simp
diff --git a/‎manifests/config.pp‎
Lines changed: 27 additions & 7 deletions b/‎manifests/config.pp‎
Lines changed: 27 additions & 7 deletions
diff --git a/‎manifests/provider/ad.pp‎
Lines changed: 57 additions & 1 deletion b/‎manifests/provider/ad.pp‎
Lines changed: 57 additions & 1 deletion
diff --git a/‎manifests/provider/files.pp‎
Lines changed: 7 additions & 1 deletion b/‎manifests/provider/files.pp‎
Lines changed: 7 additions & 1 deletion
diff --git a/‎manifests/provider/ipa.pp‎
Lines changed: 35 additions & 2 deletions b/‎manifests/provider/ipa.pp‎
Lines changed: 35 additions & 2 deletions
diff --git a/‎manifests/provider/krb5.pp‎
Lines changed: 22 additions & 19 deletions b/‎manifests/provider/krb5.pp‎
Lines changed: 22 additions & 19 deletions
@@ -13,8 +13,8 @@
 # @author https://github.com/simp/pupmod-simp-sssd/graphs/contributors
 #
 class sssd::config (
-  Boolean $authoritative = pick(getvar("${module_name}::authoritative"), false)
-){
+  Boolean $authoritative = pick(getvar("${module_name}::authoritative"), false),
+) {
   assert_private()
 
   include $module_name
@@ -52,27 +52,47 @@
 
   file { '/etc/sssd':
     ensure => 'directory',
-    mode   => 'go-rw'
+    mode   => 'go-rw',
   }
 
   file { '/etc/sssd/conf.d':
     ensure  => 'directory',
     purge   => $authoritative,
-    recurse => true
+    recurse => true,
   }
 
   unless $authoritative {
     tidy { '/etc/sssd/conf.d':
       matches => '*_puppet_*.conf',
-      recurse => true
+      recurse => true,
     }
   }
 
