Defined Type: sasl::application

Defined in:
manifests/application.pp

Overview

Installs per-application SASL authentication configuration.

Examples:

Configure Postfix for DIGEST-MD5 and CRAM-MD5 authentication using the sasldb backend

include ::sasl
::sasl::application { 'smtpd':
  pwcheck_method => 'auxprop',
  auxprop_plugin => 'sasldb',
  mech_list      => ['digest-md5', 'cram-md5'],
}

Configure Postfix for PLAIN and LOGIN authentication using the saslauthd backend which itself is using LDAP+STARTTLS

include ::sasl
class { '::sasl::authd':
  mechanism           => 'ldap',
  ldap_auth_method    => 'bind',
  ldap_search_base    => 'ou=people,dc=example,dc=com',
  ldap_servers        => ['ldap://ldap.example.com'],
  ldap_start_tls      => true,
  ldap_tls_cacert_dir => '/etc/pki/tls/certs',
  ldap_tls_ciphers    => 'AES256',
}
::sasl::application { 'smtpd':
  pwcheck_method => 'saslauthd',
  mech_list      => ['plain', 'login'],
}

Parameters:

  • pwcheck_method (Enum['auxprop', 'saslauthd'])

    The password check method.

  • mech_list (Array[SASL::Mech, 1])

    The authentication mechanisms to offer/support.

  • application (String) (defaults to: $title)

    The name of the application.

  • auxprop_plugin (Optional[SASL::Auxprop]) (defaults to: undef)

    If the pwcheck_method is auxprop then the name of the plugin to use.

  • ldapdb_uri (Optional[Array[Bodgitlib::LDAP::URI::Simple, 1]]) (defaults to: undef)

    List of LDAP URI's to query.

  • ldapdb_id (Optional[String]) (defaults to: undef)

    SASL ID to use to authenticate with LDAP.

  • ldapdb_mech (Optional[String]) (defaults to: undef)

    SASL mechanism to use with LDAP.

  • ldapdb_pw (Optional[String]) (defaults to: undef)

    Password to use with LDAP.

  • ldapdb_rc (Optional[Stdlib::Absolutepath]) (defaults to: undef)

    Path to separate LDAP configuration file.

  • ldapdb_starttls (Optional[Enum['try', 'demand']]) (defaults to: undef)

    Whether to attempt STARTTLS or not.

  • sasldb_path (Optional[Stdlib::Absolutepath]) (defaults to: undef)

    Path to local SASL database.

  • sql_engine (Optional[Enum['mysql', 'pgsql', 'sqlite']]) (defaults to: undef)

    Which SQL engine to use.

  • sql_hostnames (Optional[Array[SASL::HostPort, 1]]) (defaults to: undef)

    List of database servers to use.

  • sql_user (Optional[String]) (defaults to: undef)

    Database user to use.

  • sql_passwd (Optional[String]) (defaults to: undef)

    Password of database user.

  • sql_database (Optional[String]) (defaults to: undef)

    Name of the database.

  • sql_select (Optional[String]) (defaults to: undef)

    SQL query used with SELECT operations.

  • sql_insert (Optional[String]) (defaults to: undef)

    SQL statement used with INSERT operations.

  • sql_update (Optional[String]) (defaults to: undef)

    SQL statement used with UPDATE operations.

  • sql_usessl (Optional[Boolean]) (defaults to: undef)

    Whether to use SSL or not.

See Also:



51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
 
# File 'manifests/application.pp', line 51

define sasl::application (
  Enum['auxprop', 'saslauthd']                     $pwcheck_method,
  Array[SASL::Mech, 1]                             $mech_list,
  String                                           $application     = $title,
  Optional[SASL::Auxprop]                          $auxprop_plugin  = undef,
  # ldapdb
  Optional[Array[Bodgitlib::LDAP::URI::Simple, 1]] $ldapdb_uri      = undef,
  Optional[String]                                 $ldapdb_id       = undef,
  Optional[String]                                 $ldapdb_mech     = undef,
  Optional[String]                                 $ldapdb_pw       = undef,
  Optional[Stdlib::Absolutepath]                   $ldapdb_rc       = undef,
  Optional[Enum['try', 'demand']]                  $ldapdb_starttls = undef,
  # sasldb
  Optional[Stdlib::Absolutepath]                   $sasldb_path     = undef,
  # sql
  Optional[Enum['mysql', 'pgsql', 'sqlite']]       $sql_engine      = undef,
  Optional[Array[SASL::HostPort, 1]]               $sql_hostnames   = undef,
  Optional[String]                                 $sql_user        = undef,
  Optional[String]                                 $sql_passwd      = undef,
  Optional[String]                                 $sql_database    = undef,
  Optional[String]                                 $sql_select      = undef,
  Optional[String]                                 $sql_insert      = undef,
  Optional[String]                                 $sql_update      = undef,
  Optional[Boolean]                                $sql_usessl      = undef,
) {

  if ! defined(Class['::sasl']) {
    fail('You must include the sasl base class before using any sasl defined resources')
  }

  $service_file = "${::sasl::application_directory}/${application}.conf"

  file { $service_file:
    ensure  => file,
    owner   => 0,
    group   => 0,
    mode    => '0644',
    content => template("${module_name}/application.conf.erb"),
  }

  case $pwcheck_method {
    'auxprop': {
      $auxprop_package = $::sasl::auxprop_packages[$auxprop_plugin]
      ensure_packages([$auxprop_package])
      Package[$auxprop_package] -> File[$service_file]
    }
    'saslauthd': {
      # Require saslauthd if that's the method
      if ! defined(Class['::sasl::authd']) {
        fail('You must include the sasl::authd class before using any sasl defined resources')
      }
      Class['::sasl::authd'] -> File[$service_file]
    }
    default: {
      # noop
    }
  }

  # Build up an array of packages that need to be installed based on the
  # chosen authentication mechanisms
  $packages = unique(values($::sasl::mech_packages.filter |Tuple $package| {
    member($mech_list, $package[0])
  }))
  ensure_packages($packages)
  Package[$packages] -> File[$service_file]
}