|
150 | 150 | Optional[String[1]] $ldap_user_extra_attrs = undef, |
151 | 151 | Optional[String[1]] $ldap_user_ssh_public_key = undef, |
152 | 152 | ) { |
153 | | - sssd::config::entry { "puppet_provider_${name}_ad": |
154 | | - content => epp( |
155 | | - "${module_name}/provider/ad.epp", |
156 | | - { |
157 | | - 'title' => $title, |
158 | | - 'ad_domain' => $ad_domain, |
159 | | - 'ad_enabled_domains' => $ad_enabled_domains, |
160 | | - 'ad_servers' => $ad_servers, |
161 | | - 'ad_backup_servers' => $ad_backup_servers, |
162 | | - 'ad_hostname' => $ad_hostname, |
163 | | - 'ad_enable_dns_sites' => $ad_enable_dns_sites, |
164 | | - 'ad_access_filters' => $ad_access_filters, |
165 | | - 'ad_site' => $ad_site, |
166 | | - 'ad_enable_gc' => $ad_enable_gc, |
167 | | - 'ad_gpo_access_control' => $ad_gpo_access_control, |
168 | | - 'ad_gpo_cache_timeout' => $ad_gpo_cache_timeout, |
169 | | - 'ad_gpo_map_interactive' => $ad_gpo_map_interactive, |
170 | | - 'ad_gpo_map_remote_interactive' => $ad_gpo_map_remote_interactive, |
171 | | - 'ad_gpo_map_network' => $ad_gpo_map_network, |
172 | | - 'ad_gpo_map_batch' => $ad_gpo_map_batch, |
173 | | - 'ad_gpo_map_service' => $ad_gpo_map_service, |
174 | | - 'ad_gpo_map_permit' => $ad_gpo_map_permit, |
175 | | - 'ad_gpo_map_deny' => $ad_gpo_map_deny, |
176 | | - 'ad_gpo_default_right' => $ad_gpo_default_right, |
177 | | - 'ad_gpo_implicit_deny' => $ad_gpo_implicit_deny, |
178 | | - 'ad_gpo_ignore_unreadable' => $ad_gpo_ignore_unreadable, |
179 | | - 'ad_maximum_machine_account_password_age' => $ad_maximum_machine_account_password_age, |
180 | | - 'ad_machine_account_password_renewal_opts' => $ad_machine_account_password_renewal_opts, |
181 | | - 'default_shell' => $default_shell, |
182 | | - 'dyndns_update' => $dyndns_update, |
183 | | - 'dyndns_ttl' => $dyndns_ttl, |
184 | | - 'dyndns_ifaces' => $dyndns_ifaces, |
185 | | - 'dyndns_refresh_interval' => $dyndns_refresh_interval, |
186 | | - 'dyndns_update_ptr' => $dyndns_update_ptr, |
187 | | - 'dyndns_force_tcp' => $dyndns_force_tcp, |
188 | | - 'dyndns_server' => $dyndns_server, |
189 | | - 'override_homedir' => $override_homedir, |
190 | | - 'fallback_homedir' => $fallback_homedir, |
191 | | - 'homedir_substring' => $homedir_substring, |
192 | | - 'krb5_realm' => $krb5_realm, |
193 | | - 'krb5_confd_path' => $krb5_confd_path, |
194 | | - 'krb5_use_enterprise_principal' => $krb5_use_enterprise_principal, |
195 | | - 'krb5_store_password_if_offline' => $krb5_store_password_if_offline, |
196 | | - 'ldap_id_mapping' => $ldap_id_mapping, |
197 | | - 'ldap_schema' => $ldap_schema, |
198 | | - 'ldap_idmap_range_min' => $ldap_idmap_range_min, |
199 | | - 'ldap_idmap_range_max' => $ldap_idmap_range_max, |
200 | | - 'ldap_idmap_range_size' => $ldap_idmap_range_size, |
201 | | - 'ldap_idmap_default_domain_sid' => $ldap_idmap_default_domain_sid, |
202 | | - 'ldap_idmap_default_domain' => $ldap_idmap_default_domain, |
203 | | - 'ldap_idmap_autorid_compat' => $ldap_idmap_autorid_compat, |
204 | | - 'ldap_idmap_helper_table_size' => $ldap_idmap_helper_table_size, |
