diff --git a/ldap/manifests/init.pp b/ldap/manifests/init.pp index b56fe95..8058104 100644 --- a/ldap/manifests/init.pp +++ b/ldap/manifests/init.pp @@ -396,12 +396,12 @@ class ldap::server { $user = "ldap" $group = "ldap" $package_name = $::operatingsystemrelease ? { - /^5/ => [ "openldap-servers", "openldap-servers-overlays" ], - /^6/ => "openldap-servers", + /^5/ => [ "openldap-servers", "openldap-servers-overlays" ], + default => "openldap-servers", } $service_name = $::operatingsystemrelease ? { - /^5/ => "ldap", - /^6/ => "slapd", + /^5/ => "ldap", + default => "slapd", } $config = "/etc/openldap" $modulepath = $architecture ? { @@ -473,7 +473,17 @@ class ldap::server { case $::operatingsystem { "centos","redhat": { - if $::operatinsystemrelease !~ /^5\./ { + if versioncmp($::operatingsystemrelease, "7") > 0 { + file { "/etc/sysconfig/slapd": + ensure => present, + content => template("ldap/slapd.sysconfig.erb"), + mode => "0644", + owner => "root", + group => "root", + notify => Exec["slaptest"], + require => Package["openldap-server"], + } + } elsif versioncmp($::operatingsystemrelease, "6") > 0 { file { "/etc/sysconfig/ldap": ensure => present, content => template("ldap/ldap.sysconfig.erb"), diff --git a/ldap/templates/slapd.sysconfig.erb b/ldap/templates/slapd.sysconfig.erb new file mode 100644 index 0000000..eee23be --- /dev/null +++ b/ldap/templates/slapd.sysconfig.erb @@ -0,0 +1,15 @@ +# OpenLDAP server configuration +# see 'man slapd' for additional information + +# Where the server will run (-h option) +# - ldapi:/// is required for on-the-fly configuration using client tools +# (use SASL with EXTERNAL mechanism for authentication) +# - default: ldapi:/// ldap:/// +# - example: ldapi:/// ldap://127.0.0.1/ ldap://10.0.0.1:1389/ ldaps:/// +SLAPD_URLS="ldapi:/// ldap:/// ldaps:///" + +# Any custom options +SLAPD_OPTIONS="-f /etc/openldap/slapd.conf<% if @ipv6enabled == 'false' %> -4<% end %>" + +# Keytab location for GSSAPI Kerberos authentication +KRB5_KTNAME="FILE:/etc/openldap/ldap.keytab"