Defined Type: bsdauth::ldap::class
- Defined in:
- manifests/ldap/class.pp
Overview
Define an LDAP login class.
43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 |
# File 'manifests/ldap/class.pp', line 43
define bsdauth::ldap::class (
Bodgitlib::LDAP::DN $base_dn,
Array[BSDAuth::LDAP::Server, 1] $servers,
Array[String] $attributes = [
'tc=default',
],
Optional[Bodgitlib::LDAP::DN] $bind_dn = undef,
Optional[String] $bind_pw = undef,
Optional[Bodgitlib::LDAP::DN] $group_dn = undef,
Optional[Bodgitlib::LDAP::Filter] $group_filter = undef,
Optional[Bodgitlib::LDAP::Scope] $group_scope = undef,
Optional[Boolean] $keep_credentials = undef,
String $login_class = $title,
Variant[String, Integer[0]] $order = '10',
Optional[Boolean] $referrals = undef,
Array[String, 1] $styles = [
'-ldap',
],
Optional[Integer[0, 300]] $timeout = undef,
Optional[Stdlib::Absolutepath] $tls_cacert_dir = undef,
Optional[Stdlib::Absolutepath] $tls_cacert_file = undef,
Optional[Stdlib::Absolutepath] $tls_cert = undef,
Optional[Stdlib::Absolutepath] $tls_key = undef,
Optional[Bodgitlib::LDAP::Filter] $user_filter = undef,
Optional[Bodgitlib::LDAP::Scope] $user_scope = undef,
) {
if ! defined(Class['::bsdauth::ldap']) {
fail('You must include the bsdauth::ldap base class before using any bsdauth::ldap defined resources')
}
$_servers = bsdauth::flatten_servers($servers)
$capabilities = flatten([join_keys_to_values(delete_undef_values({
'auth' => join($styles, ','),
'x-ldap-basedn' => $base_dn,
'x-ldap-binddn' => $bind_dn,
'x-ldap-bindpw' => $bind_pw,
'x-ldap-cacertdir' => $tls_cacert_dir,
'x-ldap-cacert' => $tls_cacert_file,
'x-ldap-groupdn' => $group_dn,
'x-ldap-groupfilter' => $group_filter,
'x-ldap-gscope' => $group_scope,
'x-ldap-filter' => $user_filter,
'x-ldap-timeout' => $timeout,
'x-ldap-uscope' => $user_scope,
'x-ldap-usercert' => $tls_cert,
'x-ldap-userkey' => $tls_key,
}), '='), delete_undef_values([
$referrals ? {
false => 'x-ldap-noreferrals',
default => undef,
},
$keep_credentials ? {
true => 'x-ldap-refkeepcreds',
default => undef,
},
]), $_servers, $attributes])
::bsdauth::class { $login_class:
capabilities => $capabilities,
order => $order,
}
}
|