Defined Type: sssd::domain
- Defined in:
- manifests/domain.pp
Overview
Define an SSSD domain.
299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 |
# File 'manifests/domain.pp', line 299
define sssd::domain (
SSSD::Provider::ID $id_provider,
String $domain = $title,
# options for any section
Optional[Integer[0]] $debug = undef,
Optional[Integer[0]] $debug_level = undef,
Optional[Boolean] $debug_timestamps = undef,
Optional[Boolean] $debug_microseconds = undef,
# generic domain options
Optional[Integer[0]] $timeout = undef,
Optional[Enum['posix', 'application']] $domain_type = undef,
Optional[Integer[0]] $max_id = undef,
Optional[Integer[0]] $min_id = undef,
Optional[Boolean] $enumerate = undef,
Optional[Array[String, 1]] $subdomain_enumerate = undef,
Optional[Integer[0]] $entry_cache_timeout = undef,
Optional[Integer[0]] $entry_cache_user_timeout = undef,
Optional[Integer[0]] $entry_cache_group_timeout = undef,
Optional[Integer[0]] $entry_cache_netgroup_timeout = undef,
Optional[Integer[0]] $entry_cache_service_timeout = undef,
Optional[Integer[0]] $entry_cache_sudo_timeout = undef,
Optional[Integer[0]] $entry_cache_autofs_timeout = undef,
Optional[Integer[0]] $entry_cache_ssh_host_timeout = undef,
Optional[Integer[0]] $refresh_expired_interval = undef,
Optional[Boolean] $cache_credentials = undef,
Optional[Integer[0]] $cache_credentials_minimal_first_factor_length = undef,
Optional[Integer[0]] $account_cache_expiration = undef,
Optional[Integer[0]] $pwd_expiration_warning = undef,
Optional[Boolean] $use_fully_qualified_names = undef,
Optional[Boolean] $ignore_group_members = undef,
Optional[SSSD::Provider::Auth] $auth_provider = undef,
Optional[SSSD::Provider::Access] $access_provider = undef,
Optional[SSSD::Provider::Chpass] $chpass_provider = undef,
Optional[SSSD::Provider::Sudo] $sudo_provider = undef,
Optional[SSSD::Provider::SELinux] $selinux_provider = undef,
Optional[SSSD::Provider::Subdomains] $subdomains_provider = undef,
Optional[SSSD::Provider::AutoFS] $autofs_provider = undef,
Optional[SSSD::Provider::HostID] $hostid_provider = undef,
Optional[String] $re_expression = undef,
Optional[String] $full_name_format = undef,
Optional[Enum['ipv4_first', 'ipv4_only', 'ipv6_first', 'ipv6_only']] $lookup_family_order = undef,
Optional[Integer[0]] $dns_resolver_timeout = undef,
Optional[Bodgitlib::Domain] $dns_discovery_domain = undef,
Optional[Integer[0]] $override_gid = undef,
Optional[Variant[Boolean, Enum['preserving']]] $case_sensitive = undef,
Optional[Array[SSSD::Subdomain::Inherit, 1]] $subdomain_inherit = undef,
Optional[Stdlib::Absolutepath] $subdomain_homedir = undef,
Optional[Array[String, 1]] $realmd_tags = undef,
Optional[Integer[0]] $cached_auth_timeout = undef,
Optional[Boolean] $dyndns_update = undef,
Optional[Integer[0]] $dyndns_ttl = undef,
Optional[Array[String, 1]] $dyndns_iface = undef,
Optional[Integer[0]] $dyndns_refresh_interval = undef,
Optional[Boolean] $dyndns_update_ptr = undef,
Optional[Boolean] $dyndns_force_tcp = undef,
Optional[String] $dyndns_auth = undef,
Optional[Bodgitlib::Host] $dyndns_server = undef,
Optional[Stdlib::Absolutepath] $override_homedir = undef,
Optional[Stdlib::Absolutepath] $homedir_substring = undef,
Optional[Integer[0]] $wildcard_limit = undef,
# simple access provider
Optional[Array[String, 1]] $simple_allow_users = undef,
Optional[Array[String, 1]] $simple_deny_users = undef,
Optional[Array[String, 1]] $simple_allow_groups = undef,
Optional[Array[String, 1]] $simple_deny_groups = undef,
# proxy
Optional[String] $proxy_pam_target = undef,
Optional[String] $proxy_lib_name = undef,
Optional[Boolean] $proxy_fast_alias = undef,
Optional[Integer[0]] $proxy_max_children = undef,
# local
Optional[Stdlib::Absolutepath] $default_shell = undef,
Optional[Stdlib::Absolutepath] $base_directory = undef,
Optional[Boolean] $create_homedir = undef,
Optional[Boolean] $remove_homedir = undef,
Optional[Pattern[/^[0-7]{3}$/]] $homedir_umask = undef,
Optional[Stdlib::Absolutepath] $skel_dir = undef,
Optional[Stdlib::Absolutepath] $mail_dir = undef,
Optional[Stdlib::Absolutepath] $userdel_cmd = undef,
# ldap
Optional[Array[Variant[Bodgitlib::LDAP::URI::Simple, Enum['_srv_']], 1]] $ldap_uri = undef,
Optional[Array[Bodgitlib::LDAP::URI::Simple, 1]] $ldap_backup_uri = undef,
Optional[Array[Variant[Bodgitlib::LDAP::URI::Simple, Enum['_srv_']], 1]] $ldap_chpass_uri = undef,
Optional[Array[Bodgitlib::LDAP::URI::Simple, 1]] $ldap_chpass_backup_uri = undef,
Optional[SSSD::Search::Base] $ldap_search_base = undef,
Optional[Enum['rfc2307', 'rfc2307bis', 'ipa', 'ad']] $ldap_schema = undef,
Optional[Bodgitlib::LDAP::DN] $ldap_default_bind_dn = undef,
Optional[Enum['password', 'obfuscated_password']] $ldap_default_authtok_type = undef,
Optional[String] $ldap_default_authtok = undef,
Optional[String] $ldap_user_object_class = undef,
Optional[String] $ldap_user_name = undef,
Optional[String] $ldap_user_uid_number = undef,
Optional[String] $ldap_user_gid_number = undef,
Optional[String] $ldap_user_gecos = undef,
Optional[String] $ldap_user_home_directory = undef,
Optional[String] $ldap_user_shell = undef,
Optional[String] $ldap_user_uuid = undef,
Optional[String] $ldap_user_objectsid = undef,
Optional[String] $ldap_user_modify_timestamp = undef,
Optional[String] $ldap_user_shadow_last_change = undef,
Optional[String] $ldap_user_shadow_min = undef,
Optional[String] $ldap_user_shadow_max = undef,
Optional[String] $ldap_user_shadow_warning = undef,
Optional[String] $ldap_user_shadow_inactive = undef,
Optional[String] $ldap_user_shadow_expire = undef,
Optional[String] $ldap_user_krb_last_pwd_change = undef,
Optional[String] $ldap_user_krb_password_expiration = undef,
Optional[String] $ldap_user_ad_account_expires = undef,
Optional[String] $ldap_user_ad_user_account_control = undef,
Optional[String] $ldap_ns_account_lock = undef,
Optional[String] $ldap_user_nds_login_disabled = undef,
Optional[String] $ldap_user_nds_login_expiration_time = undef,
Optional[String] $ldap_user_nds_login_allowed_time_map = undef,
Optional[String] $ldap_user_principal = undef,
Optional[Array[String, 1]] $ldap_user_extra_attrs = undef,
Optional[String] $ldap_user_ssh_public_key = undef,
Optional[Boolean] $ldap_force_upper_case_realm = undef,
Optional[Integer[0]] $ldap_enumeration_refresh_timeout = undef,
Optional[Integer[0]] $ldap_purge_cache_timeout = undef,
Optional[String] $ldap_user_fullname = undef,
Optional[String] $ldap_user_member_of = undef,
Optional[String] $ldap_user_authorized_service = undef,
Optional[String] $ldap_user_authorized_host = undef,
Optional[String] $ldap_user_certificate = undef,
Optional[String] $ldap_group_object_class = undef,
Optional[String] $ldap_group_name = undef,
Optional[String] $ldap_group_gid_number = undef,
Optional[String] $ldap_group_member = undef,
Optional[String] $ldap_group_uuid = undef,
Optional[String] $ldap_group_objectsid = undef,
Optional[String] $ldap_group_modify_timestamp = undef,
Optional[String] $ldap_group_type = undef,
Optional[String] $ldap_group_external_member = undef,
Optional[Integer[0]] $ldap_group_nesting_level = undef,
Optional[Boolean] $ldap_groups_use_matching_rule_in_chain = undef,
Optional[Boolean] $ldap_initgroups_use_matching_rule_in_chain = undef,
Optional[Boolean] $ldap_use_tokengroups = undef,
Optional[String] $ldap_netgroup_object_class = undef,
Optional[String] $ldap_netgroup_name = undef,
Optional[String] $ldap_netgroup_member = undef,
Optional[String] $ldap_netgroup_triple = undef,
Optional[String] $ldap_netgroup_modify_timestamp = undef,
Optional[String] $ldap_service_object_class = undef,
Optional[String] $ldap_service_name = undef,
Optional[String] $ldap_service_port = undef,
Optional[String] $ldap_service_proto = undef,
Optional[SSSD::Search::Base] $ldap_service_search_base = undef,
Optional[Integer[0]] $ldap_search_timeout = undef,
Optional[Integer[0]] $ldap_enumeration_search_timeout = undef,
Optional[Integer[0]] $ldap_network_timeout = undef,
Optional[Integer[0]] $ldap_opt_timeout = undef,