   file { '/etc/sssd/sssd.conf':
     owner   => 'root',
     group   => 'root',
     mode    => '0600',
-    content => template("${module_name}/sssd.conf.erb"),
-    notify  => Class["${module_name}::service"]
+    content => epp(
+      "${module_name}/sssd.conf.epp",
+      {
+        '_domains'               => $_domains,
+        '_debug_level'           => $_debug_level,
+        '_debug_timestamps'      => $_debug_timestamps,
+        '_debug_microseconds'    => $_debug_microseconds,
+        '_description'           => $_description,
+        '_enable_files_domain'   => $_enable_files_domain,
+        '_config_file_version'   => $_config_file_version,
+        '_services'              => $_services,
+        '_reconnection_retries'  => $_reconnection_retries,
+        '_re_expression'         => $_re_expression,
+        '_full_name_format'      => $_full_name_format,
+        '_try_inotify'           => $_try_inotify,
+        '_krb5_rcache_dir'       => $_krb5_rcache_dir,
+        '_user'                  => $_user,
+        '_default_domain_suffix' => $_default_domain_suffix,
+        '_override_space'        => $_override_space,
+      },
+    ),
+    notify  => Class["${module_name}::service"],
   }
 }
@@ -151,6 +151,62 @@
   Optional[String[1]]                                        $ldap_user_ssh_public_key                 = undef,
 ) {
   sssd::config::entry { "puppet_provider_${name}_ad":
-    content => template("${module_name}/provider/ad.erb")
+    content => epp(
+      "${module_name}/provider/ad.epp",
+      {
+        'ad_domain'                                => $ad_domain,
+        'ad_enabled_domains'                       => $ad_enabled_domains,
+        'ad_servers'                               => $ad_servers,
+        'ad_backup_servers'                        => $ad_backup_servers,
+        'ad_hostname'                              => $ad_hostname,
+        'ad_enable_dns_sites'                      => $ad_enable_dns_sites,
+        'ad_access_filters'                        => $ad_access_filters,
+        'ad_site'                                  => $ad_site,
+        'ad_enable_gc'                             => $ad_enable_gc,
+        'ad_gpo_access_control'                    => $ad_gpo_access_control,
+        'ad_gpo_cache_timeout'                     => $ad_gpo_cache_timeout,
+        'ad_gpo_map_interactive'                   => $ad_gpo_map_interactive,
+        'ad_gpo_map_remote_interactive'            => $ad_gpo_map_remote_interactive,
+        'ad_gpo_map_network'                       => $ad_gpo_map_network,
+        'ad_gpo_map_batch'                         => $ad_gpo_map_batch,
+        'ad_gpo_map_service'                       => $ad_gpo_map_service,
+        'ad_gpo_map_permit'                        => $ad_gpo_map_permit,
+        'ad_gpo_map_deny'                          => $ad_gpo_map_deny,
+        'ad_gpo_default_right'                     => $ad_gpo_default_right,
+        'ad_gpo_implicit_deny'                     => $ad_gpo_implicit_deny,
+        'ad_gpo_ignore_unreadable'                 => $ad_gpo_ignore_unreadable,
+        'ad_maximum_machine_account_password_age'  => $ad_maximum_machine_account_password_age,
+        'ad_machine_account_password_renewal_opts' => $ad_machine_account_password_renewal_opts,
+        'default_shell'                            => $default_shell,
+        'dyndns_update'                            => $dyndns_update,
+        'dyndns_ttl'                               => $dyndns_ttl,
+        'dyndns_ifaces'                            => $dyndns_ifaces,
+        'dyndns_refresh_interval'                  => $dyndns_refresh_interval,
+        'dyndns_update_ptr'                        => $dyndns_update_ptr,
+        'dyndns_force_tcp'                         => $dyndns_force_tcp,
+        'dyndns_server'                            => $dyndns_server,
+        'override_homedir'                         => $override_homedir,
+        'fallback_homedir'                         => $fallback_homedir,
+        'homedir_substring'                        => $homedir_substring,
+        'krb5_realm'                               => $krb5_realm,
+        'krb5_confd_path'                          => $krb5_confd_path,
+        'krb5_use_enterprise_principal'            => $krb5_use_enterprise_principal,
+        'krb5_store_password_if_offline'           => $krb5_store_password_if_offline,
+        'ldap_id_mapping'                          => $ldap_id_mapping,
+        'ldap_schema'                              => $ldap_schema,
+        'ldap_idmap_range_min'                     => $ldap_idmap_range_min,
+        'ldap_idmap_range_max'                     => $ldap_idmap_range_max,
+        'ldap_idmap_range_size'                    => $ldap_idmap_range_size,
+        'ldap_idmap_default_domain_sid'            => $ldap_idmap_default_domain_sid,
+        'ldap_idmap_default_domain'                => $ldap_idmap_default_domain,
+        'ldap_idmap_autorid_compat'                => $ldap_idmap_autorid_compat,
+        'ldap_idmap_helper_table_size'             => $ldap_idmap_helper_table_size,
+        'ldap_use_tokengroups'                     => $ldap_use_tokengroups,
+        'ldap_group_objectsid'                     => $ldap_group_objectsid,
+        'ldap_user_objectsid'                      => $ldap_user_objectsid,
+        'ldap_user_extra_attrs'                    => $ldap_user_extra_attrs,
+        'ldap_user_ssh_public_key'                 => $ldap_user_ssh_public_key,
+      }
+    ),
   }
 }
@@ -22,6 +22,12 @@
   Optional[Array[Stdlib::Absolutepath]] $group_files  = undef
 ) {
   sssd::config::entry { "puppet_provider_${name}_files":
-    content => template("${module_name}/provider/files.erb")
+    content => epp(
+      "${module_name}/provider/files.epp",
+      {
+        'passwd_files' => $passwd_files,
+        'group_files'  => $group_files,
+      }
+    ),
   }
 }
@@ -73,7 +73,7 @@
   Boolean                        $krb5_store_password_if_offline = true,
   Stdlib::AbsolutePath           $ldap_tls_cacert                = '/etc/ipa/ca.crt',
   Array[String]                  $ldap_tls_cipher_suite          = ['HIGH','-SSLv2'],
-  Boolean                        $use_service_discovery          = true
+  Boolean                        $use_service_discovery          = true,
 ) {
   if $use_service_discovery {
     $_ipa_server = ['_srv_'] + $ipa_server
@@ -83,6 +83,39 @@
   }
 
   sssd::config::entry { "puppet_provider_${name}_ipa":
-    content => template("${module_name}/provider/ipa.erb")
+    content => epp(
+      "${module_name}/provider/ipa.epp",
+      {
+        'ipa_domain'                      => $ipa_domain,
+        'ipa_server'                      => $ipa_server,
+        'ipa_backup_server'               => $ipa_backup_server,
+        'ipa_enable_dns_sites'            => $ipa_enable_dns_sites,
+        'ipa_hostname'                    => $ipa_hostname,
+        'ipa_server_mode'                 => $ipa_server_mode,
+        'dyndns_auth'                     => $dyndns_auth,
+        'dyndns_force_tcp'                => $dyndns_force_tcp,
+        'dyndns_iface'                    => $dyndns_iface,
+        'dyndns_refresh_interval'         => $dyndns_refresh_interval,
+        'dyndns_server'                   => $dyndns_server,
+        'dyndns_ttl'                      => $dyndns_ttl,
+        'dyndns_update'                   => $dyndns_update,
+        'dyndns_update_ptr'               => $dyndns_update_ptr,
+        'ipa_automount_location'          => $ipa_automount_location,
+        'ipa_hbac_refresh'                => $ipa_hbac_refresh,
+        'ipa_hbac_search_base'            => $ipa_hbac_search_base,
+        'ipa_hbac_selinux'                => $ipa_hbac_selinux,
+        'ipa_host_search_base'            => $ipa_host_search_base,
+        'ipa_master_domains_search_base'  => $ipa_master_domains_search_base,
+        'ipa_selinux_search_base'         => $ipa_selinux_search_base,
+        'ipa_subdomains_search_base'      => $ipa_subdomains_search_base,
+        'ipa_views_search_base'           => $ipa_views_search_base,
+        'krb5_confd_path'                 => $krb5_confd_path,
+        'krb5_realm'                      => $krb5_realm,
+        'krb5_store_password_if_offline'  => $krb5_store_password_if_offline,
+        'ldap_tls_cacert'                 => $ldap_tls_cacert,
+        'ldap_tls_cipher_suite'           => $ldap_tls_cipher_suite,
+        'use_service_discovery'           => $use_service_discovery,
+      }
+    ),
   }
 }
@@ -47,24 +47,27 @@
 ) {
 
   sssd::config::entry { "puppet_provider_${name}_krb5":
-    content => epp("${module_name}/provider/krb5", {
-      'domain'                         => $title,
-      'krb5_server'                    => $krb5_server,
-      'krb5_realm'                     => $krb5_realm,
-      'debug_level'                    => $debug_level,
-      'debug_timestamps'               => $debug_timestamps,
-      'debug_microseconds'             => $debug_microseconds,
-      'krb5_kpasswd'                   => $krb5_kpasswd,
-      'krb5_ccachedir'                 => $krb5_ccachedir,
-      'krb5_ccname_template'           => $krb5_ccname_template,
-      'krb5_auth_timeout'              => $krb5_auth_timeout,
-      'krb5_validate'                  => $krb5_validate,
-      'krb5_keytab'                    => $krb5_keytab,
-      'krb5_store_password_if_offline' => $krb5_store_password_if_offline,
-      'krb5_renewable_lifetime'        => $krb5_renewable_lifetime,
-      'krb5_lifetime'                  => $krb5_lifetime,
-      'krb5_renew_interval'            => $krb5_renew_interval,
-      'krb5_use_fast'                  => $krb5_use_fast
-    })
+    content => epp(
+      "${module_name}/provider/krb5",
+      {
+        'domain'                         => $title,
+        'krb5_server'                    => $krb5_server,
+        'krb5_realm'                     => $krb5_realm,
+        'debug_level'                    => $debug_level,
+        'debug_timestamps'               => $debug_timestamps,
+        'debug_microseconds'             => $debug_microseconds,
+        'krb5_kpasswd'                   => $krb5_kpasswd,
+        'krb5_ccachedir'                 => $krb5_ccachedir,
+        'krb5_ccname_template'           => $krb5_ccname_template,
+        'krb5_auth_timeout'              => $krb5_auth_timeout,
+        'krb5_validate'                  => $krb5_validate,
+        'krb5_keytab'                    => $krb5_keytab,
+        'krb5_store_password_if_offline' => $krb5_store_password_if_offline,
+        'krb5_renewable_lifetime'        => $krb5_renewable_lifetime,
+        'krb5_lifetime'                  => $krb5_lifetime,
+        'krb5_renew_interval'            => $krb5_renew_interval,
+        'krb5_use_fast'                  => $krb5_use_fast,
+      },
+    )
   }
 }
Original file line number	Diff line number	Diff line change
`@@ -22,6 +22,12 @@`
`22`	`22`	`Optional[Array[Stdlib::Absolutepath]] $group_files = undef`
`23`	`23`	`) {`
`24`	`24`	`sssd::config::entry { "puppet_provider_${name}_files":`
`25`		`- content => template("${module_name}/provider/files.erb")`
	`25`	`+ content => epp(`
	`26`	`+ "${module_name}/provider/files.epp",`
	`27`	`+ {`
	`28`	`+ 'passwd_files' => $passwd_files,`
	`29`	`+ 'group_files' => $group_files,`
	`30`	`+ }`
	`31`	`+ ),`
`26`	`32`	`}`
`27`	`33`	`}`