205 | | - 'ldap_use_tokengroups' => $ldap_use_tokengroups, |
206 | | - 'ldap_group_objectsid' => $ldap_group_objectsid, |
207 | | - 'ldap_user_objectsid' => $ldap_user_objectsid, |
208 | | - 'ldap_user_extra_attrs' => $ldap_user_extra_attrs, |
209 | | - 'ldap_user_ssh_public_key' => $ldap_user_ssh_public_key, |
210 | | - } |
| 153 | + # Create parameter hash for easier access |
| 154 | + $param_values = { |
| 155 | + 'ad_domain' => $ad_domain, |
| 156 | + 'ad_enabled_domains' => $ad_enabled_domains, |
| 157 | + 'ad_servers' => $ad_servers, |
| 158 | + 'ad_backup_servers' => $ad_backup_servers, |
| 159 | + 'ad_hostname' => $ad_hostname, |
| 160 | + 'ad_enable_dns_sites' => $ad_enable_dns_sites, |
| 161 | + 'ad_access_filters' => $ad_access_filters, |
| 162 | + 'ad_site' => $ad_site, |
| 163 | + 'ad_enable_gc' => $ad_enable_gc, |
| 164 | + 'ad_gpo_access_control' => $ad_gpo_access_control, |
| 165 | + 'ad_gpo_cache_timeout' => $ad_gpo_cache_timeout, |
| 166 | + 'ad_gpo_map_interactive' => $ad_gpo_map_interactive, |
| 167 | + 'ad_gpo_map_remote_interactive' => $ad_gpo_map_remote_interactive, |
| 168 | + 'ad_gpo_map_network' => $ad_gpo_map_network, |
| 169 | + 'ad_gpo_map_batch' => $ad_gpo_map_batch, |
| 170 | + 'ad_gpo_map_service' => $ad_gpo_map_service, |
| 171 | + 'ad_gpo_map_permit' => $ad_gpo_map_permit, |
| 172 | + 'ad_gpo_map_deny' => $ad_gpo_map_deny, |
| 173 | + 'ad_gpo_default_right' => $ad_gpo_default_right, |
| 174 | + 'ad_gpo_implicit_deny' => $ad_gpo_implicit_deny, |
| 175 | + 'ad_gpo_ignore_unreadable' => $ad_gpo_ignore_unreadable, |
| 176 | + 'ad_maximum_machine_account_password_age' => $ad_maximum_machine_account_password_age, |
| 177 | + 'ad_machine_account_password_renewal_opts' => $ad_machine_account_password_renewal_opts, |
| 178 | + 'default_shell' => $default_shell, |
| 179 | + 'override_homedir' => $override_homedir, |
| 180 | + 'fallback_homedir' => $fallback_homedir, |
| 181 | + 'homedir_substring' => $homedir_substring, |
| 182 | + 'krb5_realm' => $krb5_realm, |
| 183 | + 'krb5_confd_path' => $krb5_confd_path, |
| 184 | + 'krb5_use_enterprise_principal' => $krb5_use_enterprise_principal, |
| 185 | + 'krb5_store_password_if_offline' => $krb5_store_password_if_offline, |
| 186 | + 'ldap_id_mapping' => $ldap_id_mapping, |
| 187 | + 'ldap_schema' => $ldap_schema, |
| 188 | + 'ldap_idmap_range_min' => $ldap_idmap_range_min, |
| 189 | + 'ldap_idmap_range_max' => $ldap_idmap_range_max, |
| 190 | + 'ldap_idmap_range_size' => $ldap_idmap_range_size, |
| 191 | + 'ldap_idmap_default_domain_sid' => $ldap_idmap_default_domain_sid, |
| 192 | + 'ldap_idmap_default_domain' => $ldap_idmap_default_domain, |
| 193 | + 'ldap_idmap_autorid_compat' => $ldap_idmap_autorid_compat, |
| 194 | + 'ldap_idmap_helper_table_size' => $ldap_idmap_helper_table_size, |
| 195 | + 'ldap_use_tokengroups' => $ldap_use_tokengroups, |
| 196 | + 'ldap_group_objectsid' => $ldap_group_objectsid, |
| 197 | + 'ldap_user_objectsid' => $ldap_user_objectsid, |
| 198 | + 'ldap_user_extra_attrs' => $ldap_user_extra_attrs, |
| 199 | + 'ldap_user_ssh_public_key' => $ldap_user_ssh_public_key, |