Optional[Integer[0]] $ldap_connection_expire_timeout = undef,
Optional[Integer[0]] $ldap_page_size = undef,
Optional[Boolean] $ldap_disable_paging = undef,
Optional[Boolean] $ldap_disable_range_retrieval = undef,
Optional[Integer[0]] $ldap_sasl_minssf = undef,
Optional[Integer[0]] $ldap_sasl_maxssf = undef,
Optional[Integer[0]] $ldap_deref_threshold = undef,
Optional[Enum['never', 'allow', 'try', 'demand', 'hard']] $ldap_tls_reqcert = undef,
Optional[Stdlib::Absolutepath] $ldap_tls_cacert = undef,
Optional[Stdlib::Absolutepath] $ldap_tls_cacertdir = undef,
Optional[Stdlib::Absolutepath] $ldap_tls_cert = undef,
Optional[Stdlib::Absolutepath] $ldap_tls_key = undef,
Optional[String] $ldap_tls_cipher_suite = undef,
Optional[Boolean] $ldap_auth_disable_tls_never_use_in_production = undef,
Optional[Boolean] $ldap_id_use_start_tls = undef,
Optional[Boolean] $ldap_id_mapping = undef,
Optional[Integer[0]] $ldap_idmap_range_min = undef,
Optional[Integer[0]] $ldap_idmap_range_max = undef,
Optional[Integer[0]] $ldap_idmap_range_size = undef,
Optional[String] $ldap_idmap_default_domain_sid = undef,
Optional[String] $ldap_idmap_default_domain = undef,
Optional[Boolean] $ldap_idmap_autorid_compat = undef,
Optional[Integer[0]] $ldap_idmap_helper_table_size = undef,
Optional[Integer[0]] $ldap_max_id = undef,
Optional[Integer[0]] $ldap_min_id = undef,
Optional[String] $ldap_sasl_mech = undef,
Optional[String] $ldap_sasl_authid = undef,
Optional[String] $ldap_sasl_realm = undef,
Optional[Boolean] $ldap_sasl_canonicalize = undef,
Optional[Stdlib::Absolutepath] $ldap_krb5_keytab = undef,
Optional[Boolean] $ldap_krb5_init_creds = undef,
Optional[Integer[0]] $ldap_krb5_ticket_lifetime = undef,
Optional[Enum['none', 'shadow', 'mit_kerberos']] $ldap_pwd_policy = undef,
Optional[Boolean] $ldap_referrals = undef,
Optional[String] $ldap_dns_service_name = undef,
Optional[String] $ldap_chpass_dns_service_name = undef,
Optional[Boolean] $ldap_chpass_update_last_change = undef,
Optional[Bodgitlib::LDAP::Filter] $ldap_access_filter = undef,
Optional[Enum['shadow', 'ad', 'rhds', 'ipa', '389ds', 'nds']] $ldap_account_expire_policy = undef,
Optional[Array[SSSD::LDAP::Access::Order, 1]] $ldap_access_order = undef,
Optional[Bodgitlib::LDAP::DN] $ldap_pwdlockout_dn = undef,
Optional[Enum['never', 'searching', 'finding', 'always']] $ldap_deref = undef,
Optional[Boolean] $ldap_rfc2307_fallback_to_local_users = undef,
Optional[String] $ldap_sudorule_object_class = undef,
Optional[String] $ldap_sudorule_name = undef,
Optional[String] $ldap_sudorule_command = undef,
Optional[String] $ldap_sudorule_host = undef,
Optional[String] $ldap_sudorule_user = undef,
Optional[String] $ldap_sudorule_option = undef,
Optional[String] $ldap_sudorule_runasuser = undef,
Optional[String] $ldap_sudorule_runasgroup = undef,
Optional[String] $ldap_sudorule_notbefore = undef,
Optional[String] $ldap_sudorule_notafter = undef,
Optional[String] $ldap_sudorule_order = undef,
Optional[Integer[0]] $ldap_sudo_full_refresh_interval = undef,
Optional[Integer[0]] $ldap_sudo_smart_refresh_interval = undef,
Optional[Boolean] $ldap_sudo_use_host_filter = undef,
Optional[Array[String, 1]] $ldap_sudo_hostnames = undef,
Optional[Array[IP::Address, 1]] $ldap_sudo_ip = undef,
Optional[Boolean] $ldap_sudo_include_netgroups = undef,
Optional[Boolean] $ldap_sudo_include_regexp = undef,
Optional[String] $ldap_autofs_map_master_name = undef,
Optional[String] $ldap_autofs_map_object_class = undef,
Optional[String] $ldap_autofs_map_name = undef,
Optional[String] $ldap_autofs_entry_object_class = undef,
Optional[String] $ldap_autofs_entry_key = undef,
Optional[String] $ldap_autofs_entry_value = undef,
Optional[SSSD::Search::Base] $ldap_netgroup_search_base = undef,
Optional[SSSD::Search::Base] $ldap_user_search_base = undef,
Optional[SSSD::Search::Base] $ldap_group_search_base = undef,
Optional[SSSD::Search::Base] $ldap_sudo_search_base = undef,
Optional[SSSD::Search::Base] $ldap_autofs_search_base = undef,
