Classes
ssp: Install and configure self-service-password
Install and configure self-service-password
class { 'ssp' :
system_owner => 'ssp',
ldap_binddn => 'uid=bindssp,cn=sysaccounts,cn=etc,dc=example,dc=com',
ldap_bindpw => 'bindpw',
ldap_base => 'cn=users,cn=accounts,dc=example,dc=com',
ldap_whochange_pw => 'manager',
mail_from => 'admin@example.com',
manage_git => true,
ldap_url => ['ldap://ldap_address'],
}The following parameters are available in the ssp class.
Data type: String[1]
system user account that own files
Data type: String[1]
DN used to bind directory
Data type: String[1]
Password of the DN used to bind directory
Data type: String[1]
Base search where users are searched.
Data type: Enum['user','manager']
who change the password ?
- user: the user itself
- manager: the above binddn
Default value: 'user'
Data type: Enum['user','manager']
who change the SSH key ?
- user: the user itself
- manager: the above binddn
Default value: 'user'
Data type: String[1]
Filter on reserched objects in LDAP
Default value: '(&(objectClass=person)($ldap_login_attribute={login}))'
Data type: Boolean
Install git if true, required if git is not installed by an other process.
Default value: false
Data type: Boolean
If true creates the path defined by $system_rootpath
Default value: false
Data type: Stdlib::Absolutepath
Path where SSP is installed
Default value: '/var/ssp'
Data type: String
Unix mode set to path defined by $system_rootpath
Default value: '0750'
Data type: Pattern['^v\d']
Version of installed SSP
Default value: 'v1.3'
Data type: Array[Pattern['^ldap']]
List of LDAP URLs
Default value: ['ldap://localhost']
Data type: Boolean
Use StartTLS instead of LDAP over SSL
Default value: true
Data type: String
LDAP attribute used as login
Default value: 'uid'
Data type: String
LDAP attribute used as full name
Default value: 'cn'
Data type: String
Language of SSP webui.
Default value: 'en'
Data type: Boolean
Display menu on top of SSP webui
Default value: true
Data type: Boolean
Display help messages
Default value: true
Data type: Optional[String[1]]
URN of logo image
Default value: undef
Data type: Optional[String[1]]
URN of background image
Default value: undef
Data type: Optional[String[1]]
Characters considered as invalid in login
Default value: undef
Data type: Optional[String[1]]
Hide some messages to not disclose sensitive information. These messages will be replaced by value of obscure_failure_messages.
Default value: undef
Data type: Enum['change','sendtoken']
Default action displayed by the webui
Default value: 'change'
Data type: Boolean
enable (with true) or disable (with false) standard change form usage.
Default value: true
Data type: Boolean
enable (with true) or disable (with false) tokens usage.
Default value: true
Data type: Boolean
crypt tokens (with true) or no (with false)
Default value: true
Data type: Integer
When token are used, the token lifetime.
Default value: 3600
Data type: Boolean
Mail is got from LDAP.
Default value: true
Data type: Pattern['^.+@.+']
Who the email should come from
Default value: "admin@${facts['networking']['domain']}"
Data type: String
Name displayed with mail_from
Default value: 'Self Service Password'
Data type: String
Signature added in mail
Default value: ''
Data type: Boolean
Notify users anytime their password is changed
Default value: false
Data type: Stdlib::Absolutepath
Sendmail path see https://github.com/PHPMailer/PHPMailer
Default value: '/usr/sbin/sendmail'
Data type: Stdlib::Host
SMTP host to use
Default value: '127.0.0.1'
Data type: Integer
SMTP port to use
Default value: 25
Data type: Boolean
Enable SMTP auth is true
Default value: false
Data type: Optional[String[1]]
SMTP user used with SMTP auth
Default value: undef
Data type: Optional[String[1]]
SMTP password used with SMTP auth
Default value: undef
Data type: Integer
Local password policy applied before directory password policy. Minimal length.
Default value: 0
Data type: Integer
Local password policy applied before directory password policy. Maximum length
Default value: 0
Data type: Integer
Local password policy applied before directory password policy. Minimal lower characters
Default value: 0
Data type: Integer
Local password policy applied before directory password policy. Minimal upper characters
Default value: 0
Data type: Integer
Local password policy applied before directory password policy. Minimal digit characters
Default value: 0
Data type: Integer
Local password policy applied before directory password policy. Minimal special characters
Default value: 0
Data type: Boolean
Local password policy applied before directory password policy. Don't reuse the same password as currently
Default value: false
Data type: Optional[String]
Definition of special characters
Default value: undef
Data type: Optional[String[1]]
Definition of forbidden characters in password
Default value: undef
Data type: Boolean
Check that password is different than login
Default value: true
Data type: Integer
Number of different class of character required
Default value: 0
Data type: Enum['always','never','oneerror']
Show policy constraints message
Default value: 'never'
Data type: Enum['above','below']
Position of password policy constraints message
Default value: 'above'
Data type: Boolean
Disallow use of the only special character as defined in $pwd_special_chars at the beginning and end
Default value: false
Data type: Boolean
If true allow changing of sshPublicKey
Default value: false
Data type: String
What attribute should be changed by the changesshkey action
Default value: 'sshPublicKey'
Data type: Boolean
Notify users anytime their sshPublicKey is changed
Default value: false