# Install and configure ldap client # # === Global variables # # $ldap_server: # Array containing LDAP server URI's. # # $ldap_basedn: # LDAP base DN. # # $ldap_login_umask: # Default umask for LDAP users in OpenBSD, defaults to 077. # class ldap::client { package { "openldap-client": name => $operatingsystem ? { openbsd => "openldap-client", default => "openldap-clients", }, ensure => installed, } file { "/etc/openldap/ldap.conf": ensure => present, content => template("ldap/ldap.conf.erb"), mode => 0644, owner => root, group => $operatingsystem ? { openbsd => wheel, default => root, }, require => Package["openldap-client"], } case $operatingsystem { OpenBSD: { if ! $ldap_login_umask { $ldap_login_umask = "077" } package { "login_ldap": ensure => installed, } file { "/etc/login.conf": ensure => present, content => template("ldap/login.conf.erb"), mode => 0644, owner => root, group => wheel, require => [ File["/etc/openldap/ldap.conf"], Package["login_ldap"], ] } } } } # Install python ldap bindings. # class ldap::client::python { package { "python-ldap": name => $operatingsystem ? { openbsd => "py-ldap", default => "python-ldap", }, ensure => installed, } } # Install Ruby ldap bindings. # class ldap::client::ruby { case $operatingsystem { ubuntu: { $pkgname = regsubst($rubyversion, '^([0-9]+\.[0-9]+)\..*', 'libldap-ruby\1') } default: { $pkgname = "ruby-ldap" } } package { "ruby-ldap": name => $pkgname, ensure => installed, } } # Install OpenLDAP server. # # $ldap_datadir: # Directory for LDAP databases. Defaults to /srv/ldap. # class ldap::server { if $ldap_datadir { file { "${ldap_datadir}": ensure => directory, mode => 0700, owner => ldap, group => ldap, require => Package["openldap-servers"], } file { "/srv/ldap": ensure => link, target => "${ldap_datadir}", require => File["${ldap_datadir}"], } } else { file { "/srv/ldap": ensure => directory, mode => 0700, owner => ldap, group => ldap, require => Package["openldap-servers"], } } package { [ "openldap-servers", "openldap-servers-overlays", ]: ensure => installed, } service { "ldap": ensure => running, enable => true, require => Package["openldap-servers"], } file { "/etc/openldap/slapd.conf": ensure => present, source => [ "puppet:///files/ldap/slapd.conf.${fqdn}", "puppet:///files/ldap/slapd.conf", ], mode => 0640, owner => root, group => ldap, notify => Service["ldap"], require => Package["openldap-servers"], } file { "/srv/ldap/DB_CONFIG": ensure => present, source => [ "puppet:///files/ldap/DB_CONFIG.${fqdn}", "puppet:///files/ldap/DB_CONFIG", "puppet:///ldap/DB_CONFIG", ], mode => 0644, owner => root, group => root, require => Package["openldap-servers"], } ldap::server::schema { "apple-auth": } ldap::server::schema { "apple": } ldap::server::schema { "autofs": } ldap::server::schema { "dnszone": } ldap::server::schema { "hdb": } ldap::server::schema { "openssh-lpk": } ldap::server::schema { "rfc2307bis": } ldap::server::schema { "samba": } } # Install custom schema to OpenLDAP. # # === Parameters # # $name: # Schema name. # # === Sample usage # # ldap::server::schema { "samba": } # define ldap::server::schema() { include ldap::server file { "/etc/openldap/schema/${name}.schema": ensure => present, source => [ "puppet:///files/ldap/${name}.schema", "puppet:///ldap/${name}.schema", ], mode => 0644, owner => root, group => root, require => Package["openldap-servers"], } }