add parameter nss_initgroups_ignoreusers (#253)

* add parameter NSS_INITGROUPS_IGNOREUSERS * add parameter NSS_INITGROUPS_IGNOREUSERS * add testing for new parameter nss_initgroups_ignoreusers * set correct indent
voxpupuli · Jan 14, 2020 · 98ea96c · 98ea96c
1 parent 81fcc00
commit 98ea96c
Showing 3 changed files with 30 additions and 0 deletions.
diff --git a/manifests/client.pp b/manifests/client.pp
@@ -23,6 +23,7 @@
   $nss_base_hosts                               = undef,
   $nss_base_passwd                              = undef,
   $nss_base_shadow                              = undef,
+  $nss_initgroups_ignoreusers                   = undef,
 
   # PAM Options
   $pam_filter                                   = undef,

diff --git a/manifests/client/config.pp b/manifests/client/config.pp
@@ -89,6 +89,10 @@
     'absent' => 'rm NSS_BASE_SHADOW',
     default  => "set NSS_BASE_SHADOW ${::openldap::client::nss_base_shadow}",
   }
+  $nss_initgroups_ignoreusers = $::openldap::client::nss_initgroups_ignoreusers ? {
+    undef   => undef,
+    default => "set NSS_INITGROUPS_IGNOREUSERS ${::openldap::client::nss_initgroups_ignoreusers}",
+  }
   $pam_filter = $::openldap::client::pam_filter ? {
     undef    => undef,
     'absent' => 'rm PAM_FILTER',
@@ -188,6 +192,7 @@
     $nss_base_hosts,
     $nss_base_passwd,
     $nss_base_shadow,
+    $nss_initgroups_ignoreusers,
     $pam_filter,
     $pam_login_attribute,
     $pam_member_attribute,

diff --git a/spec/classes/openldap_client_config_spec.rb b/spec/classes/openldap_client_config_spec.rb
@@ -474,6 +474,30 @@
         end
       end
 
+      context 'with nss_initgroups_ignoreusers set' do
+        let :pre_condition do
+          "class {'openldap::client': nss_initgroups_ignoreusers => 'ovahi,backup,games', }"
+        end
+
+        it { is_expected.to compile.with_all_deps }
+        it { is_expected.to contain_class('openldap::client::config') }
+        it { is_expected.to contain_augeas('ldap.conf') }
+        case facts[:osfamily]
+        when 'Debian'
+          it { is_expected.to contain_augeas('ldap.conf').with({
+            :incl    => '/etc/ldap/ldap.conf',
+            :changes => [ 'set NSS_INITGROUPS_IGNOREUSERS ovahi,backup,games' ],
+          })
+          }
+        when 'RedHat'
+          it { is_expected.to contain_augeas('ldap.conf').with({
+            :incl    => '/etc/openldap/ldap.conf',
+            :changes => [ 'set NSS_INITGROUPS_IGNOREUSERS ovahi,backup,games' ],
+          })
+          }
+        end
+      end
+
       context 'with pam_filter set' do
         let :pre_condition do
           "class {'openldap::client': pam_filter => 'type=FILTER', }"