--- /dev/null
+<Configuration xmlns="http://dss.ca/dacs/v1.4">
+
+ <Default>
+ FEDERATION_DOMAIN "debian.org"
+ FEDERATION_NAME "DEBIANORG"
+ EVAL ${Conf::JURISDICTION_AUTHSERVER}="sso.debian.org"
+ LOG_LEVEL "notice"
+ </Default>
+ <Jurisdiction uri="nono">
+ JURISDICTION_NAME "DEBIAN"
+ ADMIN_IDENTITY "DEBIAN:zobel"
+ </Jurisdiction>
+ <Jurisdiction uri="*.debian.org">
+ JURISDICTION_NAME "DEBIAN"
+ ADMIN_IDENTITY "DEBIAN:zobel"
+ <Auth id="guest-apache-htpasswd">
+ URL "https://sso.debian.org/cgi-bin/dacs/local_apache_authenticate"
+ STYLE "pass"
+ CONTROL "sufficient"
+ OPTION "AUTH_FILE=/etc/apache2/dsa-guest-web-passwords"
+ OPTION "AUTH_MODULE=mod_auth"
+ </Auth>
+
+ <Auth id="debian-apache-htpasswd">
+ URL "https://sso.debian.org/cgi-bin/dacs/local_apache_authenticate"
+ STYLE "pass"
+ CONTROL "required"
+ OPTION "AUTH_FILE=/var/lib/misc/thishost/web-passwords"
+ OPTION "AUTH_MODULE=mod_auth"
+ </Auth>
+
+<!--
+ <Auth id="ldap">
+ URL "https://sso.debian.org/cgi-bin/dacs/local_ldap_authenticate"
+ STYLE "password"
+ CONTROL "required"
+ LDAP_BIND_METHOD "direct"
+ LDAP_USERNAME_URL* '"ldap://127.0.0.1/uid=" \
+ . encode(url, ${Args::USERNAME}) . ",ou=users,dc=debian,dc=org"'
+ LDAP_USERNAME_EXPR* '"${LDAP::uid}"'
+ LDAP_ROLES_SELECTOR* '"${LDAP::attrname}" eq "supplementaryGid" \
+ ? strtr(ldap(rdn_attrvalue, \
+ ldap(dn_index, "${LDAP::attrvalue}", 1)), " ", "_") \
+ : 0'
+ </Auth>
+ -->
+ </Jurisdiction>
+</Configuration>
group => www-data
}
file { '/etc/dacs/federations/debian.org/DEBIAN/dacs.conf':
- source => 'puppet:///modules/dacs/common/dacs.conf',
+ source => ['puppet:///modules/dacs/per-host/${::fqdn}/dacs.conf',
+ 'puppet:///modules/dacs/common/dacs.conf', ],
mode => '0640',
owner => root,
group => www-data
projects / dsa-puppet.git / commitdiff