| 200 | + } |
| 201 | + |
| 202 | + # Build configuration lines array (order matches expected test output) |
| 203 | + $ad_domain_line = $ad_domain ? { undef => [], default => ["ad_domain = ${ad_domain}"] } |
| 204 | + $ad_enabled_domains_line = $ad_enabled_domains ? { undef => [], default => ["ad_enabled_domains = ${ad_enabled_domains.join(', ')}"] } |
| 205 | + |
| 206 | + $ad_server_lines = $ad_servers ? { |
| 207 | + undef => [], |
| 208 | + default => ["ad_server = ${ad_servers.join(', ')}"] + ($ad_backup_servers ? { undef => [], default => ["ad_backup_server = ${ad_backup_servers.join(', ')}"] }) |
| 209 | + } |
| 210 | + |
| 211 | + $ad_hostname_line = $ad_hostname ? { undef => [], default => ["ad_hostname = ${ad_hostname}"] } |
| 212 | + $ad_enable_dns_sites_line = $ad_enable_dns_sites ? { undef => [], default => ["ad_enable_dns_sites = ${ad_enable_dns_sites}"] } |
| 213 | + $ad_access_filters_line = $ad_access_filters ? { undef => [], default => ["ad_access_filter = ${ad_access_filters.join('?')}"] } |
| 214 | + $ad_site_line = $ad_site ? { undef => [], default => ["ad_site = ${ad_site}"] } |
| 215 | + $ad_enable_gc_line = $ad_enable_gc ? { undef => [], default => ["ad_enable_gc = ${ad_enable_gc}"] } |
| 216 | + |
| 217 | + # GPO parameters |
| 218 | + $ad_gpo_access_control_line = $ad_gpo_access_control ? { undef => [], default => ["ad_gpo_access_control = ${ad_gpo_access_control}"] } |
| 219 | + $ad_gpo_cache_timeout_line = $ad_gpo_cache_timeout ? { undef => [], default => ["ad_gpo_cache_timeout = ${ad_gpo_cache_timeout}"] } |
| 220 | + $ad_gpo_map_interactive_line = $ad_gpo_map_interactive ? { undef => [], default => ["ad_gpo_map_interactive = ${ad_gpo_map_interactive.join(', ')}"] } |
| 221 | + $ad_gpo_map_remote_interactive_line = $ad_gpo_map_remote_interactive ? { undef => [], default => ["ad_gpo_map_remote_interactive = ${ad_gpo_map_remote_interactive.join(', ')}"] } |
| 222 | + $ad_gpo_map_network_line = $ad_gpo_map_network ? { undef => [], default => ["ad_gpo_map_network = ${ad_gpo_map_network.join(', ')}"] } |
| 223 | + $ad_gpo_map_batch_line = $ad_gpo_map_batch ? { undef => [], default => ["ad_gpo_map_batch = ${ad_gpo_map_batch.join(', ')}"] } |
| 224 | + $ad_gpo_map_service_line = $ad_gpo_map_service ? { undef => [], default => ["ad_gpo_map_service = ${ad_gpo_map_service.join(', ')}"] } |
| 225 | + $ad_gpo_map_permit_line = $ad_gpo_map_permit ? { undef => [], default => ["ad_gpo_map_permit = ${ad_gpo_map_permit.join(', ')}"] } |
| 226 | + $ad_gpo_map_deny_line = $ad_gpo_map_deny ? { undef => [], default => ["ad_gpo_map_deny = ${ad_gpo_map_deny.join(', ')}"] } |
| 227 | + $ad_gpo_default_right_line = $ad_gpo_default_right ? { undef => [], default => ["ad_gpo_default_right = ${ad_gpo_default_right}"] } |
| 228 | + $ad_gpo_implicit_deny_line = $ad_gpo_implicit_deny ? { undef => [], default => ["ad_gpo_implicit_deny = ${ad_gpo_implicit_deny}"] } |
| 229 | + $ad_gpo_ignore_unreadable_line = $ad_gpo_ignore_unreadable ? { undef => [], default => ["ad_gpo_ignore_unreadable = ${ad_gpo_ignore_unreadable}"] } |
| 230 | + |
| 231 | + # Machine account parameters |
| 232 | + $ad_maximum_machine_account_password_age_line = $ad_maximum_machine_account_password_age ? { undef => [], default => ["ad_maximum_machine_account_password_age = ${ad_maximum_machine_account_password_age}"] } |
| 233 | + $ad_machine_account_password_renewal_opts_line = $ad_machine_account_password_renewal_opts ? { undef => [], default => ["ad_machine_account_password_renewal_opts = ${ad_machine_account_password_renewal_opts}"] } |
| 234 | + |
| 235 | + # General parameters |
| 236 | + $default_shell_line = $default_shell ? { undef => [], default => ["default_shell = ${default_shell}"] } |
| 237 | + |
| 238 | + # Dynamic DNS parameters |
| 239 | + $dyndns_update_line = $dyndns_update ? { undef => [], default => ["dyndns_update = ${dyndns_update}"] } |
| 240 | + $dyndns_conditional_lines = $dyndns_update ? { |
| 241 | + true => ( |
| 242 | + ($dyndns_ttl ? { undef => [], default => ["dyndns_ttl = ${dyndns_ttl}"] }) + |
| 243 | + ($dyndns_ifaces ? { undef => [], default => ["dyndns_iface = ${dyndns_ifaces.join(', ')}"] }) + |
| 244 | + ($dyndns_refresh_interval ? { undef => [], default => ["dyndns_refresh_interval = ${dyndns_refresh_interval}"] }) + |
| 245 | + ($dyndns_update_ptr ? { undef => [], default => ["dyndns_update_ptr = ${dyndns_update_ptr}"] }) + |
| 246 | + ($dyndns_force_tcp ? { undef => [], default => ["dyndns_force_tcp = ${dyndns_force_tcp}"] }) + |
| 247 | + ($dyndns_server ? { undef => [], default => ["dyndns_server = ${dyndns_server}"] }) |
211 | 248 | ), |
| 249 | + default => [] |
| 250 | + } |
| 251 | + |
| 252 | + # Home directory parameters |
| 253 | + $override_homedir_line = $override_homedir ? { undef => [], default => ["override_homedir = ${override_homedir}"] } |
| 254 | + $homedir_substring_line = $homedir_substring ? { undef => [], default => ["homedir_substring = ${homedir_substring}"] } |
| 255 | + $fallback_homedir_line = $fallback_homedir ? { undef => [], default => ["fallback_homedir = ${fallback_homedir}"] } |
| 256 | + |
| 257 | + # Kerberos parameters |
| 258 | + $krb5_realm_line = $krb5_realm ? { undef => [], default => ["krb5_realm = ${krb5_realm}"] } |
| 259 | + $krb5_confd_path_line = $krb5_confd_path ? { undef => [], default => ["krb5_confd_path = ${krb5_confd_path}"] } |
| 260 | + $krb5_use_enterprise_principal_line = $krb5_use_enterprise_principal ? { undef => [], default => ["krb5_use_enterprise_principal = ${krb5_use_enterprise_principal}"] } |
| 261 | + $krb5_store_password_if_offline_line = $krb5_store_password_if_offline ? { undef => [], default => ["krb5_store_password_if_offline = ${krb5_store_password_if_offline}"] } |
| 262 | + |
| 263 | + # LDAP ID mapping (always present) |
| 264 | + $ldap_id_mapping_line = ["ldap_id_mapping = ${ldap_id_mapping}"] |
| 265 | + $ldap_idmap_conditional_lines = $ldap_id_mapping ? { |
| 266 | + true => ( |
| 267 | + ($ldap_schema ? { undef => [], default => ["ldap_schema = ${ldap_schema}"] }) + |
| 268 | + ($ldap_idmap_range_min ? { undef => [], default => ["ldap_idmap_range_min = ${ldap_idmap_range_min}"] }) + |
