Puppet Class: openssh::server::ldap

Defined in:
manifests/server/ldap.pp

Overview

Installs and manages SSH public key lookups from LDAP.

Examples:

Declaring the class

class { '::openssh::server':
  authorized_keys_command      => '/usr/libexec/openssh/ssh-ldap-helper',
  authorized_keys_command_user => 'nobody',
}

class { '::openssh::server::ldap':
  base_dn => 'ou=people,dc=example,dc=com',
  group   => 'nobody',
  uri     => [
    'ldap://ldap.example.com',
  ],
}

Parameters:

  • base_dn (Bodgitlib::LDAP::DN)
  • uri (Array[Bodgitlib::LDAP::URI::Simple, 1])
  • conf_file (Stdlib::Absolutepath)
  • manage_package (Boolean)
  • group (Variant[Integer[0], String]) (defaults to: 0)
  • mode (Pattern[/(?x) ^ [0-7]{4} $/]) (defaults to: '0640')
  • owner (Variant[Integer[0], String]) (defaults to: 0)
  • package_name (Optional[String]) (defaults to: undef)
  • account_class (Optional[String]) (defaults to: undef)
  • bind_dn (Optional[Bodgitlib::LDAP::DN]) (defaults to: undef)
  • bind_policy (Optional[Enum['hard', 'hard_open', 'hard_init', 'soft']]) (defaults to: undef)
  • bind_pw (Optional[String]) (defaults to: undef)
  • bind_time_limit (Optional[Integer[0]]) (defaults to: undef)
  • debug (Optional[String]) (defaults to: undef)
  • deref (Optional[Enum['never', 'searching', 'finding', 'always']]) (defaults to: undef)
  • filter (Optional[Bodgitlib::LDAP::Filter]) (defaults to: undef)
  • log_dir (Optional[Stdlib::Absolutepath]) (defaults to: undef)
  • referrals (Optional[Boolean]) (defaults to: undef)
  • restart (Optional[Boolean]) (defaults to: undef)
  • scope (Optional[Enum['base', 'one', 'subtree', 'sub']]) (defaults to: undef)
  • search_format (Optional[Bodgitlib::LDAP::Filter]) (defaults to: undef)
  • ssl (Optional[Variant[Boolean, Enum['start_tls']]]) (defaults to: undef)
  • time_limit (Optional[Integer[0]]) (defaults to: undef)
  • tls_cacert_dir (Optional[Stdlib::Absolutepath]) (defaults to: undef)
  • tls_cacert_file (Optional[Stdlib::Absolutepath]) (defaults to: undef)
  • tls_cert (Optional[Stdlib::Absolutepath]) (defaults to: undef)
  • tls_check_peer (Optional[Enum['never', 'hard', 'demand', 'allow', 'try']]) (defaults to: undef)
  • tls_ciphers (Optional[String]) (defaults to: undef)
  • tls_key (Optional[Stdlib::Absolutepath]) (defaults to: undef)
  • tls_randfile (Optional[Stdlib::Absolutepath]) (defaults to: undef)
  • version (Optional[Integer[2, 3]]) (defaults to: undef)

See Also:



51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
 
# File 'manifests/server/ldap.pp', line 51

class openssh::server::ldap (
  Bodgitlib::LDAP::DN                                       $base_dn,
  Array[Bodgitlib::LDAP::URI::Simple, 1]                    $uri,
  Stdlib::Absolutepath                                      $conf_file,
  Boolean                                                   $manage_package,
  Variant[Integer[0], String]                               $group           = 0,
  Pattern[/(?x) ^ [0-7]{4} $/]                              $mode            = '0640',
  Variant[Integer[0], String]                               $owner           = 0,
  Optional[String]                                          $package_name    = undef,
  Optional[String]                                          $account_class   = undef,
  Optional[Bodgitlib::LDAP::DN]                             $bind_dn         = undef,
  Optional[Enum['hard', 'hard_open', 'hard_init', 'soft']]  $bind_policy     = undef,
  Optional[String]                                          $bind_pw         = undef,
  Optional[Integer[0]]                                      $bind_time_limit = undef,
  Optional[String]                                          $debug           = undef,
  Optional[Enum['never', 'searching', 'finding', 'always']] $deref           = undef,
  Optional[Bodgitlib::LDAP::Filter]                         $filter          = undef,
  Optional[Stdlib::Absolutepath]                            $log_dir         = undef,
  Optional[Boolean]                                         $referrals       = undef,
  Optional[Boolean]                                         $restart         = undef,
  Optional[Enum['base', 'one', 'subtree', 'sub']]           $scope           = undef,
  Optional[Bodgitlib::LDAP::Filter]                         $search_format   = undef,
  Optional[Variant[Boolean, Enum['start_tls']]]             $ssl             = undef,
  Optional[Integer[0]]                                      $time_limit      = undef,
  Optional[Stdlib::Absolutepath]                            $tls_cacert_dir  = undef,
  Optional[Stdlib::Absolutepath]                            $tls_cacert_file = undef,
  Optional[Stdlib::Absolutepath]                            $tls_cert        = undef,
  Optional[Enum['never', 'hard', 'demand', 'allow', 'try']] $tls_check_peer  = undef,
  Optional[String]                                          $tls_ciphers     = undef,
  Optional[Stdlib::Absolutepath]                            $tls_key         = undef,
  Optional[Stdlib::Absolutepath]                            $tls_randfile    = undef,
  Optional[Integer[2, 3]]                                   $version         = undef,
) {

  if ! defined(Class['::openssh::server']) {
    fail('You must include the openssh::server class before using the openssh::server::ldap class')
  }

  contain ::openssh::server::ldap::install
  contain ::openssh::server::ldap::config

  Class['::openssh::server::ldap::install'] ~> Class['::openssh::server::ldap::config']
}