Improved multiOS support to ldap-module
This commit is contained in:
Jarkko Huttunen
parent
4484685be6
commit
77ec635d15
1 changed files with 117 additions and 26 deletions
|
|
@ -59,14 +59,69 @@ class ldap::auth inherits ldap::client {
|
|||
"set base ${ldap_basedn}",
|
||||
"set nss_paged_results yes",
|
||||
"set pam_password exop",
|
||||
"rm rootbinddn",
|
||||
"set ssl on", ],
|
||||
onlyif => [ "get uri != '${ldap_uri}'",
|
||||
"get base != ${ldap_basedn}",
|
||||
"get nss_paged_results != yes",
|
||||
"get pam_password != exop",
|
||||
"get rootbinddn == 'cn=manager,dc=example,dc=net'",
|
||||
"get ssl != on", ],
|
||||
}
|
||||
}
|
||||
Debian: {
|
||||
package {[ "libnss-ldap",
|
||||
"libpam-ldap" ]:
|
||||
ensure => installed,
|
||||
}
|
||||
## Debian lacks some lenses. nss-ldap-conf and pam_ldap-conf needs corresponding files
|
||||
## to /usr/share/augeas/lenses/dist/spacevars.aug. More info at:
|
||||
## https://github.com/jwm/augeas/commit/8f768f45779048cbd95b5b7d71682b808d41bfd3
|
||||
## There isn't lens for nsswitch.conf either. nss-ldap-conf and pam_ldap-conf are tested, nsswitch isn't.
|
||||
# augeas { "nss-ldap-conf":
|
||||
# context => "/files/etc/libnss-ldap.conf",
|
||||
# changes => [ "set uri '${ldap_uri}'",
|
||||
# "set base ${ldap_basedn}",
|
||||
# "set nss_paged_results yes",
|
||||
# "set pam_password exop",
|
||||
# "rm rootbinddn",
|
||||
# "set ssl on", ],
|
||||
# onlyif => [ "get uri != '${ldap_uri}'",
|
||||
# "get base != ${ldap_basedn}",
|
||||
# "get nss_paged_results != yes",
|
||||
# "get pam_password != exop",
|
||||
# "get rootbinddn == 'cn=manager,dc=example,dc=net'",
|
||||
# "get ssl != on", ],
|
||||
# require => Package["libnss-ldap"],
|
||||
# }
|
||||
# augeas { "pam_ldap-conf":
|
||||
# context => "/files/etc/pam_ldap.conf",
|
||||
# changes => [ "set uri '${ldap_uri}'",
|
||||
# "set base ${ldap_basedn}",
|
||||
# "set nss_paged_results yes",
|
||||
# "set pam_password exop",
|
||||
# "rm rootbinddn",
|
||||
# "set ssl on", ],
|
||||
# onlyif => [ "get uri != '${ldap_uri}'",
|
||||
# "get base != ${ldap_basedn}",
|
||||
# "get nss_paged_results != yes",
|
||||
# "get pam_password != exop",
|
||||
# "get rootbinddn == 'cn=manager,dc=example,dc=net'",
|
||||
# "get ssl != on", ],
|
||||
# require => Package["libpam-ldap"],
|
||||
# }
|
||||
# augeas { "nsswitch-conf":
|
||||
# context => "/files/etc/nsswitch.conf",
|
||||
# changes => [ "set passwd: 'files ldap'",
|
||||
# "set group: 'files ldap'",
|
||||
# "set shadow: 'files ldap'", ],
|
||||
# onlyif => [ "get passwd: != 'files ldap'",
|
||||
# "get group: != 'files ldap'",
|
||||
# "get shadow: != 'files ldap'", ],
|
||||
# require => [ Augeas["pam_ldap-conf"],
|
||||
# Augeas["nss-ldap-conf"], ],
|
||||
# }
|
||||
}
|
||||
OpenBSD: {
|
||||
if ! $ldap_login_umask {
|
||||
$ldap_login_umask = "077"
|
||||
|
|
@ -105,9 +160,9 @@ class ldap::client {
|
|||
|
||||
package { "openldap-client":
|
||||
name => $operatingsystem ? {
|
||||
debian => "ldap-utils",
|
||||
ubuntu => "ldap-utils",
|
||||
openbsd => "openldap-client",
|
||||
"debian" => "ldap-utils",
|
||||
"ubuntu" => "ldap-utils",
|
||||
"openbsd" => "openldap-client",
|
||||
default => "openldap-clients",
|
||||
},
|
||||
ensure => $operatingsystem ? {
|
||||
|
|
@ -120,15 +175,15 @@ class ldap::client {
|
|||
ensure => present,
|
||||
content => template("ldap/ldap.conf.erb"),
|
||||
path => $operatingsystem ? {
|
||||
debian => "/etc/ldap/ldap.conf",
|
||||
ubuntu => "/etc/ldap/ldap.conf",
|
||||
"debian" => "/etc/ldap/ldap.conf",
|
||||
"ubuntu" => "/etc/ldap/ldap.conf",
|
||||
default => "/etc/openldap/ldap.conf",
|
||||
},
|
||||
mode => 0644,
|
||||
owner => root,
|
||||
group => $operatingsystem ? {
|
||||
darwin => wheel,
|
||||
openbsd => wheel,
|
||||
"darwin" => wheel,
|
||||
"openbsd" => wheel,
|
||||
default => root,
|
||||
},
|
||||
require => Package["openldap-client"],
|
||||
|
|
@ -157,7 +212,7 @@ class ldap::client::python {
|
|||
class ldap::client::ruby {
|
||||
|
||||
case $operatingsystem {
|
||||
ubuntu,debian: {
|
||||
"ubuntu","debian": {
|
||||
$pkgname = regsubst($rubyversion, '^([0-9]+\.[0-9]+)\..*', 'libldap-ruby\1')