# krb5
Optional[Array[Variant[Bodgitlib::Host, Enum['_srv_']], 1]] $krb5_server = undef,
Optional[Array[Bodgitlib::Host, 1]] $krb5_backup_server = undef,
Optional[String] $krb5_realm = undef,
# It's not clear if krb5_kpasswd should also accept the magic '_srv_' value
Optional[Array[Variant[Bodgitlib::Host, Tuple[Bodgitlib::Host, Bodgitlib::Port]], 1]] $krb5_kpasswd = undef,
Optional[Array[Variant[Bodgitlib::Host, Tuple[Bodgitlib::Host, Bodgitlib::Port]], 1]] $krb5_backup_kpasswd = undef,
Optional[Stdlib::Absolutepath] $krb5_ccachedir = undef,
Optional[String] $krb5_ccname_template = undef,
Optional[Integer[0]] $krb5_auth_timeout = undef,
Optional[Boolean] $krb5_validate = undef,
Optional[Stdlib::Absolutepath] $krb5_keytab = undef,
Optional[Boolean] $krb5_store_password_if_offline = undef,
Optional[Variant[Integer[0], Pattern[/(?x) ^ \d+ [smhd]? $/]]] $krb5_renewable_lifetime = undef,
Optional[Variant[Integer[0], Pattern[/(?x) ^ \d+ [smhd]? $/]]] $krb5_lifetime = undef,
Optional[Variant[Integer[0], Pattern[/(?x) ^ \d+ [smhd]? $/]]] $krb5_renew_interval = undef,
Optional[Enum['never', 'try', 'demand']] $krb5_use_fast = undef,
Optional[String] $krb5_fast_principal = undef,
Optional[Boolean] $krb5_canonicalize = undef,
Optional[Boolean] $krb5_use_kdcinfo = undef,
Optional[Boolean] $krb5_use_enterprise_principal = undef,
Optional[Array[String, 1]] $krb5_map_user = undef,
Optional[Stdlib::Absolutepath] $krb5_confd_path = undef,
# ad
Optional[String] $ad_domain = undef,
Optional[Array[Bodgitlib::Domain, 1]] $ad_enabled_domains = undef,
Optional[Array[Variant[Bodgitlib::Host, Enum['_srv_']], 1]] $ad_server = undef,
Optional[Array[Bodgitlib::Host, 1]] $ad_backup_server = undef,
Optional[Bodgitlib::Hostname] $ad_hostname = undef,
Optional[Boolean] $ad_enable_dns_sites = undef,
Optional[SSSD::AD::Access::Filter] $ad_access_filter = undef,
Optional[String] $ad_site = undef,
Optional[Boolean] $ad_enable_gc = undef,
Optional[Enum['disabled', 'enforcing', 'permissive']] $ad_gpo_access_control = undef,
Optional[Integer[0]] $ad_gpo_cache_timeout = undef,
Optional[Array[String, 1]] $ad_gpo_map_interactive = undef,
Optional[Array[String, 1]] $ad_gpo_map_remote_interactive = undef,
Optional[Array[String, 1]] $ad_gpo_map_network = undef,
Optional[Array[String, 1]] $ad_gpo_map_batch = undef,
Optional[Array[String, 1]] $ad_gpo_map_service = undef,
Optional[Array[String, 1]] $ad_gpo_map_permit = undef,
Optional[Array[String, 1]] $ad_gpo_map_deny = undef,
Optional[SSSD::AD::GPO::Default::Right] $ad_gpo_default_right = undef,
Optional[Integer[0]] $ad_maximum_machine_account_password_age = undef,
Optional[Tuple[Integer[0], 2, 2]] $ad_machine_account_password_renewal_opts = undef,
# ipa
Optional[String] $ipa_domain = undef,
Optional[Array[Variant[Bodgitlib::Host, Enum['_srv_']], 1]] $ipa_server = undef,
Optional[Array[Bodgitlib::Host, 1]] $ipa_backup_server = undef,
Optional[Bodgitlib::Hostname] $ipa_hostname = undef,
Optional[Boolean] $ipa_enable_dns_sites = undef,
Optional[Bodgitlib::LDAP::DN] $ipa_hbac_search_base = undef,
Optional[Bodgitlib::LDAP::DN] $ipa_host_search_base = undef,
Optional[Bodgitlib::LDAP::DN] $ipa_selinux_search_base = undef,
Optional[Bodgitlib::LDAP::DN] $ipa_subdomains_search_base = undef,
Optional[Bodgitlib::LDAP::DN] $ipa_master_domain_search_base = undef,
Optional[Bodgitlib::LDAP::DN] $ipa_views_search_base = undef,
Optional[Integer[0]] $ipa_hbac_refresh = undef,
Optional[Integer[0]] $ipa_hbac_selinux = undef,
Optional[Boolean] $ipa_server_mode = undef,
Optional[String] $ipa_automount_location = undef,
Optional[String] $ipa_view_class = undef,
Optional[String] $ipa_view_name = undef,
Optional[String] $ipa_override_object_class = undef,
Optional[String] $ipa_anchor_uuid = undef,
Optional[String] $ipa_user_override_object_class = undef,
Optional[String] $ipa_group_override_object_class = undef,
) {
if ! defined(Class['sssd']) {
fail('You must include the sssd base class before using any sssd defined resources')
}
$config = {
'id_provider' => $id_provider,
# options for any section
'debug' => $debug,
'debug_level' => $debug_level,
'debug_timestamps' => $debug_timestamps,
'debug_microseconds' => $debug_microseconds,
'timeout' => $timeout,
# generic domain options
'domain_type' => $domain_type,
'max_id' => $max_id,
'min_id' => $min_id,
'enumerate' => $enumerate,
'subdomain_enumerate' => $subdomain_enumerate ? {
undef => undef,
default => join($subdomain_enumerate, ', '),
},
'entry_cache_timeout' => $entry_cache_timeout,
'entry_cache_user_timeout' => $entry_cache_user_timeout,
'entry_cache_group_timeout' => $entry_cache_group_timeout,
'entry_cache_netgroup_timeout' => $entry_cache_netgroup_timeout,
'entry_cache_service_timeout' => $entry_cache_service_timeout,
'entry_cache_sudo_timeout' => $entry_cache_sudo_timeout,
'entry_cache_autofs_timeout' => $entry_cache_autofs_timeout,
'entry_cache_ssh_host_timeout' => $entry_cache_ssh_host_timeout,
'refresh_expired_interval' => $refresh_expired_interval,
'cache_credentials' => $cache_credentials,
'cache_credentials_minimal_first_factor_length' => $cache_credentials_minimal_first_factor_length,
'account_cache_expiration' => $account_cache_expiration,
'pwd_expiration_warning' => $pwd_expiration_warning,
'use_fully_qualified_names' => $use_fully_qualified_names,
'ignore_group_members' => $ignore_group_members,
'auth_provider' => $auth_provider,
'access_provider' => $access_provider,
'chpass_provider' => $chpass_provider,
'sudo_provider' => $sudo_provider,
'selinux_provider' => $selinux_provider,
'subdomains_provider' => $subdomains_provider,
'autofs_provider' => $autofs_provider,
'hostid_provider' => $hostid_provider,
're_expression' => $re_expression,
'full_name_format' => $full_name_format,
'lookup_family_order' => $lookup_family_order,
'dns_resolver_timeout' => $dns_resolver_timeout,
'dns_discovery_domain' => $dns_discovery_domain,
'override_gid' => $override_gid,
'case_sensitive' => $case_sensitive,
'subdomain_inherit' => $subdomain_inherit ? {
undef => undef,
default => join($subdomain_inherit, ', '),
},
'subdomain_homedir' => $subdomain_homedir,
'realmd_tags' => $realmd_tags ? {
undef => undef,
default => join($realmd_tags, ' '),
},
'cached_auth_timeout' => $cached_auth_timeout,
'dyndns_update' => $dyndns_update,
'dyndns_ttl' => $dyndns_ttl,
'dyndns_iface' => $dyndns_iface,
'dyndns_refresh_interval' => $dyndns_refresh_interval,
'dyndns_update_ptr' => $dyndns_update_ptr,
'dyndns_force_tcp' => $dyndns_force_tcp,
'dyndns_auth' => $dyndns_auth,
'dyndns_server' => $dyndns_server,
'override_homedir' => $override_homedir,
'homedir_substring' => $homedir_substring,
'wildcard_limit' => $wildcard_limit,
# simple access provider
'simple_allow_users' => $simple_allow_users ? {
undef => undef,
default => join($simple_allow_users, ', '),
},
'simple_deny_users' => $simple_deny_users ? {
undef => undef,
default => join($simple_deny_users, ', '),
},
'simple_allow_groups' => $simple_allow_groups ? {
undef => undef,
default => join($simple_allow_groups, ', '),
},
'simple_deny_groups' => $simple_deny_groups ? {
undef => undef,
default => join($simple_deny_groups, ', '),
},
# proxy
'proxy_pam_target' => $proxy_pam_target,
'proxy_lib_name' => $proxy_lib_name,
'proxy_fast_alias' => $proxy_fast_alias,
'proxy_max_children' => $proxy_max_children,
# local
'default_shell' => $default_shell,
'base_directory' => $base_directory,
'create_homedir' => $create_homedir,
'remove_homedir' => $remove_homedir,
'homedir_umask' => $homedir_umask,
'skel_dir' => $skel_dir,
'mail_dir' => $mail_dir,
'userdel_cmd' => $userdel_cmd,
# ldap
'ldap_uri' => $ldap_uri ? {
undef => undef,
default => join($ldap_uri, ', '),
},
'ldap_backup_uri' => $ldap_backup_uri ? {
undef => undef,
default => join($ldap_backup_uri, ', '),
},
'ldap_chpass_uri' => $ldap_chpass_uri ? {
undef => undef,
default => join($ldap_chpass_uri, ', '),
},
'ldap_chpass_backup_uri' => $ldap_chpass_backup_uri ? {
undef => undef,
default => join($ldap_chpass_backup_uri, ', '),
},
