Puppet Class: ldap::management

Defined in:
modules/ldap/manifests/management.pp

Overview

Bunch of utilities for managing LDAP users Note: We explicitly only use one server here, since we don't want to modify on both servers at the same time

Parameters:

  • server (Any)
  • basedn (Any)
  • user (Any)
  • password (Any)


4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
# File 'modules/ldap/manifests/management.pp', line 4

class ldap::management(
    $server,
    $basedn,
    $user,
    $password,
) {
    require_package([
        'ldapvi',
        'python3-ldap3',
        'python3-yaml',
    ])

    file { '/etc/ldapvi.conf':
        content => template('ldap/ldapvi.conf.erb'),
        mode    => '0440',
        owner   => 'root',
        group   => 'ldap-admins',
    }

    $yaml_config = {
        servers  => [$server],
        basedn   => $basedn,
        user     => $user,
        password => $password,
    }

    file { '/usr/local/bin/modify-ldap-user':
        owner  => 'root',
        group  => 'ldap-admins',
        mode   => '0550',
        source => 'puppet:///modules/ldap/modify-ldap-user',
    }

    file { '/usr/local/bin/modify-ldap-group':
        owner  => 'root',
        group  => 'ldap-admins',
        mode   => '0550',
        source => 'puppet:///modules/ldap/modify-ldap-group',
    }

    file { '/etc/ldap.scriptuser.yaml':
        content => ordered_yaml($yaml_config),
    }

    file { '/usr/local/bin/reset-ldap-password':
        source => 'puppet:///modules/ldap/reset-ldap-password',
        mode   => '0554',
        owner  => 'root',
        group  => 'root',
    }

    file { '/usr/local/bin/rewrite-group-for-memberof':
        source => 'puppet:///modules/ldap/rewrite-group-for-memberof',
        mode   => '0554',
        owner  => 'root',
        group  => 'root',
    }
}