlib::Absolutepath $vas_users_allow_path, + Stdlib::Absolutepath $vas_users_deny_path, + Optional[Integer] $vas_auth_uid_check_limit, + Optional[Boolean] $vas_auth_allow_disconnected_auth, + Optional[Boolean] $vas_auth_expand_ac_groups, + # realms + String $kdcs, + String $kpasswd_servers, +| -%> +# This file is being maintained by Puppet. +# DO NOT EDIT +[domain_realm] +<% $domain_realms.keys.sort.each |$key| { -%> + <%= $key %> = <%= $domain_realms[$key].upcase %> +<% } -%> + +[libdefaults] + default_realm = <%= $realm.upcase %> + default_tgs_enctypes = <%= $libdefaults_tgs_default_enctypes %> + default_tkt_enctypes = <%= $libdefaults_tkt_default_enctypes %> + default_etypes = <%= $libdefaults_default_etypes %> + forwardable = <%= $libdefaults_forwardable %> + renew_lifetime = 604800 + + ticket_lifetime = 36000 + default_keytab_name = /etc/opt/quest/vas/host.keytab +<% if $libdefaults_default_cc_name { -%> + default_cc_name = <%= $libdefaults_default_cc_name %> +<% } -%> + +[libvas] + vascache-ipc-timeout = <%= $libvas_vascache_ipc_timeout %> + use-server-referrals = <%= $libvas_use_server_referrals %> +<% if $sitenameoverride { -%> + site-name-override = <%= $sitenameoverride %> +<% } -%> + mscldap-timeout = <%= $libvas_mscldap_timeout %> + use-dns-srv = <%= $libvas_use_dns_srv %> + use-tcp-only = <%= $libvas_use_tcp_only %> + auth-helper-timeout = <%= $libvas_auth_helper_timeout %> + site-only-servers = <%= $libvas_site_only_servers %> +<%# Compared to undef because we want it printed if set in either boolean state -%> +<% if $use_srv_infocache != undef { -%> + use-srvinfo-cache = <%= $use_srv_infocache %> +<% } -%> + +[pam_vas] + prompt-vas-ad-pw = <%= $prompt_vas_ad_pw %> +<% if $pam_vas_prompt_ad_lockout_msg { -%> + prompt-ad-lockout-msg = "<%= $pam_vas_prompt_ad_lockout_msg %>" +<% } -%> + +<% if $manage_nis { -%> +[vasypd] + search-base = <%= $nismaps_ou %> + split-groups = true + update-interval = <%= $vasypd_update_interval %> + domainname-override = <%= $nisdomainname %> +<% if $update_process { -%> + update-process = <%= $update_process %> +<% } -%> +<% if $full_update_interval { -%> + full-update-interval = <%= $full_update_interval %> +<% } -%> +<% if $client_addrs { -%> + client-addrs = <%= $client_addrs %> +<% } -%> + +<% } -%> +[vasd] + update-interval = <%= $vasd_update_interval %> +<%# Comparing to empty string required due to pick_default() -%> +<% if $upm_search_path != '' { -%> + upm-search-path = <%= $upm_search_path %> +<% } -%> + workstation-mode = <%= $vasd_workstation_mode %> +<% if $vasd_workstation_mode { -%> +<% if $vasd_workstation_mode_users_preload { -%> + workstation-mode-users-preload = <%= $vasd_workstation_mode_users_preload %> +<% } -%> + workstation-mode-group-do-member = <%= $vasd_workstation_mode_group_do_member %> + workstation-mode-groups-skip-update = <%= $vasd_workstation_mode_groups_skip_update %> + ws-resolve-uid = <%= $vasd_ws_resolve_uid %> +<% } -%> +<% if $user_search_path { -%> + user-search-path = <%= $user_search_path %> +<% } -%> +<% if $group_search_path { -%> + group-search-path = <%= $group_search_path %> +<% } -%> + user-override-file = <%= $vas_user_override_path %> + group-override-file = <%= $vas_group_override_path %> + auto-ticket-renew-interval = <%= $vasd_auto_ticket_renew_interval %> + lazy-cache-update-interval = <%= $vasd_lazy_cache_update_interval %> +<%# Compared to undef because we want it printed if set in either boolean state -%> +<% if $vasd_cross_domain_user_groups_member_search != undef { -%> + cross-domain-user-groups-member-search = <%= $vasd_cross_domain_user_groups_member_search %> +<% } -%> +<% if $vasd_timesync_interval { -%> + timesync-interval = <%= $vasd_timesync_interval %> +<% } -%> +<%# Compared to undef because we want it printed if set in either boolean state -%> +<% if $preload_nested_memberships != undef { -%> + preload-nested-memberships = <%= $preload_nested_memberships %> +<% } -%> +<% if $upm_computerou_attr { -%> + upm-computerou-attr = <%= $upm_computerou_attr %> +<% } -%> +<% if $vasd_password_change_script { -%> + password-change-script = <%= $vasd_password_change_script %> +<% } -%> +<% if $vasd_password_change_script_timelimit { -%> + password-change-script-timelimit = <%= $vasd_password_change_script_timelimit %> +<% } -%> +<% if $vasd_deluser_check_timelimit { -%> + deluser-check-timelimit = <%= $vasd_deluser_check_timelimit %> +<% } -%> +<% if $vasd_delusercheck_interval { -%> + delusercheck-interval = <%= $vasd_delusercheck_interval %> +<% } -%> +<% if $vasd_delusercheck_script { -%> + delusercheck-script = <%= $vasd_delusercheck_script %> +<% } -%> +<% if $vasd_netgroup_mode { -%> + netgroup-mode = <%= $vasd_netgroup_mode %> +<% } -%> +<% if $vasd_username_attr_name { -%> + username-attr-name = <%= $vasd_username_attr_name %> +<% } -%> +<% if $vasd_groupname_attr_name { -%> + groupname-attr-name = <%= $vasd_groupname_attr_name %> +<% } -%> +<% if $vasd_uid_number_attr_name { -%> + uid-number-attr-name = <%= $vasd_uid_number_attr_name %> +<% } -%> +<% if $vasd_gid_number_attr_name { -%> + gid-number-attr-name = <%= $vasd_gid_number_attr_name %> +<% } -%> +<% if $vasd_gecos_attr_name { -%> + gecos-attr-name = <%= $vasd_gecos_attr_name %> +<% } -%> +<% if $vasd_home_dir_attr_name { -%> + home-dir-attr-name = <%= $vasd_home_dir_attr_name %> +<% } -%> +<% if $vasd_login_shell_attr_name { -%> + login-shell-attr-name = <%= $vasd_login_shell_attr_name %> +<% } -%> +<% if $vasd_group_member_attr_name { -%> + group-member-attr-name = <%= $vasd_group_member_attr_name %> +<% } -%> +<% if $vasd_memberof_attr_name { -%> + memberof-attr-name = <%= $vasd_memberof_attr_name %> +<% } -%> +<% if $vasd_unix_password_attr_name { -%> + unix-password-attr-name = <%= $vasd_unix_password_attr_name %> +<% } -%> + +[nss_vas] +<% if $group_update_mode { -%> + group-update-mode = <%= $group_update_mode %> +<% } -%> +<% if $root_update_mode { -%> + root-update-mode = <%= $root_update_mode %> +<% } -%> +<% if $disabled_user_pwhash { -%> + disabled-user-pwhash = <%= $disabled_user_pwhash %> +<% } -%> +<% if $expired_account_pwhash { -%> + expired-account-pwhash = <%= $expired_account_pwhash %> +<% } -%> +<% if $locked_out_pwhash { -%> + locked-out-pwhash = <%= $locked_out_pwhash %> +<% } -%> +<%# Compared to undef because we want it printed if set in either boolean state -%> +<% if $lowercase_names != undef { -%> + lowercase-names = <%= $lowercase_names %> +<% } -%> +<%# Compared to undef because we want it printed if set in either boolean state -%> +<% if $lowercase_homedirs != undef { -%> + lowercase-homedirs = <%= $lowercase_homedirs %> +<% } -%> + +[vas_auth] + users-allow-file = <%= $vas_users_allow_path %> + users-deny-file = <%= $vas_users_deny_path %> +<% if $vas_auth_uid_check_limit { -%> + uid-check-limit = <%= $vas_auth_uid_check_limit %> +<% } -%> +<%# Compared to undef because we want it printed if set in either boolean state -%> +<% if $vas_auth_allow_disconnected_auth != undef { -%> + allow-disconnected-auth = <%= $vas_auth_allow_disconnected_auth %> +<% } -%> +<%# Compared to undef because we want it printed if set in either boolean state -%> +<% if $vas_auth_expand_ac_groups != undef { -%> + expand-ac-groups = <%= $vas_auth_expand_ac_groups %> +<% } -%> +<%# Comparing to empty string required due to join() -%> +<% if $kdcs != '' { -%> + +[realms] + <%= $realm.upcase %> = { + kdc = <%= $kdcs %> + kpasswd_server = <%= $kpasswd_servers %> + } +<% } -%> diff --git a/templates/vas.conf.erb b/templates/vas.conf.erb deleted file mode 100644 index a5ab72c..0000000 --- a/templates/vas.conf.erb +++ /dev/null @@ -1,187 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT -[domain_realm] -<% @domain_realms_real.sort.each do | fqdn, realm | -%> - <%= fqdn %> = <%= realm.upcase %> -<% end -%> - -[libdefaults] - default_realm = <%= @realm.upcase %> - default_tgs_enctypes = <%= @vas_conf_libdefaults_tgs_default_enctypes %> - default_tkt_enctypes = <%= @vas_conf_libdefaults_tkt_default_enctypes %> - default_etypes = <%= @vas_conf_libdefaults_default_etypes %> - forwardable = <%= @vas_conf_libdefaults_forwardable %> - renew_lifetime = 604800 - - ticket_lifetime = 36000 - default_keytab_name = /etc/opt/quest/vas/host.keytab -<% if @vas_conf_libdefaults_default_cc_name != nil -%> - default_cc_name = <%= @vas_conf_libdefaults_default_cc_name %> -<% end -%> - -[libvas] - vascache-ipc-timeout = <%= @vas_conf_libvas_vascache_ipc_timeout %> - use-server-referrals = <%= @vas_conf_libvas_use_server_referrals_real %> -<% if @sitenameoverride != nil -%> - site-name-override = <%= @sitenameoverride %> -<% end -%> - mscldap-timeout = <%= @vas_conf_libvas_mscldap_timeout %> - use-dns-srv = <%= @vas_conf_libvas_use_dns_srv %> - use-tcp-only = <%= @vas_conf_libvas_use_tcp_only %> - auth-helper-timeout = <%= @vas_conf_libvas_auth_helper_timeout %> - site-only-servers = <%= @vas_conf_libvas_site_only_servers %> -<% if @use_srv_infocache != nil -%> - use-srvinfo-cache = <%= @use_srv_infocache %> -<% end -%> - -[pam_vas] - prompt-vas-ad-pw = <%= @vas_conf_prompt_vas_ad_pw %> -<% if @vas_conf_pam_vas_prompt_ad_lockout_msg != nil -%> - prompt-ad-lockout-msg = "<%= @vas_conf_pam_vas_prompt_ad_lockout_msg %>" -<% end -%> - -<% if @manage_nis -%> -[vasypd] - search-base = <%= @nismaps_ou %> - split-groups = true - update-interval = <%= @vas_conf_vasypd_update_interval %> - domainname-override = <%= @nisdomainname_real %> -<% if !@vas_conf_update_process.empty? -%> - update-process = <%= @vas_conf_update_process %> -<% end -%> -<% if @vas_conf_full_update_interval != nil -%> - full-update-interval = <%= @vas_conf_full_update_interval %> -<% end -%> -<% if @vas_conf_client_addrs != nil -%> - client-addrs = <%= @vas_conf_client_addrs %> -<% end -%> - -<% end -%> -[vasd] - update-interval = <%= @vas_conf_vasd_update_interval %> -<% if @upm_search_path_real != '' -%> - upm-search-path = <%= @upm_search_path_real %> -<% end -%> - workstation-mode = <%= @vas_conf_vasd_workstation_mode %> -<% if @vas_conf_vasd_workstation_mode -%> -<% if @vas_conf_vasd_workstation_mode_users_preload != nil -%> - workstation-mode-users-preload = <%= @vas_conf_vasd_workstation_mode_users_preload %> -<% end -%> - workstation-mode-group-do-member = <%= @vas_conf_vasd_workstation_mode_group_do_member %> - workstation-mode-groups-skip-update = <%= @vas_conf_vasd_workstation_mode_groups_skip_update %> - ws-resolve-uid = <%= @vas_conf_vasd_ws_resolve_uid %> -<% end -%> -<% if @user_search_path -%> - user-search-path = <%= @user_search_path %> -<% end -%> -<% if @group_search_path -%> - group-search-path = <%= @group_search_path %> -<% end -%> - user-override-file = <%= @vas_user_override_path %> - group-override-file = <%= @vas_group_override_path %> - auto-ticket-renew-interval = <%= @vas_conf_vasd_auto_ticket_renew_interval %> - lazy-cache-update-interval = <%= @vas_conf_vasd_lazy_cache_update_interval %> -<% if @vas_conf_vasd_cross_domain_user_groups_member_search != nil -%> - cross-domain-user-groups-member-search = <%= @vas_conf_vasd_cross_domain_user_groups_member_search %> -<% end -%> -<% if @vas_conf_vasd_timesync_interval != nil -%> - timesync-interval = <%= @vas_conf_vasd_timesync_interval %> -<% end -%> -<% if @vas_conf_preload_nested_memberships != nil -%> - preload-nested-memberships = <%= @vas_conf_preload_nested_memberships %> -<% end -%> -<% if @vas_conf_upm_computerou_attr != nil -%> - upm-computerou-attr = <%= @vas_conf_upm_computerou_attr %> -<% end -%> -<% if @vas_conf_vasd_password_change_script != nil -%> - password-change-script = <%= @vas_conf_vasd_password_change_script %> -<% end -%> -<% if @vas_conf_vasd_password_change_script_timelimit != nil -%> - password-change-script-timelimit = <%= @vas_conf_vasd_password_change_script_timelimit %> -<% end -%> -<% if @vas_conf_vasd_deluser_check_timelimit != nil -%> - deluser-check-timelimit = <%= @vas_conf_vasd_deluser_check_timelimit %> -<% end -%> -<% if @vas_conf_vasd_delusercheck_interval != nil -%> - delusercheck-interval = <%= @vas_conf_vasd_delusercheck_interval %> -<% end -%> -<% if @vas_conf_vasd_delusercheck_script != nil -%> - delusercheck-script = <%= @vas_conf_vasd_delusercheck_script %> -<% end -%> -<% if @vas_conf_vasd_netgroup_mode != nil -%> - netgroup-mode = <%= @vas_conf_vasd_netgroup_mode %> -<% end -%> -<% if @vas_conf_vasd_username_attr_name != nil -%> - username-attr-name = <%= @vas_conf_vasd_username_attr_name %> -<% end -%> -<% if @vas_conf_vasd_groupname_attr_name != nil -%> - groupname-attr-name = <%= @vas_conf_vasd_groupname_attr_name %> -<% end -%> -<% if @vas_conf_vasd_uid_number_attr_name != nil -%> - uid-number-attr-name = <%= @vas_conf_vasd_uid_number_attr_name %> -<% end -%> -<% if @vas_conf_vasd_gid_number_attr_name != nil -%> - gid-number-attr-name = <%= @vas_conf_vasd_gid_number_attr_name %> -<% end -%> -<% if @vas_conf_vasd_gecos_attr_name != nil -%> - gecos-attr-name = <%= @vas_conf_vasd_gecos_attr_name %> -<% end -%> -<% if @vas_conf_vasd_home_dir_attr_name != nil -%> - home-dir-attr-name = <%= @vas_conf_vasd_home_dir_attr_name %> -<% end -%> -<% if @vas_conf_vasd_login_shell_attr_name != nil -%> - login-shell-attr-name = <%= @vas_conf_vasd_login_shell_attr_name %> -<% end -%> -<% if @vas_conf_vasd_group_member_attr_name != nil -%> - group-member-attr-name = <%= @vas_conf_vasd_group_member_attr_name %> -<% end -%> -<% if @vas_conf_vasd_memberof_attr_name != nil -%> - memberof-attr-name = <%= @vas_conf_vasd_memberof_attr_name %> -<% end -%> -<% if @vas_conf_vasd_unix_password_attr_name != nil -%> - unix-password-attr-name = <%= @vas_conf_vasd_unix_password_attr_name %> -<% end -%> - -[nss_vas] -<% if @vas_conf_group_update_mode != nil -%> - group-update-mode = <%= @vas_conf_group_update_mode %> -<% end -%> -<% if @vas_conf_root_update_mode != nil -%> - root-update-mode = <%= @vas_conf_root_update_mode %> -<% end -%> -<% if @vas_conf_disabled_user_pwhash != nil -%> - disabled-user-pwhash = <%= @vas_conf_disabled_user_pwhash %> -<% end -%> -<% if @vas_conf_expired_account_pwhash != nil -%> - expired-account-pwhash = <%= @vas_conf_expired_account_pwhash %> -<% end -%> -<% if @vas_conf_locked_out_pwhash != nil -%> - locked-out-pwhash = <%= @vas_conf_locked_out_pwhash %> -<% end -%> -<% if @vas_conf_lowercase_names != nil -%> - lowercase-names = <%= @vas_conf_lowercase_names %> -<% end -%> -<% if @vas_conf_lowercase_homedirs != nil -%> - lowercase-homedirs = <%= @vas_conf_lowercase_homedirs %> -<% end -%> - -[vas_auth] - users-allow-file = <%= @vas_users_allow_path %> - users-deny-file = <%= @vas_users_deny_path %> -<% if @vas_conf_vas_auth_uid_check_limit != nil -%> - uid-check-limit = <%= @vas_conf_vas_auth_uid_check_limit %> -<% end -%> -<% if @vas_conf_vas_auth_allow_disconnected_auth != nil -%> - allow-disconnected-auth = <%= @vas_conf_vas_auth_allow_disconnected_auth %> -<% end -%> -<% if @vas_conf_vas_auth_expand_ac_groups != nil -%> - expand-ac-groups = <%= @vas_conf_vas_auth_expand_ac_groups %> -<% end -%> -<% if @kdcs_real != '' -%> - -[realms] - <%= @realm.upcase -%> = { - kdc = <%= @kdcs_real %> - kpasswd_server = <%= @kpasswd_servers_real %> - } -<% end -%>