|
||||
}
|
||||
default: {
|
||||
|
|
@ -172,7 +227,6 @@ class ldap::client::ruby {
|
|||
|
||||
}
|
||||
|
||||
|
||||
# Install OpenLDAP server.
|
||||
#
|
||||
# $ldap_datadir:
|
||||
|
|
@ -180,13 +234,24 @@ class ldap::client::ruby {
|
|||
#
|
||||
class ldap::server {
|
||||
|
||||
case $operatingsystem {
|
||||
"debian","ubuntu": {
|
||||
$user = "openldap"
|
||||
$group = "openldap"
|
||||
}
|
||||
"centos","fedora": {
|
||||
$user = "ldap"
|
||||
$group = "openldap"
|
||||
}
|
||||
}
|
||||
|
||||
if $ldap_datadir {
|
||||
file { "${ldap_datadir}":
|
||||
ensure => directory,
|
||||
mode => 0700,
|
||||
owner => ldap,
|
||||
group => ldap,
|
||||
require => Package["openldap-servers"],
|
||||
owner => $user,
|
||||
group => $group,
|
||||
require => Package["openldap-server"],
|
||||
}
|
||||
file { "/srv/ldap":
|
||||
ensure => link,
|
||||
|
|
@ -197,31 +262,51 @@ class ldap::server {
|
|||
file { "/srv/ldap":
|
||||
ensure => directory,
|
||||
mode => 0700,
|
||||
owner => ldap,
|
||||
group => ldap,
|
||||
require => Package["openldap-servers"],
|
||||
owner => $user,
|
||||
group => $group,
|
||||
require => Package["openldap-server"],
|
||||
}
|
||||
}
|
||||
|
||||
package { [ "openldap-servers", "openldap-servers-overlays", ]:
|
||||
package { "openldap-server":
|
||||
name => $operatingsystem ? {
|
||||
"ubuntu" => "slapd",
|
||||
"debian" => "slapd",
|
||||
"centos" => [ "openldap-servers",
|
||||
"openldap-servers-overlays" ],
|
||||
"fedora" => [ "openldap-servers",
|
||||
"openldap-servers-overlays" ],
|
||||
},
|
||||
ensure => installed,
|
||||
}
|
||||
|
||||
service { "ldap":
|
||||
service { "slapd":
|
||||
name => $operatingsystem ? {
|
||||
"ubuntu" => "slapd",
|
||||
"debian" => "slapd",
|
||||
"centos" => "ldap",
|
||||
"fedora" => "ldap",
|
||||
},
|
||||
ensure => running,
|
||||
enable => true,
|
||||
require => Package["openldap-servers"],
|
||||
require => Package ["openldap-server"]
|
||||
}
|
||||
|
||||
file { "/etc/openldap/slapd.conf":
|
||||
file { "slapd.conf":
|
||||
path => $operatingsystem ? {
|
||||
"ubuntu" => "/etc/ldap/slapd.conf",
|
||||
"debian" => "/etc/ldap/slapd.conf",
|
||||
"centos" => "/etc/openldap/slapd.conf",
|
||||
"fedora" => "/etc/openldap/slapd.conf",
|
||||
},
|
||||
ensure => present,
|
||||
source => [ "puppet:///files/ldap/slapd.conf.${fqdn}",
|
||||
"puppet:///files/ldap/slapd.conf", ],
|
||||
mode => 0640,
|
||||
owner => root,
|
||||
group => ldap,
|
||||
notify => Service["ldap"],
|
||||
require => Package["openldap-servers"],
|
||||
group => $group,
|
||||
notify => Service["slapd"],
|
||||
require => Package["openldap-server"],
|
||||
}
|
||||
|
||||
file { "/srv/ldap/DB_CONFIG":
|
||||
|
|
@ -232,7 +317,7 @@ class ldap::server {
|
|||
mode => 0644,
|
||||
owner => root,
|
||||
group => root,
|
||||
require => Package["openldap-servers"],
|
||||
require => Package["openldap-server"],
|
||||
}
|
||||
|
||||
ldap::server::schema { "apple-auth": }
|
||||
|
|
@ -262,14 +347,20 @@ define ldap::server::schema() {
|
|||
|
||||
include ldap::server
|
||||
|
||||
file { "/etc/openldap/schema/${name}.schema":
|
||||
file { "${name}.schema":
|
||||
path => $operatingsystem ? {
|
||||
"ubuntu" => "/etc/ldap/schema/${name}.schema",
|
||||
"debian" => "/etc/ldap/schema/${name}.schema",
|
||||
"centos" => "/etc/openldap/schema/${name}.schema",
|
||||
"fedora" => "/etc/openldap/schema/${name}.schema",
|
||||
},
|
||||
ensure => present,
|
||||
source => [ "puppet:///files/ldap/${name}.schema",
|
||||
"puppet:///modules/ldap/${name}.schema", ],
|
||||
mode => 0644,
|
||||
owner => root,
|
||||
group => root,
|
||||
require => Package["openldap-servers"],
|
||||
require => Package["openldap-server"],
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue