tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Refactored ldap::server class.

Browse source
This commit is contained in:
Timo Mkinen 2012-03-13 14:50:00 +02:00
parent 742008eee8
commit 756cbeb4f5
8 changed files with 4051 additions and 58 deletions
Download patch file Download diff file Expand all files Collapse all files

272
ldap/manifests/init.pp
View file

@ -279,25 +279,49 @@ class ldap::client::ruby {
}
# Install OpenLDAP server.
#
# === Global variables
#
# $ldap_datadir:
# Directory for LDAP databases. Defaults to /srv/ldap.
#
# $ldap_modules:
# List of dynamic modules to load, syncprov and ppolicy modules
# are always loaded.
#
# $ldap_server_key:
# Path to SSL private key. Defaults to puppet client key.
#
# $ldap_server_cert:
# Path to SSL certificate. Defaults to puppet client certificate.
#
class ldap::server {
include ssl
if !$ldap_server_key {
$ldap_server_key = "${puppet_ssldir}/private_keys/${homename}.pem"
}
if !$ldap_server_cert {
$ldap_server_cert = "${puppet_ssldir}/certs/${homename}.pem"
}
case $operatingsystem {
"debian","ubuntu": {
$user = "openldap"
$group = "openldap"
$package_name = "slapd"
$service_name = "slapd"
$config = "/etc/ldap"
}
"fedora": {
$user = "ldap"
$group = "ldap"
$package_name = "openldap-servers"
$service_name = "slapd"
$config = "/etc/openldap"
}
"centos": {
$user = "ldap"
@ -310,35 +334,14 @@ class ldap::server {
/^5/ => "ldap",
/^6/ => "slapd",
}
$config = "/etc/openldap"
}
"openbsd": {
$user = "_openldap"
$group = "_openldap"
$package_name = "openldap-server"
$service_name = "slapd"
}
}
if $ldap_datadir {
file { "${ldap_datadir}":
ensure => directory,
mode => 0700,
owner => $user,
group => $group,
require => Package["openldap-server"],
}
file { "/srv/ldap":
ensure => link,
target => "${ldap_datadir}",
require => File["${ldap_datadir}"],
}
} else {
file { "/srv/ldap":
ensure => directory,
mode => 0700,
owner => $user,
group => $group,
require => Package["openldap-server"],
$config = "/etc/openldap"
}
}
@ -347,32 +350,49 @@ class ldap::server {
ensure => installed,
}
service { "slapd":
name => $service_name,
start => $operatingsystem ? {
"openbsd" => "/usr/local/libexec/slapd -u _openldap -h ldap:///\\ ldaps:///",
default => undef,
file { "${ssl::certs}/slapd.crt":
ensure => present,
source => $ldap_server_cert,
mode => 0644,
owner => "root",
group => $operatingsystem ? {
"openbsd" => "wheel",
default => "root",
},
ensure => running,
enable => true,
require => Package ["openldap-server"]
require => Package["openldap-server"],
notify => Service["slapd"],
}
file { "${ssl::private}/slapd.key":
ensure => present,
source => $ldap_server_key,
mode => 0640,
owner => "root",
group => $group,
require => Package["openldap-server"],
notify => Service["slapd"],
}
file { "slapd.conf":
path => $operatingsystem ? {
"ubuntu" => "/etc/ldap/slapd.conf",
"debian" => "/etc/ldap/slapd.conf",
default => "/etc/openldap/slapd.conf",
},
path => "${config}/slapd.conf",
ensure => present,
source => [ "puppet:///files/ldap/slapd.conf.${fqdn}",
"puppet:///files/ldap/slapd.conf", ],
content => template("ldap/slapd.conf.erb"),
mode => 0640,
owner => root,
owner => "root",
group => $group,
notify => Service["slapd"],
require => Package["openldap-server"],
}
file { "${config}/slapd.conf.d":
ensure => directory,
source => "puppet:///modules/custom/empty",
mode => 0750,
owner => "root",
group => $group,
purge => true,
recurse => true,
force => true,
require => Package["openldap-server"],
}
if $operatingsystem == "CentOS" and $operatinsystemrelease !~ /^5\./ {
file { "/etc/sysconfig/ldap":
@ -386,9 +406,153 @@ class ldap::server {
}
}
file { "/srv/ldap/DB_CONFIG":
service { "slapd":
name => $service_name,
start => $operatingsystem ? {
"openbsd" => "/usr/local/libexec/slapd -u _openldap -h ldap:///\\ ldaps:///\\ ldapi:///",
default => undef,
},
ensure => running,
enable => true,
require => Package ["openldap-server"]
}
if $ldap_datadir {
file { "${ldap_datadir}":
ensure => directory,
mode => 0700,
owner => $user,
group => $group,
require => Package["openldap-server"],
}
file { "/srv/ldap":
ensure => link,
target => "${ldap_datadir}",
require => File["${ldap_datadir}"],
}
} else {
file { "/srv/ldap":
ensure => directory,
mode => 0700,
owner => $user,
group => $group,
require => Package["openldap-server"],
}
}
file { "${config}/schema":
ensure => directory,
source => "puppet:///modules/custom/empty",
mode => 0755,
owner => "root",
group => $operatingsystem ? {
"openbsd" => "wheel",
default => "root",
},
purge => true,
recurse => true,
force => true,
require => Package["openldap-server"],
}
file { "${config}/slapd.conf.d/schema.conf":
ensure => present,
source => [ "puppet:///files/ldap/DB_CONFIG.${fqdn}",
mode => 0640,
owner => "root",
group => $group,
require => Exec["generate-slapd-schema-config"],
}
exec { "generate-slapd-schema-config":
command => "find ${config}/schema/*.schema -exec echo 'include {}' \; | sort -n > ${config}/slapd.conf.d/schema.conf",
path => "/bin:/usr/bin:/sbin:/usr/sbin",
refreshonly => true,
notify => Service["slapd"],
}
ldap::server::schema { [ "core", "cosine", "ppolicy", ]:
idx => 10,
}
file { "${config}/slapd.conf.d/database.conf":
ensure => present,
mode => 0640,
owner => "root",
group => $group,
require => Exec["generate-slapd-database-config"],
}
exec { "generate-slapd-database-config":
command => "find ${config}/slapd.conf.d/db.*.conf -exec echo 'include {}' \; > ${config}/slapd.conf.d/database.conf",
path => "/bin:/usr/bin:/sbin:/usr/sbin",
refreshonly => true,
notify => Service["slapd"],
}
}
# Create new LDAP database.
#
# === Parameters
#
# $name:
# Database suffix (base DN).
#
# $aclsource:
# Source file for custom ACL's. Default is to use template.
#
# === Sample usage
#
# ldap::server::database { "dc=example,dc=com": }
#
define ldap::server::database($aclsource = "") {
include ldap::server
file { "${ldap::server::config}/slapd.conf.d/db.${name}.conf":
ensure => present,
content => template("ldap/slapd-database.conf.erb"),
mode => 0640,
owner => "root",
group => $ldap::server::group,
notify => Exec["generate-slapd-database-config"],
}
file { "${ldap::server::config}/slapd.conf.d/acl.${name}.conf":
ensure => present,
source => $aclsource ? {
"" => undef,
default => $aclsource,
},
content => $aclsource ? {
"" => template("ldap/slapd-acl.conf.erb"),
default => undef,
},
mode => 0640,
owner => "root",
group => $ldap::server::group,
notify => Service["slapd"],
}
file { "${ldap::server::config}/slapd.conf.d/index.${name}.conf":
ensure => present,
source => [ "puppet:///files/ldap/slapd-index.conf.${name}",
"puppet:///files/ldap/slapd-index.conf",
"puppet:///modules/ldap/slapd-index.conf", ],
mode => 0640,
owner => "root",
group => $ldap::server::group,
notify => Service["slapd"],
}
file { "/srv/ldap/${name}":
ensure => directory,
mode => 0700,
owner => $ldap::server::user,
group => $ldap::server::group,
require => File["/srv/ldap"],
}
file { "/srv/ldap/${name}/DB_CONFIG":
ensure => present,
source => [ "puppet:///files/ldap/DB_CONFIG.${name}",
"puppet:///files/ldap/DB_CONFIG",
"puppet:///modules/ldap/DB_CONFIG", ],
mode => 0644,
@ -397,18 +561,10 @@ class ldap::server {
"openbsd" => "wheel",
default => "root",
},
require => File["/srv/ldap"]
require => File["/srv/ldap/${name}"],
before => Service["slapd"],
}
ldap::server::schema { "apple-auth": }
ldap::server::schema { "apple": }
ldap::server::schema { "autofs": }
ldap::server::schema { "dnszone": }
ldap::server::schema { "hdb": }
ldap::server::schema { "openssh-lpk": }
ldap::server::schema { "rfc2307bis": }
ldap::server::schema { "samba": }
}
@ -419,30 +575,30 @@ class ldap::server {
# $name:
# Schema name.
#
# $idx:
# Schema load order. Defaults to 50.
#
# === Sample usage
#
# ldap::server::schema { "samba": }
#
define ldap::server::schema() {
define ldap::server::schema($idx = 50) {
include ldap::server
file { "${name}.schema":
path => $operatingsystem ? {
"ubuntu" => "/etc/ldap/schema/${name}.schema",
"debian" => "/etc/ldap/schema/${name}.schema",
default => "/etc/openldap/schema/${name}.schema",
},
path => "${ldap::server::config}/schema/${idx}-${name}.schema",
ensure => present,
source => [ "puppet:///files/ldap/${name}.schema",
"puppet:///modules/ldap/${name}.schema", ],
mode => 0644,
owner => root,
owner => "root",
group => $operatingsystem ? {
"openbsd" => "wheel",
default => "root",
},
require => Package["openldap-server"],
notify => Exec["generate-slapd-schema-config"],
}
}