Defined Type: openldap::configuration

Defined in:
manifests/configuration.pp

Overview

Handles creating global or per-user LDAP client configuration.

Examples:

Create a per-user ~/.ldaprc for any subsequently created users

::openldap::configuration { '/etc/skel/.ldaprc':
  ensure => file,
  owner  => 0,
  group  => 0,
  mode   => '0640',
  base   => 'dc=example,dc=com',
  uri    => ['ldap://ldap.example.com/'],
}

::Openldap::Configuration['/etc/skel/.ldaprc'] -> User <||>

Parameters:

  • ensure (Enum['file', 'present', 'absent'])

    See file resource type.

  • owner (Variant[String[1], Integer[0]])

    See file resource type.

  • group (Variant[String[1], Integer[0]])

    See file resource type.

  • mode (String)

    See file resource type.

  • file (Stdlib::Absolutepath) (defaults to: $title)

    The path to the configuration file.

  • base (Optional[Bodgitlib::LDAP::DN]) (defaults to: undef)

    Maps to the BASE ldap.conf option.

  • uri (Optional[Array[Bodgitlib::LDAP::URI::Simple, 1]]) (defaults to: undef)

    Maps to the URI ldap.conf option.

  • binddn (Optional[Bodgitlib::LDAP::DN]) (defaults to: undef)

    Maps to the BINDDN ldap.conf option.

  • deref (Optional[Enum['never', 'searching', 'finding', 'always']]) (defaults to: undef)

    Maps to the DEREF ldap.conf option.

  • network_timeout (Optional[Integer[0]]) (defaults to: undef)

    Maps to the NETWORK_TIMEOUT ldap.conf option.

  • referrals (Optional[Boolean]) (defaults to: undef)

    Maps to the REFERRALS ldap.conf option.

  • sizelimit (Optional[Integer[0]]) (defaults to: undef)

    Maps to the SIZELIMIT ldap.conf option.

  • timelimit (Optional[Integer[0]]) (defaults to: undef)

    Maps to the TIMELIMIT ldap.conf option.

  • timeout (Optional[Integer[0]]) (defaults to: undef)

    Maps to the TIMEOUT ldap.conf option.

  • sasl_mech (Optional[String]) (defaults to: undef)

    Maps to the SASL_MECH ldap.conf option.

  • sasl_realm (Optional[String]) (defaults to: undef)

    Maps to the SASL_REALM ldap.conf option.

  • sasl_authcid (Optional[String]) (defaults to: undef)

    Maps to the SASL_AUTHCID ldap.conf option.

  • sasl_authzid (Optional[String]) (defaults to: undef)

    Maps to the SASL_AUTHZID ldap.conf option.

  • sasl_secprops (Optional[Array[String, 1]]) (defaults to: undef)

    Maps to the SASL_SECPROPS ldap.conf option.

  • sasl_nocanon (Optional[Boolean]) (defaults to: undef)

    Maps to the SASL_NOCANON ldap.conf option.

  • gssapi_sign (Optional[Boolean]) (defaults to: undef)

    Maps to the GSSAPI_SIGN ldap.conf option.

  • gssapi_encrypt (Optional[Boolean]) (defaults to: undef)

    Maps to the GSSAPI_ENCRYPT ldap.conf option.

  • gssapi_allow_remote_principal (Optional[Boolean]) (defaults to: undef)

    Maps to the GSSAPI_ALLOW_REMOTE_PRINCIPAL ldap.conf option.

  • tls_cacert (Optional[Stdlib::Absolutepath]) (defaults to: undef)

    Maps to the TLS_CACERT ldap.conf option.

  • tls_cacertdir (Optional[Stdlib::Absolutepath]) (defaults to: undef)

    Maps to the TLS_CACERTDIR ldap.conf option.

  • tls_cert (Optional[Stdlib::Absolutepath]) (defaults to: undef)

    Maps to the TLS_CERT ldap.conf option.

  • tls_key (Optional[Stdlib::Absolutepath]) (defaults to: undef)

    Maps to the TLS_KEY ldap.conf option.

