Puppet Class: profile::openldap::client

Defined in:
modules/profile/manifests/openldap/client.pp

Overview

Class profile::openldap::client

This profile installs the OpenLDAP client side tools on a host in production and populates /etc/ldap/ldap.conf as needed

By default the readonly replicas are configured in ldap.conf, this can be changed with profile::openldap::client::read_write. This will change all LDAP operations by tools which read /etc/ldap/ldap.conf to use the r/w servers.

If only a few select tools need r/w access, it's better read the server from /etc/ldap/wmf-ldap.conf instead

Parameters:

  • ldap_config (Hash) (defaults to: lookup('ldap', Hash, hash, {}))


13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
# File 'modules/profile/manifests/openldap/client.pp', line 13

class profile::openldap::client(
    Hash $ldap_config = lookup('ldap', Hash, hash, {}),
){

    $ldapconfig = {
        'servernames'      => [$ldap_config['ro-server'], $ldap_config['ro-server-fallback']],
        'servernames_rw'   => [$ldap_config['rw-server'], $ldap_config['rw-server-fallback']],
        'basedn'           => $ldap_config['base-dn'],
        'proxyagent'       => $ldap_config['proxyagent'],
        'proxypass'        => $ldap_config['proxypass'],
        'script_user_dn'   => $ldap_config['script_user_dn'],
        'script_user_pass' => $ldap_config['script_user_pass'],
        'ca'               => 'ca-certificates.crt',
    }

    class { 'ldap::client::utils':
        ldapconfig => $ldapconfig,
    }

    class { 'ldap::client::openldap':
        ldapconfig => $ldapconfig,
    }

    file { '/etc/ldap/wmf-ldap.conf':
        owner   => 'root',
        group   => 'root',
        mode    => '0444',
        content => template('ldap/wmf-ldap.erb'),
    }
}