From 04d39dce987d25cb192526efe1beaa26452ec412 Mon Sep 17 00:00:00 2001 From: Robert Wolf Date: Wed, 10 Jan 2024 14:11:08 +0100 Subject: [PATCH 1/4] install sasldb package if auxprop plugin is sasldb --- manifests/application.pp | 3 +++ 1 file changed, 3 insertions(+) diff --git a/manifests/application.pp b/manifests/application.pp index 0262ca1..4c6b64f 100644 --- a/manifests/application.pp +++ b/manifests/application.pp @@ -93,6 +93,9 @@ $auxprop_package = $::sasl::auxprop_packages[$auxprop_plugin] ensure_packages([$auxprop_package]) Package[$auxprop_package] -> File[$service_file] + if $auxprop_plugin == 'sasldb' { + ensure_packages([$sasldb_package]) + } } 'saslauthd': { # Require saslauthd if that's the method From a69f81467018a6fc747d389a169819e805826e05 Mon Sep 17 00:00:00 2001 From: Robert Wolf Date: Wed, 10 Jan 2024 14:25:40 +0100 Subject: [PATCH 2/4] fix package name variable --- manifests/application.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/application.pp b/manifests/application.pp index 4c6b64f..5f1d174 100644 --- a/manifests/application.pp +++ b/manifests/application.pp @@ -94,7 +94,7 @@ ensure_packages([$auxprop_package]) Package[$auxprop_package] -> File[$service_file] if $auxprop_plugin == 'sasldb' { - ensure_packages([$sasldb_package]) + ensure_packages([$::sasl::sasldb_package]) } } 'saslauthd': { From 78e0e5a6d37f6a6a9d2144fde6f3e681ce1097c4 Mon Sep 17 00:00:00 2001 From: Robert Wolf Date: Thu, 11 Jan 2024 12:13:59 +0100 Subject: [PATCH 3/4] saslauthd credential cache configuration --- manifests/authd.pp | 3 +++ manifests/authd/config.pp | 15 +++++++++++++++ manifests/params.pp | 1 + templates/default.erb | 2 +- templates/sysconfig.erb | 2 +- 5 files changed, 21 insertions(+), 2 deletions(-) diff --git a/manifests/authd.pp b/manifests/authd.pp index a7e738a..8fbd221 100644 --- a/manifests/authd.pp +++ b/manifests/authd.pp @@ -80,6 +80,9 @@ String $service_name = $::sasl::params::saslauthd_service, Stdlib::Absolutepath $socket = $::sasl::params::saslauthd_socket, Boolean $hasstatus = $::sasl::params::saslauthd_hasstatus, + Boolean $credcache = $::sasl::params::saslauthd_credcache, + Optional[Integer[0]] $credcache_timeout = undef, + Optional[Integer[0]] $credcache_size = undef, # ldap Optional[Stdlib::Absolutepath] $ldap_conf_file = $::sasl::params::saslauthd_ldap_conf_file, Optional[Enum['bind', 'custom', 'fastbind']] $ldap_auth_method = undef, diff --git a/manifests/authd/config.pp b/manifests/authd/config.pp index 6ec152c..80d0019 100644 --- a/manifests/authd/config.pp +++ b/manifests/authd/config.pp @@ -4,6 +4,9 @@ $socket = $::sasl::authd::socket $mechanism = $::sasl::authd::mechanism $threads = $::sasl::authd::threads + $credcache = $::sasl::authd::credcache + $credcache_timeout = $::sasl::authd::credcache_timeout + $credcache_size = $::sasl::authd::credcache_size $ldap_conf_file = $::sasl::authd::ldap_conf_file $ldap_auth_method = $::sasl::authd::ldap_auth_method $ldap_bind_dn = $::sasl::authd::ldap_bind_dn @@ -54,6 +57,18 @@ default => '', } + if $credcache { + $credcache_opt = '-c' + } + + if $credcache_timeout { + $credcache_timeout_opt = '-t ${credcache_timeout}' + } + + if $credcache_size { + $credcache_size_opt = '-s ${credcache_size}' + } + case $facts['os']['family'] { 'RedHat': { if size($_mech_options) > 0 { diff --git a/manifests/params.pp b/manifests/params.pp index b8c4590..0963a9f 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -5,6 +5,7 @@ $saslauthd_service = 'saslauthd' $saslauthd_ldap_conf_file = '/etc/saslauthd.conf' $saslauthd_threads = 5 + $saslauthd_credcache = true case $facts['os']['family'] { 'RedHat': { diff --git a/templates/default.erb b/templates/default.erb index ebdc2e7..5804e07 100644 --- a/templates/default.erb +++ b/templates/default.erb @@ -6,4 +6,4 @@ NAME="saslauthd" MECHANISMS="<%= @mechanism %>" MECH_OPTIONS="<%= @mech_options %>" THREADS=<%= @threads %> -OPTIONS="-c -m <%= @socket %>" +OPTIONS="<%= @credcache_opt %> <%= @credcache_timeout_opt %> <%= @credcache_size_opt %> -m <%= @socket %>" diff --git a/templates/sysconfig.erb b/templates/sysconfig.erb index 30d70ee..7ddecb2 100644 --- a/templates/sysconfig.erb +++ b/templates/sysconfig.erb @@ -2,4 +2,4 @@ SOCKETDIR="<%= @socket %>" MECH="<%= @mechanism %>" -FLAGS="<%= @flags %>" +FLAGS="<%= @flags %> <%= @credcache_opt %> <%= @credcache_timeout_opt %> <%= @credcache_size_opt %>" From 7b220164e31d37be1b6f358d5637c02ec0f48b3d Mon Sep 17 00:00:00 2001 From: Robert Wolf Date: Thu, 11 Jan 2024 18:10:35 +0100 Subject: [PATCH 4/4] fix string --- manifests/authd/config.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/authd/config.pp b/manifests/authd/config.pp index 80d0019..c2bc170 100644 --- a/manifests/authd/config.pp +++ b/manifests/authd/config.pp @@ -62,11 +62,11 @@ } if $credcache_timeout { - $credcache_timeout_opt = '-t ${credcache_timeout}' + $credcache_timeout_opt = "-t ${credcache_timeout}" } if $credcache_size { - $credcache_size_opt = '-s ${credcache_size}' + $credcache_size_opt = "-s ${credcache_size}" } case $facts['os']['family'] {