'ldap_search_base' => $ldap_search_base,
'ldap_schema' => $ldap_schema,
'ldap_default_bind_dn' => $ldap_default_bind_dn,
'ldap_default_authtok_type' => $ldap_default_authtok_type,
'ldap_default_authtok' => $ldap_default_authtok,
'ldap_user_object_class' => $ldap_user_object_class,
'ldap_user_name' => $ldap_user_name,
'ldap_user_uid_number' => $ldap_user_uid_number,
'ldap_user_gid_number' => $ldap_user_gid_number,
'ldap_user_gecos' => $ldap_user_gecos,
'ldap_user_home_directory' => $ldap_user_home_directory,
'ldap_user_shell' => $ldap_user_shell,
'ldap_user_uuid' => $ldap_user_uuid,
'ldap_user_objectsid' => $ldap_user_objectsid,
'ldap_user_modify_timestamp' => $ldap_user_modify_timestamp,
'ldap_user_shadow_last_change' => $ldap_user_shadow_last_change,
'ldap_user_shadow_min' => $ldap_user_shadow_min,
'ldap_user_shadow_max' => $ldap_user_shadow_max,
'ldap_user_shadow_warning' => $ldap_user_shadow_warning,
'ldap_user_shadow_inactive' => $ldap_user_shadow_inactive,
'ldap_user_shadow_expire' => $ldap_user_shadow_expire,
'ldap_user_krb_last_pwd_change' => $ldap_user_krb_last_pwd_change,
'ldap_user_krb_password_expiration' => $ldap_user_krb_password_expiration,
'ldap_user_ad_account_expires' => $ldap_user_ad_account_expires,
'ldap_user_ad_user_account_control' => $ldap_user_ad_user_account_control,
'ldap_ns_account_lock' => $ldap_ns_account_lock,
'ldap_user_nds_login_disabled' => $ldap_user_nds_login_disabled,
'ldap_user_nds_login_expiration_time' => $ldap_user_nds_login_expiration_time,
'ldap_user_nds_login_allowed_time_map' => $ldap_user_nds_login_allowed_time_map,
'ldap_user_principal' => $ldap_user_principal,
'ldap_user_extra_attrs' => $ldap_user_extra_attrs ? {
undef => undef,
default => join($ldap_user_extra_attrs, ', '),
},
'ldap_user_ssh_public_key' => $ldap_user_ssh_public_key,
'ldap_force_upper_case_realm' => $ldap_force_upper_case_realm,
'ldap_enumeration_refresh_timeout' => $ldap_enumeration_refresh_timeout,
'ldap_purge_cache_timeout' => $ldap_purge_cache_timeout,
'ldap_user_fullname' => $ldap_user_fullname,
'ldap_user_member_of' => $ldap_user_member_of,
'ldap_user_authorized_service' => $ldap_user_authorized_service,
'ldap_user_authorized_host' => $ldap_user_authorized_host,
'ldap_user_certificate' => $ldap_user_certificate,
'ldap_group_object_class' => $ldap_group_object_class,
'ldap_group_name' => $ldap_group_name,
'ldap_group_gid_number' => $ldap_group_gid_number,
'ldap_group_member' => $ldap_group_member,
'ldap_group_uuid' => $ldap_group_uuid,
'ldap_group_objectsid' => $ldap_group_objectsid,
'ldap_group_modify_timestamp' => $ldap_group_modify_timestamp,
'ldap_group_type' => $ldap_group_type,
'ldap_group_external_member' => $ldap_group_external_member,
'ldap_group_nesting_level' => $ldap_group_nesting_level,
'ldap_groups_use_matching_rule_in_chain' => $ldap_groups_use_matching_rule_in_chain,
'ldap_initgroups_use_matching_rule_in_chain' => $ldap_initgroups_use_matching_rule_in_chain,
'ldap_use_tokengroups' => $ldap_use_tokengroups,
'ldap_netgroup_object_class' => $ldap_netgroup_object_class,
'ldap_netgroup_name' => $ldap_netgroup_name,
'ldap_netgroup_member' => $ldap_netgroup_member,
'ldap_netgroup_triple' => $ldap_netgroup_triple,
'ldap_netgroup_modify_timestamp' => $ldap_netgroup_modify_timestamp,
'ldap_service_object_class' => $ldap_service_object_class,
'ldap_service_name' => $ldap_service_name,
'ldap_service_port' => $ldap_service_port,
'ldap_service_proto' => $ldap_service_proto,
'ldap_service_search_base' => $ldap_service_search_base,
'ldap_search_timeout' => $ldap_search_timeout,
'ldap_enumeration_search_timeout' => $ldap_enumeration_search_timeout,
'ldap_network_timeout' => $ldap_network_timeout,
'ldap_opt_timeout' => $ldap_opt_timeout,
'ldap_connection_expire_timeout' => $ldap_connection_expire_timeout,
'ldap_page_size' => $ldap_page_size,
'ldap_disable_paging' => $ldap_disable_paging,
'ldap_disable_range_retrieval' => $ldap_disable_range_retrieval,
'ldap_sasl_minssf' => $ldap_sasl_minssf,
'ldap_sasl_maxssf' => $ldap_sasl_maxssf,
