Commit 403cd1f5 authored by Emmanuel Jaep's avatar Emmanuel Jaep
Browse files

updated ACL to remove DLAB access and grant NLP specific group

parent 08998048
......@@ -83,14 +83,14 @@
shell: "puppet apply -e \"class { 'quirks': }\""
- name: apply the puppet epfl_sso class
shell: "puppet apply -e \"class { 'epfl_sso': join_domain => true, auth_source => 'AD', directory_source => 'AD', ad_automount_home => true, sshd_gssapi_auth => true, allowed_users_and_groups => 'root (DLAB-StaffU) (dlab_AppGrpU) (IC-IT-StaffU)' }\""
shell: "puppet apply -e \"class { 'epfl_sso': join_domain => true, auth_source => 'AD', directory_source => 'AD', ad_automount_home => true, sshd_gssapi_auth => true, allowed_users_and_groups => 'root (nlplogins_AppGrpU) (IC-IT-StaffU)' }\""
- name: wait for the active directory to synchronize
shell: sleep 30
changed_when: false
- name: apply the puppet epfl_sso class a second time
shell: "puppet apply -e \"class { 'epfl_sso': join_domain => true, auth_source => 'AD', directory_source => 'AD', ad_automount_home => true, sshd_gssapi_auth => true, allowed_users_and_groups => 'root (DLAB-StaffU) (dlab_AppGrpU) (IC-IT-StaffU)' }\""
shell: "puppet apply -e \"class { 'epfl_sso': join_domain => true, auth_source => 'AD', directory_source => 'AD', ad_automount_home => true, sshd_gssapi_auth => true, allowed_users_and_groups => 'root (nlplogins_AppGrpU) (IC-IT-StaffU)' }\""
- name: set the semaphore file to indicate that the sso is already configured
file:
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment