tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Improved multiOS support to ldap-module

Browse source
This commit is contained in:
Jarkko Huttunen 2011-08-01 09:35:19 +03:00 committed by Timo Mkinen
parent 4484685be6
commit 77ec635d15
1 changed files with 117 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

143
ldap/manifests/init.pp
View file

@ -59,14 +59,69 @@ class ldap::auth inherits ldap::client {
"set base ${ldap_basedn}", "set base ${ldap_basedn}",
"set nss_paged_results yes", "set nss_paged_results yes",
"set pam_password exop", "set pam_password exop",
"rm rootbinddn",
"set ssl on", ], "set ssl on", ],
onlyif => [ "get uri != '${ldap_uri}'", onlyif => [ "get uri != '${ldap_uri}'",
"get base != ${ldap_basedn}", "get base != ${ldap_basedn}",
"get nss_paged_results != yes", "get nss_paged_results != yes",
"get pam_password != exop", "get pam_password != exop",
"get rootbinddn == 'cn=manager,dc=example,dc=net'",
"get ssl != on", ], "get ssl != on", ],
} }
} }
Debian: {
package {[ "libnss-ldap",
"libpam-ldap" ]:
ensure => installed,
}
## Debian lacks some lenses. nss-ldap-conf and pam_ldap-conf needs corresponding files
## to /usr/share/augeas/lenses/dist/spacevars.aug. More info at:
## https://github.com/jwm/augeas/commit/8f768f45779048cbd95b5b7d71682b808d41bfd3
## There isn't lens for nsswitch.conf either. nss-ldap-conf and pam_ldap-conf are tested, nsswitch isn't.
# augeas { "nss-ldap-conf":
# context => "/files/etc/libnss-ldap.conf",
# changes => [ "set uri '${ldap_uri}'",
# "set base ${ldap_basedn}",
# "set nss_paged_results yes",
# "set pam_password exop",
# "rm rootbinddn",
# "set ssl on", ],
# onlyif => [ "get uri != '${ldap_uri}'",
# "get base != ${ldap_basedn}",
# "get nss_paged_results != yes",
# "get pam_password != exop",
# "get rootbinddn == 'cn=manager,dc=example,dc=net'",
# "get ssl != on", ],
# require => Package["libnss-ldap"],
# }
# augeas { "pam_ldap-conf":
# context => "/files/etc/pam_ldap.conf",
# changes => [ "set uri '${ldap_uri}'",
# "set base ${ldap_basedn}",
# "set nss_paged_results yes",
# "set pam_password exop",
# "rm rootbinddn",
# "set ssl on", ],
# onlyif => [ "get uri != '${ldap_uri}'",
# "get base != ${ldap_basedn}",
# "get nss_paged_results != yes",
# "get pam_password != exop",
# "get rootbinddn == 'cn=manager,dc=example,dc=net'",
# "get ssl != on", ],
# require => Package["libpam-ldap"],
# }
# augeas { "nsswitch-conf":
# context => "/files/etc/nsswitch.conf",
# changes => [ "set passwd: 'files ldap'",
# "set group: 'files ldap'",
# "set shadow: 'files ldap'", ],
# onlyif => [ "get passwd: != 'files ldap'",
# "get group: != 'files ldap'",
# "get shadow: != 'files ldap'", ],
# require => [ Augeas["pam_ldap-conf"],
# Augeas["nss-ldap-conf"], ],
# }
}
OpenBSD: { OpenBSD: {
if ! $ldap_login_umask { if ! $ldap_login_umask {
$ldap_login_umask = "077" $ldap_login_umask = "077"
@ -105,9 +160,9 @@ class ldap::client {
package { "openldap-client": package { "openldap-client":
name => $operatingsystem ? { name => $operatingsystem ? {
debian => "ldap-utils", "debian" => "ldap-utils",
ubuntu => "ldap-utils", "ubuntu" => "ldap-utils",
openbsd => "openldap-client", "openbsd" => "openldap-client",
default => "openldap-clients", default => "openldap-clients",
}, },
ensure => $operatingsystem ? { ensure => $operatingsystem ? {
@ -120,15 +175,15 @@ class ldap::client {
ensure => present, ensure => present,
content => template("ldap/ldap.conf.erb"), content => template("ldap/ldap.conf.erb"),
path => $operatingsystem ? { path => $operatingsystem ? {
debian => "/etc/ldap/ldap.conf", "debian" => "/etc/ldap/ldap.conf",
ubuntu => "/etc/ldap/ldap.conf", "ubuntu" => "/etc/ldap/ldap.conf",
default => "/etc/openldap/ldap.conf", default => "/etc/openldap/ldap.conf",
}, },
mode => 0644, mode => 0644,
owner => root, owner => root,
group => $operatingsystem ? { group => $operatingsystem ? {
darwin => wheel, "darwin" => wheel,
openbsd => wheel, "openbsd" => wheel,
default => root, default => root,
}, },
require => Package["openldap-client"], require => Package["openldap-client"],
@ -157,7 +212,7 @@ class ldap::client::python {
class ldap::client::ruby { class ldap::client::ruby {
case $operatingsystem { case $operatingsystem {
ubuntu,debian: { "ubuntu","debian": {
$pkgname = regsubst($rubyversion, '^([0-9]+\.[0-9]+)\..*', 'libldap-ruby\1') $pkgname = regsubst($rubyversion, '^([0-9]+\.[0-9]+)\..*', 'libldap-ruby\1')
} }
default: { default: {
@ -172,7 +227,6 @@ class ldap::client::ruby {
} }
# Install OpenLDAP server. # Install OpenLDAP server.
# #
# $ldap_datadir: # $ldap_datadir:
@ -180,13 +234,24 @@ class ldap::client::ruby {
# #
class ldap::server { class ldap::server {
case $operatingsystem {
"debian","ubuntu": {
$user = "openldap"
$group = "openldap"
}
"centos","fedora": {
$user = "ldap"
$group = "openldap"
}
}
if $ldap_datadir { if $ldap_datadir {
file { "${ldap_datadir}": file { "${ldap_datadir}":
ensure => directory, ensure => directory,
mode => 0700, mode => 0700,
owner => ldap, owner => $user,
group => ldap, group => $group,
require => Package["openldap-servers"], require => Package["openldap-server"],
} }
file { "/srv/ldap": file { "/srv/ldap":
ensure => link, ensure => link,
@ -197,31 +262,51 @@ class ldap::server {
file { "/srv/ldap": file { "/srv/ldap":
ensure => directory, ensure => directory,
mode => 0700, mode => 0700,
owner => ldap, owner => $user,
group => ldap, group => $group,
require => Package["openldap-servers"], require => Package["openldap-server"],
} }
} }
package { [ "openldap-servers", "openldap-servers-overlays", ]: package { "openldap-server":
name => $operatingsystem ? {
"ubuntu" => "slapd",
"debian" => "slapd",
"centos" => [ "openldap-servers",
"openldap-servers-overlays" ],
"fedora" => [ "openldap-servers",
"openldap-servers-overlays" ],
},
ensure => installed, ensure => installed,
} }
service { "ldap": service { "slapd":
name => $operatingsystem ? {
"ubuntu" => "slapd",
"debian" => "slapd",
"centos" => "ldap",
"fedora" => "ldap",
},
ensure => running, ensure => running,
enable => true, enable => true,
require => Package["openldap-servers"], require => Package ["openldap-server"]
} }
file { "/etc/openldap/slapd.conf": file { "slapd.conf":
path => $operatingsystem ? {
"ubuntu" => "/etc/ldap/slapd.conf",
"debian" => "/etc/ldap/slapd.conf",
"centos" => "/etc/openldap/slapd.conf",
"fedora" => "/etc/openldap/slapd.conf",
},
ensure => present, ensure => present,
source => [ "puppet:///files/ldap/slapd.conf.${fqdn}", source => [ "puppet:///files/ldap/slapd.conf.${fqdn}",
"puppet:///files/ldap/slapd.conf", ], "puppet:///files/ldap/slapd.conf", ],
mode => 0640, mode => 0640,
owner => root, owner => root,
group => ldap, group => $group,
notify => Service["ldap"], notify => Service["slapd"],
require => Package["openldap-servers"], require => Package["openldap-server"],
} }
file { "/srv/ldap/DB_CONFIG": file { "/srv/ldap/DB_CONFIG":
@ -232,7 +317,7 @@ class ldap::server {
mode => 0644, mode => 0644,
owner => root, owner => root,
group => root, group => root,
require => Package["openldap-servers"], require => Package["openldap-server"],
} }
ldap::server::schema { "apple-auth": } ldap::server::schema { "apple-auth": }
@ -262,14 +347,20 @@ define ldap::server::schema() {
include ldap::server include ldap::server
file { "/etc/openldap/schema/${name}.schema": file { "${name}.schema":
path => $operatingsystem ? {
"ubuntu" => "/etc/ldap/schema/${name}.schema",
"debian" => "/etc/ldap/schema/${name}.schema",
"centos" => "/etc/openldap/schema/${name}.schema",
"fedora" => "/etc/openldap/schema/${name}.schema",
},
ensure => present, ensure => present,
source => [ "puppet:///files/ldap/${name}.schema", source => [ "puppet:///files/ldap/${name}.schema",
"puppet:///modules/ldap/${name}.schema", ], "puppet:///modules/ldap/${name}.schema", ],
mode => 0644, mode => 0644,
owner => root, owner => root,
group => root, group => root,
require => Package["openldap-servers"], require => Package["openldap-server"],
} }
} }