'ldap_deref_threshold' => $ldap_deref_threshold,
'ldap_tls_reqcert' => $ldap_tls_reqcert,
'ldap_tls_cacert' => $ldap_tls_cacert,
'ldap_tls_cacertdir' => $ldap_tls_cacertdir,
'ldap_tls_cert' => $ldap_tls_cert,
'ldap_tls_key' => $ldap_tls_key,
'ldap_tls_cipher_suite' => $ldap_tls_cipher_suite,
'ldap_auth_disable_tls_never_use_in_production' => $ldap_auth_disable_tls_never_use_in_production,
'ldap_id_use_start_tls' => $ldap_id_use_start_tls,
'ldap_id_mapping' => $ldap_id_mapping,
'ldap_idmap_range_min' => $ldap_idmap_range_min,
'ldap_idmap_range_max' => $ldap_idmap_range_max,
'ldap_idmap_range_size' => $ldap_idmap_range_size,
'ldap_idmap_default_domain_sid' => $ldap_idmap_default_domain_sid,
'ldap_idmap_default_domain' => $ldap_idmap_default_domain,
'ldap_idmap_autorid_compat' => $ldap_idmap_autorid_compat,
'ldap_idmap_helper_table_size' => $ldap_idmap_helper_table_size,
'ldap_max_id' => $ldap_max_id,
'ldap_min_id' => $ldap_min_id,
'ldap_sasl_mech' => $ldap_sasl_mech,
'ldap_sasl_authid' => $ldap_sasl_authid,
'ldap_sasl_realm' => $ldap_sasl_realm,
'ldap_sasl_canonicalize' => $ldap_sasl_canonicalize,
'ldap_krb5_keytab' => $ldap_krb5_keytab,
'ldap_krb5_init_creds' => $ldap_krb5_init_creds,
'ldap_krb5_ticket_lifetime' => $ldap_krb5_ticket_lifetime,
'ldap_pwd_policy' => $ldap_pwd_policy,
'ldap_referrals' => $ldap_referrals,
'ldap_dns_service_name' => $ldap_dns_service_name,
'ldap_chpass_dns_service_name' => $ldap_chpass_dns_service_name,
'ldap_chpass_update_last_change' => $ldap_chpass_update_last_change,
'ldap_access_filter' => $ldap_access_filter,
'ldap_account_expire_policy' => $ldap_account_expire_policy,
'ldap_access_order' => $ldap_access_order ? {
undef => undef,
default => join($ldap_access_order, ', '),
},
'ldap_pwdlockout_dn' => $ldap_pwdlockout_dn,
'ldap_deref' => $ldap_deref,
'ldap_rfc2307_fallback_to_local_users' => $ldap_rfc2307_fallback_to_local_users,
'ldap_sudorule_object_class' => $ldap_sudorule_object_class,
'ldap_sudorule_name' => $ldap_sudorule_name,
'ldap_sudorule_command' => $ldap_sudorule_command,
'ldap_sudorule_host' => $ldap_sudorule_host,
'ldap_sudorule_user' => $ldap_sudorule_user,
'ldap_sudorule_option' => $ldap_sudorule_option,
'ldap_sudorule_runasuser' => $ldap_sudorule_runasuser,
'ldap_sudorule_runasgroup' => $ldap_sudorule_runasgroup,
'ldap_sudorule_notbefore' => $ldap_sudorule_notbefore,
'ldap_sudorule_notafter' => $ldap_sudorule_notafter,
'ldap_sudorule_order' => $ldap_sudorule_order,
'ldap_sudo_full_refresh_interval' => $ldap_sudo_full_refresh_interval,
'ldap_sudo_smart_refresh_interval' => $ldap_sudo_smart_refresh_interval,
'ldap_sudo_use_host_filter' => $ldap_sudo_use_host_filter,
'ldap_sudo_hostnames' => $ldap_sudo_hostnames ? {
undef => undef,
default => join($ldap_sudo_hostnames, ' '),
},
'ldap_sudo_ip' => $ldap_sudo_ip ? {
undef => undef,
default => join($ldap_sudo_ip, ' '),
},
'ldap_sudo_include_netgroups' => $ldap_sudo_include_netgroups,
'ldap_sudo_include_regexp' => $ldap_sudo_include_regexp,
'ldap_autofs_map_master_name' => $ldap_autofs_map_master_name,
'ldap_autofs_map_object_class' => $ldap_autofs_map_object_class,
'ldap_autofs_map_name' => $ldap_autofs_map_name,
'ldap_autofs_entry_object_class' => $ldap_autofs_entry_object_class,
'ldap_autofs_entry_key' => $ldap_autofs_entry_key,
'ldap_autofs_entry_value' => $ldap_autofs_entry_value,
'ldap_netgroup_search_base' => $ldap_netgroup_search_base,
'ldap_user_search_base' => $ldap_user_search_base,
'ldap_group_search_base' => $ldap_group_search_base,
'ldap_sudo_search_base' => $ldap_sudo_search_base,
'ldap_autofs_search_base' => $ldap_autofs_search_base,
# krb5
'krb5_server' => $krb5_server ? {
undef => undef,
default => join($krb5_server, ', '),
},
'krb5_backup_server' => $krb5_backup_server ? {
undef => undef,
default => join($krb5_backup_server, ', '),
},
'krb5_realm' => $krb5_realm,
'krb5_kpasswd' => $krb5_kpasswd ? {
undef => undef,
default => join($krb5_kpasswd, ', '),
},
'krb5_backup_kpasswd' => $krb5_backup_kpasswd ? {
undef => undef,
