Puppet Class: sasl::authd

Inherits:
::sasl::params
Defined in:
manifests/authd.pp

Overview

Installs and manages the SASL saslauthd daemon.

Examples:

Declaring the class using PAM mechanism

include ::sasl
class { '::sasl::authd':
  mechanism => 'pam',
}

Declaring the class using LDAP mechanism

include ::sasl
class { '::sasl::authd':
  mechanism           => 'ldap',
  ldap_auth_method    => 'bind',
  ldap_search_base    => 'ou=people,dc=example,dc=com',
  ldap_servers        => ['ldap://ldap.example.com'],
  ldap_start_tls      => true,
  ldap_tls_cacert_dir => '/etc/pki/tls/certs',
  ldap_tls_ciphers    => 'AES256',
}

Declaring the class using IMAP mechanism

include ::sasl
class { '::sasl::authd':
  mechanism   => 'rimap',
  imap_server => 'imap.example.com',
}

Parameters:

  • mechanism (SASL::Authd::Mechanism)

    The mechanism saslauthd uses to test the user credentials.

  • threads (Integer[1]) (defaults to: $::sasl::params::saslauthd_threads)

    Maximum number of concurrent threads to use.

  • package_name (String) (defaults to: $::sasl::params::saslauthd_package)

    The name of the package.

  • service_name (String) (defaults to: $::sasl::params::saslauthd_service)

    The name of the service.

  • socket (Stdlib::Absolutepath) (defaults to: $::sasl::params::saslauthd_socket)

    Path to the socket used for communication.

  • hasstatus (Boolean) (defaults to: $::sasl::params::saslauthd_hasstatus)

    If the service supports querying the running status or not.

  • ldap_conf_file (Optional[Stdlib::Absolutepath]) (defaults to: $::sasl::params::saslauthd_ldap_conf_file)

    Path to the configuration file for LDAP configuration, usually /etc/saslauthd.conf.

  • ldap_auth_method (Optional[Enum['bind', 'custom', 'fastbind']]) (defaults to: undef)

    How to authenticate with the LDAP server.

  • ldap_bind_dn (Optional[Bodgitlib::LDAP::DN]) (defaults to: undef)

    Distinguished name used to bind to the LDAP server.

  • ldap_bind_pw (Optional[String]) (defaults to: undef)

    Password used to bind with.

  • ldap_default_domain (Optional[String]) (defaults to: undef)
  • ldap_default_realm (Optional[String]) (defaults to: undef)
  • ldap_deref (Optional[Enum['search', 'find', 'always', 'never']]) (defaults to: undef)
  • ldap_filter (Optional[Bodgitlib::LDAP::Filter]) (defaults to: undef)

    Search filter to apply when searching for users.

  • ldap_group_attr (Optional[String]) (defaults to: undef)
  • ldap_group_dn (Optional[Bodgitlib::LDAP::DN]) (defaults to: undef)
  • ldap_group_filter (Optional[Bodgitlib::LDAP::Filter]) (defaults to: undef)

    Search filter to apply when searching for groups.

  • ldap_group_match_method (Optional[Enum['attr', 'filter']]) (defaults to: undef)
  • ldap_group_search_base (Optional[Bodgitlib::LDAP::DN]) (defaults to: undef)

    Base used for searching for group entries.

  • ldap_group_scope (Optional[Bodgitlib::LDAP::Scope]) (defaults to: undef)

    Search scope used when searching for group entries.

  • ldap_password (Optional[String]) (defaults to: undef)
  • ldap_password_attr (Optional[String]) (defaults to: undef)
  • ldap_referrals (Optional[Boolean]) (defaults to: undef)
  • ldap_restart (Optional[Boolean]) (defaults to: undef)
  • ldap_id (Optional[String]) (defaults to: undef)
  • ldap_authz_id (Optional[String]) (defaults to: undef)
  • ldap_mech (Optional[String]) (defaults to: undef)
  • ldap_realm (Optional[String]) (defaults to: undef)
  • ldap_scope (Optional[Bodgitlib::LDAP::Scope]) (defaults to: undef)

    Search scope used when searching for user entries.

  • ldap_search_base (Optional[Bodgitlib::LDAP::DN]) (defaults to: undef)

    Base used for searching for user entries.

  • ldap_servers (Optional[Array[Bodgitlib::LDAP::URI::Simple, 1]]) (defaults to: undef)

    List of LDAP URI's to query.

  • ldap_start_tls (Optional[Boolean]) (defaults to: undef)

    Whether to use SSL/TLS.

  • ldap_time_limit (Optional[Integer[0]]) (defaults to: undef)

    Search time limit.

  • ldap_timeout (Optional[Integer[0]]) (defaults to: undef)

    Timeout when connecting to LDAP server.

  • ldap_tls_check_peer (Optional[Boolean]) (defaults to: undef)

    Whether to verify the LDAP server certificate.

  • ldap_tls_cacert_file (Optional[Stdlib::Absolutepath]) (defaults to: undef)

    Path to CA certificate.

  • ldap_tls_cacert_dir (Optional[Stdlib::Absolutepath]) (defaults to: undef)

    Path to directory of CA certificates.

  • ldap_tls_ciphers (Optional[String]) (defaults to: undef)

    A list of accepted ciphers to use.

  • ldap_tls_cert (Optional[Stdlib::Absolutepath]) (defaults to: undef)

    Path to client certificate.

  • ldap_tls_key (Optional[Stdlib::Absolutepath]) (defaults to: undef)

    Path to client key.

  • ldap_use_sasl (Optional[Boolean]) (defaults to: undef)

    Whether to use SASL with LDAP.

  • ldap_version (Optional[Integer[2, 3]]) (defaults to: undef)

    The LDAP protocol version to use, either 2 or 3.

  • imap_server (Optional[SASL::HostPort]) (defaults to: undef)

    IMAP server to use, either specify a hostname/IP address or hostname/IP address and port tuple.

See Also:



76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
 
# File 'manifests/authd.pp', line 76

class sasl::authd (
  SASL::Authd::Mechanism                              $mechanism,
  Integer[1]                                          $threads                 = $::sasl::params::saslauthd_threads,
  String                                              $package_name            = $::sasl::params::saslauthd_package,
  String                                              $service_name            = $::sasl::params::saslauthd_service,
  Stdlib::Absolutepath                                $socket                  = $::sasl::params::saslauthd_socket,
  Boolean                                             $hasstatus               = $::sasl::params::saslauthd_hasstatus,
  # ldap
  Optional[Stdlib::Absolutepath]                      $ldap_conf_file          = $::sasl::params::saslauthd_ldap_conf_file,
  Optional[Enum['bind', 'custom', 'fastbind']]        $ldap_auth_method        = undef,
  Optional[Bodgitlib::LDAP::DN]                       $ldap_bind_dn            = undef,
  Optional[String]                                    $ldap_bind_pw            = undef,
  Optional[String]                                    $ldap_default_domain     = undef,
  Optional[String]                                    $ldap_default_realm      = undef,
  Optional[Enum['search', 'find', 'always', 'never']] $ldap_deref              = undef,
  Optional[Bodgitlib::LDAP::Filter]                   $ldap_filter             = undef,
  Optional[String]                                    $ldap_group_attr         = undef,
  Optional[Bodgitlib::LDAP::DN]                       $ldap_group_dn           = undef,
  Optional[Bodgitlib::LDAP::Filter]                   $ldap_group_filter       = undef,
  Optional[Enum['attr', 'filter']]                    $ldap_group_match_method = undef,
  Optional[Bodgitlib::LDAP::DN]                       $ldap_group_search_base  = undef,
  Optional[Bodgitlib::LDAP::Scope]                    $ldap_group_scope        = undef,
  Optional[String]                                    $ldap_password           = undef,
  Optional[String]                                    $ldap_password_attr      = undef,
  Optional[Boolean]                                   $ldap_referrals          = undef,
  Optional[Boolean]                                   $ldap_restart            = undef,
  Optional[String]                                    $ldap_id                 = undef,
  Optional[String]                                    $ldap_authz_id           = undef,
  Optional[String]                                    $ldap_mech               = undef,
  Optional[String]                                    $ldap_realm              = undef,
  Optional[Bodgitlib::LDAP::Scope]                    $ldap_scope              = undef,
  Optional[Bodgitlib::LDAP::DN]                       $ldap_search_base        = undef,
  Optional[Array[Bodgitlib::LDAP::URI::Simple, 1]]    $ldap_servers            = undef,
  Optional[Boolean]                                   $ldap_start_tls          = undef,
  Optional[Integer[0]]                                $ldap_time_limit         = undef,
  Optional[Integer[0]]                                $ldap_timeout            = undef,
  Optional[Boolean]                                   $ldap_tls_check_peer     = undef,
  Optional[Stdlib::Absolutepath]                      $ldap_tls_cacert_file    = undef,
  Optional[Stdlib::Absolutepath]                      $ldap_tls_cacert_dir     = undef,
  Optional[String]                                    $ldap_tls_ciphers        = undef,
  Optional[Stdlib::Absolutepath]                      $ldap_tls_cert           = undef,
  Optional[Stdlib::Absolutepath]                      $ldap_tls_key            = undef,
  Optional[Boolean]                                   $ldap_use_sasl           = undef,
  Optional[Integer[2, 3]]                             $ldap_version            = undef,
  # rimap
  Optional[SASL::HostPort]                            $imap_server             = undef,
) inherits ::sasl::params {

  if ! defined(Class['::sasl']) {
    fail('You must include the sasl base class before using the sasl::authd class')
  }

  contain ::sasl::authd::install
  contain ::sasl::authd::config
  contain ::sasl::authd::service

  Class['::sasl::authd::install'] -> Class['::sasl::authd::config']
    ~> Class['::sasl::authd::service']
}