Puppet Class: profile::openldap::management

Defined in:
modules/profile/manifests/openldap/management.pp

Overview

Class profile::openldap::management

Tools / scripts for helping manage the users in LDAP installation Note: This is for the so-called 'labs LDAP', which is used to manage both users on labs as well as access control for many things in prod

Parameters

cron_active

Whether to activate the daily account consistency check or not.

Parameters:

  • cron_active (Boolean) (defaults to: hiera('profile::openldap::management::cron_active'))


11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
# File 'modules/profile/manifests/openldap/management.pp', line 11

class profile::openldap::management(
    Boolean $cron_active = hiera('profile::openldap::management::cron_active'),
) {
    require ::profile::ldap::client::labs
    include passwords::phabricator

    $ldapconfig = $::ldap::config::labs::ldapconfig

    class { '::ldap::management':
        server   => $ldapconfig['servernames'][0],
        basedn   => $ldapconfig['basedn'],
        user     => $ldapconfig['script_user_dn'],
        password => $ldapconfig['script_user_pass'],
    }

    require_package('python-yaml', 'python-ldap', 'python-phabricator')

    file { '/usr/local/bin/cross-validate-accounts':
        ensure => present,
        source => 'puppet:///modules/openldap/cross-validate-accounts.py',
        mode   => '0555',
        owner  => 'root',
        group  => 'root',
    }

    file { '/usr/local/bin/offboard-user':
        ensure => present,
        source => 'puppet:///modules/openldap/offboard-user.py',
        mode   => '0555',
        owner  => 'root',
        group  => 'root',
    }

    user { 'accountcheck':
        ensure => present,
        system => true,
    }

    $ensure = $cron_active ? {
        true => present,
        default => absent
    }
    cron { 'daily_account_consistency_check':
        ensure  => $ensure,
        require => [ File['/usr/local/bin/cross-validate-accounts'], User['accountcheck']] ,
        command => '/usr/local/bin/cross-validate-accounts',
        user    => 'accountcheck',
        hour    => '4',
        minute  => '0',
    }

    class { '::phabricator::bot':
        username => 'offboarding',
        token    => $passwords::phabricator::offboarding_script_token,
        owner    => 'root',
        group    => 'ops',
    }
}