default => join($krb5_backup_kpasswd, ', '),
},
'krb5_ccachedir' => $krb5_ccachedir,
'krb5_ccname_template' => $krb5_ccname_template,
'krb5_auth_timeout' => $krb5_auth_timeout,
'krb5_validate' => $krb5_validate,
'krb5_keytab' => $krb5_keytab,
'krb5_store_password_if_offline' => $krb5_store_password_if_offline,
'krb5_renewable_lifetime' => $krb5_renewable_lifetime,
'krb5_lifetime' => $krb5_lifetime,
'krb5_renew_interval' => $krb5_renew_interval,
'krb5_use_fast' => $krb5_use_fast,
'krb5_fast_principal' => $krb5_fast_principal,
'krb5_canonicalize' => $krb5_canonicalize,
'krb5_use_kdcinfo' => $krb5_use_kdcinfo,
'krb5_use_enterprise_principal' => $krb5_use_enterprise_principal,
'krb5_map_user' => $krb5_map_user ? {
undef => undef,
default => join($krb5_map_user, ', '),
},
'krb5_confd_path' => $krb5_confd_path,
# ad
'ad_domain' => $ad_domain,
'ad_enabled_domains' => $ad_enabled_domains ? {
undef => undef,
default => join($ad_enabled_domains, ', '),
},
'ad_server' => $ad_server ? {
undef => undef,
default => join($ad_server, ', '),
},
'ad_backup_server' => $ad_backup_server ? {
undef => undef,
default => join($ad_backup_server, ', '),
},
'ad_hostname' => $ad_hostname,
'ad_enable_dns_sites' => $ad_enable_dns_sites,
'ad_access_filter' => $ad_access_filter,
'ad_site' => $ad_site,
'ad_enable_gc' => $ad_enable_gc,
'ad_gpo_access_control' => $ad_gpo_access_control,
'ad_gpo_cache_timeout' => $ad_gpo_cache_timeout,
'ad_gpo_map_interactive' => $ad_gpo_map_interactive ? {
undef => undef,
default => join($ad_gpo_map_interactive, ', '),
},
'ad_gpo_map_remote_interactive' => $ad_gpo_map_remote_interactive ? {
undef => undef,
default => join($ad_gpo_map_remote_interactive, ', '),
},
'ad_gpo_map_network' => $ad_gpo_map_network ? {
undef => undef,
default => join($ad_gpo_map_network, ', '),
},
'ad_gpo_map_batch' => $ad_gpo_map_batch ? {
undef => undef,
default => join($ad_gpo_map_batch, ', '),
},
'ad_gpo_map_service' => $ad_gpo_map_service ? {
undef => undef,
default => join($ad_gpo_map_service, ', '),
},
'ad_gpo_map_permit' => $ad_gpo_map_permit ? {
undef => undef,
default => join($ad_gpo_map_permit, ', '),
},
'ad_gpo_map_deny' => $ad_gpo_map_deny ? {
undef => undef,
default => join($ad_gpo_map_deny, ', '),
},
'ad_gpo_default_right' => $ad_gpo_default_right,
'ad_maximum_machine_account_password_age' => $ad_maximum_machine_account_password_age,
'ad_machine_account_password_renewal_opts' => $ad_machine_account_password_renewal_opts ? {
undef => undef,
default => join($ad_machine_account_password_renewal_opts, ':'),
},
# ipa
'ipa_domain' => $ipa_domain,
'ipa_server' => $ipa_server ? {
undef => undef,
default => join($ipa_server, ', '),
},
'ipa_backup_server' => $ipa_backup_server ? {
undef => undef,
default => join($ipa_backup_server, ', '),
},
'ipa_hostname' => $ipa_hostname,
'ipa_enable_dns_sites' => $ipa_enable_dns_sites,
'ipa_hbac_search_base' => $ipa_hbac_search_base,
'ipa_host_search_base' => $ipa_host_search_base,
'ipa_selinux_search_base' => $ipa_selinux_search_base,
'ipa_subdomains_search_base' => $ipa_subdomains_search_base,
'ipa_master_domain_search_base' => $ipa_master_domain_search_base,
'ipa_views_search_base' => $ipa_views_search_base,
'ipa_hbac_refresh' => $ipa_hbac_refresh,
'ipa_hbac_selinux' => $ipa_hbac_selinux,
'ipa_server_mode' => $ipa_server_mode,
'ipa_automount_location' => $ipa_automount_location,
'ipa_view_class' => $ipa_view_class,
'ipa_view_name' => $ipa_view_name,
'ipa_override_object_class' => $ipa_override_object_class,
'ipa_anchor_uuid' => $ipa_anchor_uuid,
'ipa_user_override_object_class' => $ipa_user_override_object_class,
'ipa_group_override_object_class' => $ipa_group_override_object_class,
}.filter |$x| { $x[1] =~ NotUndef }
$config.each |String $setting, Any $value| {
sssd_conf { "domain/${domain}/${setting}":
target => $sssd::conf_file,
value => $value,
notify => Class['sssd::daemon'],
}
}
datacat_fragment { "${module_name} domain ${domain}":
target => "${module_name} domains",
data => {
'domain' => [$domain],
},
}
}
|