  • tls_cipher_suite (Optional[String]) (defaults to: undef)

    Maps to the TLS_CIPHER_SUITE ldap.conf option.

  • tls_protocol_min (Optional[Variant[Integer[0], Float[0]]]) (defaults to: undef)

    Maps to the TLS_PROTOCOL_MIN ldap.conf option.

  • tls_randfile (Optional[Stdlib::Absolutepath]) (defaults to: undef)

    Maps to the TLS_RANDFILE ldap.conf option.

  • tls_reqcert (Optional[Enum['never', 'allow', 'try', 'demand', 'hard']]) (defaults to: undef)

    Maps to the TLS_REQCERT ldap.conf option.

  • tls_crlcheck (Optional[Enum['none', 'peer', 'all']]) (defaults to: undef)

    Maps to the TLS_CRLCHECK ldap.conf option.

  • tls_crlfile (Optional[Stdlib::Absolutepath]) (defaults to: undef)

    Maps to the TLS_CRLFILE ldap.conf option.

See Also:



51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
 
# File 'manifests/configuration.pp', line 51

define openldap::configuration (
  Enum['file', 'present', 'absent']                         $ensure,
  Variant[String[1], Integer[0]]                            $owner,
  Variant[String[1], Integer[0]]                            $group,
  String                                                    $mode,
  Stdlib::Absolutepath                                      $file                          = $title,
  Optional[Bodgitlib::LDAP::DN]                             $base                          = undef,
  Optional[Array[Bodgitlib::LDAP::URI::Simple, 1]]          $uri                           = undef,
  Optional[Bodgitlib::LDAP::DN]                             $binddn                        = undef,
  Optional[Enum['never', 'searching', 'finding', 'always']] $deref                         = undef,
  Optional[Integer[0]]                                      $network_timeout               = undef,
  Optional[Boolean]                                         $referrals                     = undef,
  Optional[Integer[0]]                                      $sizelimit                     = undef,
  Optional[Integer[0]]                                      $timelimit                     = undef,
  Optional[Integer[0]]                                      $timeout                       = undef,
  # sasl
  Optional[String]                                          $sasl_mech                     = undef,
  Optional[String]                                          $sasl_realm                    = undef,
  Optional[String]                                          $sasl_authcid                  = undef,
  Optional[String]                                          $sasl_authzid                  = undef,
  Optional[Array[String, 1]]                                $sasl_secprops                 = undef,
  Optional[Boolean]                                         $sasl_nocanon                  = undef,
  # gssapi
  Optional[Boolean]                                         $gssapi_sign                   = undef,
  Optional[Boolean]                                         $gssapi_encrypt                = undef,
  Optional[Boolean]                                         $gssapi_allow_remote_principal = undef,
  # tls
  Optional[Stdlib::Absolutepath]                            $tls_cacert                    = undef,
  Optional[Stdlib::Absolutepath]                            $tls_cacertdir                 = undef,
  Optional[Stdlib::Absolutepath]                            $tls_cert                      = undef,
  Optional[Stdlib::Absolutepath]                            $tls_key                       = undef,
  Optional[String]                                          $tls_cipher_suite              = undef,
  Optional[Variant[Integer[0], Float[0]]]                   $tls_protocol_min              = undef,
  Optional[Stdlib::Absolutepath]                            $tls_randfile                  = undef,
  Optional[Enum['never', 'allow', 'try', 'demand', 'hard']] $tls_reqcert                   = undef,
  Optional[Enum['none', 'peer', 'all']]                     $tls_crlcheck                  = undef,
  Optional[Stdlib::Absolutepath]                            $tls_crlfile                   = undef,
) {

  if ! defined(Class['::openldap']) {
    fail('You must include the openldap base class before using any openldap defined resources')
  }

  file { $file:
    ensure  => $ensure,
    owner   => $owner,
    group   => $group,
    mode    => $mode,
    content => template("${module_name}/ldap.conf.erb"),
  }
}