make nagios happy

[dsa-puppet.git] / modules / dacs / files / per-host / nono.debian.org / dacs.conf

diff --git a/modules/dacs/files/per-host/nono.debian.org/dacs.conf b/modules/dacs/files/per-host/nono.debian.org/dacs.conf
new file mode 100644 (file)
index 0000000..5f9c86e
--- /dev/null
+++ b/modules/dacs/files/per-host/nono.debian.org/dacs.conf
@@ -0,0 +1,48 @@
+<Configuration xmlns="http://dss.ca/dacs/v1.4">
+
+ <Default>
+   FEDERATION_DOMAIN "debian.org"
+   FEDERATION_NAME "DEBIANORG"
+   EVAL ${Conf::JURISDICTION_AUTHSERVER}="sso.debian.org"
+   LOG_LEVEL "notice"
+ </Default>
+ <Jurisdiction uri="nono">
+   JURISDICTION_NAME "DEBIAN"
+   ADMIN_IDENTITY "DEBIAN:zobel"
+ </Jurisdiction>
+ <Jurisdiction uri="*.debian.org">
+   JURISDICTION_NAME "DEBIAN"
+   ADMIN_IDENTITY "DEBIAN:zobel"
+   <Auth id="guest-apache-htpasswd">
+     URL "https://sso.debian.org/cgi-bin/dacs/local_apache_authenticate"
+     STYLE "pass"
+     CONTROL "sufficient"
+     OPTION "AUTH_FILE=/etc/apache2/dsa-guest-web-passwords"
+     OPTION "AUTH_MODULE=mod_auth"
+   </Auth>
+
+   <Auth id="debian-apache-htpasswd">
+     URL "https://sso.debian.org/cgi-bin/dacs/local_apache_authenticate"
+     STYLE "pass"
+     CONTROL "required"
+     OPTION "AUTH_FILE=/var/lib/misc/thishost/web-passwords"
+     OPTION "AUTH_MODULE=mod_auth"
+   </Auth>
+
+<!--
+   <Auth id="ldap">
+     URL "https://sso.debian.org/cgi-bin/dacs/local_ldap_authenticate"
+     STYLE "password"
+     CONTROL "required"
+     LDAP_BIND_METHOD "direct"
+     LDAP_USERNAME_URL* '"ldap://127.0.0.1/uid=" \
+        . encode(url, ${Args::USERNAME}) . ",ou=users,dc=debian,dc=org"'
+     LDAP_USERNAME_EXPR* '"${LDAP::uid}"'
+     LDAP_ROLES_SELECTOR* '"${LDAP::attrname}" eq "supplementaryGid" \
+       ? strtr(ldap(rdn_attrvalue, \
+           ldap(dn_index, "${LDAP::attrvalue}", 1)), " ", "_") \
+       : 0'
+   </Auth>
+ -->
+ </Jurisdiction>
+</Configuration>