From 1c2fcb7004b83a3b706ee9838b155a021e43819b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20M=E4kinen?= <tmakinen@foo.sh>
Date: Wed, 18 Apr 2012 16:00:33 +0300
Subject: [PATCH] Added kerberos::server::ldap class and removed database
 checks from kerberos::server.

---
 kerberos/manifests/init.pp           | 38 ++++++++++++++++++++++------
 kerberos/templates/kdc-ldap.conf.erb | 27 ++++++++++++++++++++
 2 files changed, 57 insertions(+), 8 deletions(-)
 create mode 100644 kerberos/templates/kdc-ldap.conf.erb

diff --git a/kerberos/manifests/init.pp b/kerberos/manifests/init.pp
index eaff266..ab51419 100644
--- a/kerberos/manifests/init.pp
+++ b/kerberos/manifests/init.pp
@@ -136,20 +136,42 @@ class kerberos::server inherits kerberos::client {
         notify  => Service["krb5kdc"],
     }
 
-    exec { "check-database":
-        command   => "echo 'Run \"kdb5_util create -r ${kerberos_realm} -s\" to initialize database.'",
-        path      => "/bin:/usr/bin:/sbin:/usr/sbin",
-        creates   => "/srv/kerberos/db.${kerberos_realm}.ok",
-        returns   => 1,
-    }
-
     service { "krb5kdc":
         ensure    => running,
         enable    => true,
         subscribe => File["/etc/krb5.conf"],
-        require   => Exec["check-database"],
     }
 
+    service { "kadmin":
+        ensure  => running,
+        enable  => true,
+        require => Service["krb5kdc"],
+    }
+
+}
+
+
+# Install Kerberos server with LDAP backend
+#
+# === Global variables
+#
+#   $kerberos_realm:
+#       Kerberos realm name.
+#
+#   $kerberos_datadir:
+#       Directory where to store Kerberos authentication keys
+#       defaults to /srv/kerberos
+#
+class kerberos::server::ldap inherits kerberos::server {
+
+    package { "krb5-server-ldap":
+        ensure => installed,
+    }
+
+    File["/var/kerberos/krb5kdc/kdc.conf"] {
+        content => template("kerberos/kdc-ldap.conf.erb"),
+    }    
+
 }
 
 
diff --git a/kerberos/templates/kdc-ldap.conf.erb b/kerberos/templates/kdc-ldap.conf.erb
new file mode 100644
index 0000000..4e657d2
--- /dev/null
+++ b/kerberos/templates/kdc-ldap.conf.erb
@@ -0,0 +1,27 @@
+
+[kdcdefaults]
+  kdc_ports = 88
+  kdc_tcp_ports = 88
+
+[realms]
+  <%= kerberos_realm %> = {
+    database_module = ldap.<%= kerberos_realm.downcase %>
+    key_stash_file = /srv/kerberos/.k5.<%= kerberos_realm %>
+    max_life = 24h 0m 0s
+    max_renewable_life = 7d 0h 0m 0s
+    master_key_type = aes256-cts-hmac-sha1-96
+    supported_enctypes = aes256-cts-hmac-sha1-96:normal
+  }
+
+[dbdefaults]
+  ldap_kerberos_container_dn = "ou=system,<%= ldap_basedn %>"
+
+[dbmodules]
+  ldap.<%= kerberos_realm.downcase %> = {
+    db_library = kldap
+    ldap_kerberos_container_dn = ou=system,<%= ldap_basedn %>
+    ldap_kdc_dn = "uid=krb5admin,ou=system,<%= ldap_basedn %>"
+    ldap_kadmind_dn = "uid=krb5admin,ou=system,<%= ldap_basedn %>"
+    ldap_service_password_file = "/srv/kerberos/.ldap.<%= kerberos_realm %>"
+    ldap_servers = "<%= ldap_server.join(" ") %>"
+  }