| 269 | + ($ldap_idmap_range_max ? { undef => [], default => ["ldap_idmap_range_max = ${ldap_idmap_range_max}"] }) + |
| 270 | + ($ldap_idmap_range_size ? { undef => [], default => ["ldap_idmap_range_size = ${ldap_idmap_range_size}"] }) + |
| 271 | + ($ldap_idmap_default_domain_sid ? { undef => [], default => ["ldap_idmap_default_domain_sid = ${ldap_idmap_default_domain_sid}"] }) + |
| 272 | + ($ldap_idmap_default_domain ? { undef => [], default => ["ldap_idmap_default_domain = ${ldap_idmap_default_domain}"] }) + |
| 273 | + ($ldap_idmap_autorid_compat ? { undef => [], default => ["ldap_idmap_autorid_compat = ${ldap_idmap_autorid_compat}"] }) + |
| 274 | + ($ldap_idmap_helper_table_size ? { undef => [], default => ["ldap_idmap_helper_table_size = ${ldap_idmap_helper_table_size}"] }) |
| 275 | + ), |
| 276 | + default => [] |
| 277 | + } |
| 278 | + |
| 279 | + # LDAP parameters (always present) |
| 280 | + $ldap_use_tokengroups_line = ["ldap_use_tokengroups = ${ldap_use_tokengroups}"] |
| 281 | + $ldap_group_objectsid_line = $ldap_group_objectsid ? { undef => [], default => ["ldap_group_objectsid = ${ldap_group_objectsid}"] } |
| 282 | + $ldap_user_objectsid_line = $ldap_user_objectsid ? { undef => [], default => ["ldap_user_objectsid = ${ldap_user_objectsid}"] } |
| 283 | + $ldap_user_extra_attrs_line = $ldap_user_extra_attrs ? { undef => [], default => ["ldap_user_extra_attrs = ${ldap_user_extra_attrs}"] } |
| 284 | + $ldap_user_ssh_public_key_line = $ldap_user_ssh_public_key ? { undef => [], default => ["ldap_user_ssh_public_key = ${ldap_user_ssh_public_key}"] } |
| 285 | + |
| 286 | + # Combine all lines in order |
| 287 | + $config_lines = ( |
| 288 | + $ad_domain_line + |
| 289 | + $ad_enabled_domains_line + |
| 290 | + $ad_server_lines + |
| 291 | + $ad_hostname_line + |
| 292 | + $ad_enable_dns_sites_line + |
| 293 | + $ad_access_filters_line + |
| 294 | + $ad_site_line + |
| 295 | + $ad_enable_gc_line + |
| 296 | + $ad_gpo_access_control_line + |
| 297 | + $ad_gpo_cache_timeout_line + |
| 298 | + $ad_gpo_map_interactive_line + |
| 299 | + $ad_gpo_map_remote_interactive_line + |
| 300 | + $ad_gpo_map_network_line + |
| 301 | + $ad_gpo_map_batch_line + |
| 302 | + $ad_gpo_map_service_line + |
| 303 | + $ad_gpo_map_permit_line + |
| 304 | + $ad_gpo_map_deny_line + |
| 305 | + $ad_gpo_default_right_line + |
| 306 | + $ad_gpo_implicit_deny_line + |
| 307 | + $ad_gpo_ignore_unreadable_line + |
| 308 | + $ad_maximum_machine_account_password_age_line + |
| 309 | + $ad_machine_account_password_renewal_opts_line + |
| 310 | + $default_shell_line + |
| 311 | + $dyndns_update_line + |
| 312 | + $dyndns_conditional_lines + |
| 313 | + $override_homedir_line + |
| 314 | + $homedir_substring_line + |
| 315 | + $fallback_homedir_line + |
| 316 | + $krb5_realm_line + |
| 317 | + $krb5_confd_path_line + |
| 318 | + $krb5_use_enterprise_principal_line + |
| 319 | + $krb5_store_password_if_offline_line + |
| 320 | + $ldap_id_mapping_line + |
| 321 | + $ldap_idmap_conditional_lines + |
| 322 | + $ldap_use_tokengroups_line + |
| 323 | + $ldap_group_objectsid_line + |
| 324 | + $ldap_user_objectsid_line + |
| 325 | + $ldap_user_extra_attrs_line + |
| 326 | + $ldap_user_ssh_public_key_line |
| 327 | + ) |
| 328 | + |
| 329 | + # Boolean parameters that should always be output |
| 330 | + $boolean_params = { |
| 331 | + 'dyndns_update' => $dyndns_update, |
| 332 | + 'krb5_store_password_if_offline' => $krb5_store_password_if_offline, |
| 333 | + 'ldap_id_mapping' => $ldap_id_mapping, |
| 334 | + 'ldap_use_tokengroups' => $ldap_use_tokengroups, |
| 335 | + } |
| 336 | + |
| 337 | + # Optional boolean parameters (only output if not undef) |
| 338 | + $optional_boolean_params = { |
| 339 | + 'ad_enable_dns_sites' => $ad_enable_dns_sites, |
| 340 | + 'ad_enable_gc' => $ad_enable_gc, |
| 341 | + 'ad_gpo_implicit_deny' => $ad_gpo_implicit_deny, |
| 342 | + 'ad_gpo_ignore_unreadable' => $ad_gpo_ignore_unreadable, |
| 343 | + 'krb5_use_enterprise_principal' => $krb5_use_enterprise_principal, |
| 344 | + 'ldap_idmap_autorid_compat' => $ldap_idmap_autorid_compat, |
| 345 | + } |
| 346 | + |
| 347 | + # Array parameters with different separators and special handling |
| 348 | + $array_params = { |
| 349 | + 'ad_enabled_domains' => { 'value' => $ad_enabled_domains, 'separator' => ', ' }, |
| 350 | + 'ad_servers' => { 'value' => $ad_servers, 'separator' => ', ', 'param_name' => 'ad_server' }, |
| 351 | + 'ad_backup_servers' => { 'value' => $ad_backup_servers, 'separator' => ', ', 'param_name' => 'ad_backup_server' }, |
| 352 | + 'ad_access_filters' => { 'value' => $ad_access_filters, 'separator' => '?', 'param_name' => 'ad_access_filter' }, |
| 353 | + 'ad_gpo_map_interactive' => { 'value' => $ad_gpo_map_interactive, 'separator' => ', ' }, |
| 354 | + 'ad_gpo_map_remote_interactive' => { 'value' => $ad_gpo_map_remote_interactive, 'separator' => ', ' }, |
| 355 | + 'ad_gpo_map_network' => { 'value' => $ad_gpo_map_network, 'separator' => ', ' }, |
| 356 | + 'ad_gpo_map_batch' => { 'value' => $ad_gpo_map_batch, 'separator' => ', ' }, |
| 357 | + 'ad_gpo_map_service' => { 'value' => $ad_gpo_map_service, 'separator' => ', ' }, |
| 358 | + 'ad_gpo_map_permit' => { 'value' => $ad_gpo_map_permit, 'separator' => ', ' }, |
| 359 | + 'ad_gpo_map_deny' => { 'value' => $ad_gpo_map_deny, 'separator' => ', ' }, |
| 360 | + } |
| 361 | + |
| 362 | + # DynDNS parameters (only included if dyndns_update is true) |
| 363 | + $dyndns_params = { |
| 364 | + 'dyndns_ttl' => $dyndns_ttl, |
| 365 | + 'dyndns_ifaces' => $dyndns_ifaces, # Special case: array with param_name 'dyndns_iface' |
| 366 | + 'dyndns_refresh_interval' => $dyndns_refresh_interval, |
| 367 | + 'dyndns_update_ptr' => $dyndns_update_ptr, |
| 368 | + 'dyndns_force_tcp' => $dyndns_force_tcp, |
| 369 | + 'dyndns_server' => $dyndns_server, |
| 370 | + } |
| 371 | + |
| 372 | + # Join all configuration lines |
| 373 | + $content = $config_lines.join("\n") |
| 374 | + |
| 375 | + sssd::config::entry { "puppet_provider_${name}_ad": |
| 376 | + content => epp("${module_name}/provider/ad.epp", { |
| 377 | + 'title' => $title, |
| 378 | + 'content' => $content, |
| 379 | + }), |
212 | 380 | } |
213 | 381 | } |
0 commit comments