Puppet Class: ldap::management

Defined in:
modules/ldap/manifests/management.pp

Overview

Bunch of utilities for managing LDAP users Note: We explicitly only use one server here, since we don't want to modify on both servers at the same time

Parameters:

  • server (Any)
  • basedn (Any)
  • user (Any)
  • password (Any) 


4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
 
# File 'modules/ldap/manifests/management.pp', line 4

class ldap::management(
    $server,
    $basedn,
    $user,
    $password,
) {
    ensure_packages([
        'ldapvi',
    ])

    file { '/etc/ldapvi.conf':
        content => template('ldap/ldapvi.conf.erb'),
        mode    => '0440',
        owner   => 'root',
        group   => 'ldap-admins',
    }

    file {
        default:
            ensure => file,
            owner  => 'root',
            group  => 'ldap-admins',
            mode   => '0550';
        '/usr/local/bin/modify-ldap-user':
            content => file('ldap/modify-ldap-user');
        '/usr/local/bin/modify-ldap-group':
            content => file('ldap/modify-ldap-group');
        '/usr/local/bin/modify-mfa':
            content => file('ldap/scripts/modify-mfa.py');
        '/usr/local/sbin/add-ldap-group':
            content =>  file('ldap/scripts/add-ldap-group.py');

    }

    file { '/usr/local/bin/rewrite-group-for-memberof':
        ensure => absent,
        source => 'puppet:///modules/ldap/rewrite-group-for-memberof.py',
        mode   => '0554',
        owner  => 'root',
        group  => 'root',
    }
}