Defined Type: openldap::configuration

Defined in:: manifests/configuration.pp

Overview

Handles creating global or per-user LDAP client configuration.

Examples:

Create a per-user ‘~/.ldaprc` for any subsequently created users

::openldap::configuration { '/etc/skel/.ldaprc':
  ensure => file,
  owner  => 0,
  group  => 0,
  mode   => '0640',
  base   => 'dc=example,dc=com',
  uri    => ['ldap://ldap.example.com/'],
}

::Openldap::Configuration['/etc/skel/.ldaprc'] -> User <||>

Parameters:

ensure (Enum['file', 'present', 'absent']) —

See ‘file` resource type.
owner (Variant[String[1], Integer[0]]) —

See ‘file` resource type.
group (Variant[String[1], Integer[0]]) —

See ‘file` resource type.
mode (String) —

See ‘file` resource type.
file (Stdlib::Absolutepath) (defaults to: $title) —

The path to the configuration file.
base (Optional[Bodgitlib::LDAP::DN]) (defaults to: undef) —

Maps to the ‘BASE` `ldap.conf` option.
uri (Optional[Array[Bodgitlib::LDAP::URI::Simple, 1]]) (defaults to: undef) —

Maps to the ‘URI` `ldap.conf` option.
binddn (Optional[Bodgitlib::LDAP::DN]) (defaults to: undef) —

Maps to the ‘BINDDN` `ldap.conf` option.
deref (Optional[Enum['never', 'searching', 'finding', 'always']]) (defaults to: undef) —

Maps to the ‘DEREF` `ldap.conf` option.
network_timeout (Optional[Integer[0]]) (defaults to: undef) —

Maps to the ‘NETWORK_TIMEOUT` `ldap.conf` option.
referrals (Optional[Boolean]) (defaults to: undef) —

Maps to the ‘REFERRALS` `ldap.conf` option.
sizelimit (Optional[Integer[0]]) (defaults to: undef) —

Maps to the ‘SIZELIMIT` `ldap.conf` option.
timelimit (Optional[Integer[0]]) (defaults to: undef) —

Maps to the ‘TIMELIMIT` `ldap.conf` option.
timeout (Optional[Integer[0]]) (defaults to: undef) —

Maps to the ‘TIMEOUT` `ldap.conf` option.
sasl_mech (Optional[String]) (defaults to: undef) —

Maps to the ‘SASL_MECH` `ldap.conf` option.
sasl_realm (Optional[String]) (defaults to: undef) —

Maps to the ‘SASL_REALM` `ldap.conf` option.
sasl_authcid (Optional[String]) (defaults to: undef) —

Maps to the ‘SASL_AUTHCID` `ldap.conf` option.
sasl_authzid (Optional[String]) (defaults to: undef) —

Maps to the ‘SASL_AUTHZID` `ldap.conf` option.
sasl_secprops (Optional[Array[String, 1]]) (defaults to: undef) —

Maps to the ‘SASL_SECPROPS` `ldap.conf` option.
sasl_nocanon (Optional[Boolean]) (defaults to: undef) —

Maps to the ‘SASL_NOCANON` `ldap.conf` option.
gssapi_sign (Optional[Boolean]) (defaults to: undef) —

Maps to the ‘GSSAPI_SIGN` `ldap.conf` option.
gssapi_encrypt (Optional[Boolean]) (defaults to: undef) —

Maps to the ‘GSSAPI_ENCRYPT` `ldap.conf` option.
gssapi_allow_remote_principal (Optional[Boolean]) (defaults to: undef) —

Maps to the ‘GSSAPI_ALLOW_REMOTE_PRINCIPAL` `ldap.conf` option.
tls_cacert (Optional[Stdlib::Absolutepath]) (defaults to: undef) —

Maps to the ‘TLS_CACERT` `ldap.conf` option.
tls_cacertdir (Optional[Stdlib::Absolutepath]) (defaults to: undef) —

Maps to the ‘TLS_CACERTDIR` `ldap.conf` option.
tls_cert (Optional[Stdlib::Absolutepath]) (defaults to: undef) —

Maps to the ‘TLS_CERT` `ldap.conf` option.
tls_key (Optional[Stdlib::Absolutepath]) (defaults to: undef) —

Maps to the ‘TLS_KEY` `ldap.conf` option.
tls_cipher_suite (Optional[String]) (defaults to: undef) —

Maps to the ‘TLS_CIPHER_SUITE` `ldap.conf` option.
tls_moznss_compatibility (Optional[Boolean]) (defaults to: undef) —

Maps to the ‘TLS_MOZNSS_COMPATIBILITY` `ldap.conf` option.
tls_protocol_min (Optional[Variant[Integer[0], Float[0]]]) (defaults to: undef) —

Maps to the ‘TLS_PROTOCOL_MIN` `ldap.conf` option.
tls_randfile (Optional[Stdlib::Absolutepath]) (defaults to: undef) —

Maps to the ‘TLS_RANDFILE` `ldap.conf` option.
tls_reqcert (Optional[Enum['never', 'allow', 'try', 'demand', 'hard']]) (defaults to: undef) —

Maps to the ‘TLS_REQCERT` `ldap.conf` option.
tls_crlcheck (Optional[Enum['none', 'peer', 'all']]) (defaults to: undef) —

Maps to the ‘TLS_CRLCHECK` `ldap.conf` option.
tls_crlfile (Optional[Stdlib::Absolutepath]) (defaults to: undef) —

Maps to the ‘TLS_CRLFILE` `ldap.conf` option.

See Also:

# File 'manifests/configuration.pp', line 52

define openldap::configuration (
  Enum['file', 'present', 'absent']                         $ensure,
  Variant[String[1], Integer[0]]                            $owner,
  Variant[String[1], Integer[0]]                            $group,
  String                                                    $mode,
  Stdlib::Absolutepath                                      $file                          = $title,
  Optional[Bodgitlib::LDAP::DN]                             $base                          = undef,
  Optional[Array[Bodgitlib::LDAP::URI::Simple, 1]]          $uri                           = undef,
  Optional[Bodgitlib::LDAP::DN]                             $binddn                        = undef,
  Optional[Enum['never', 'searching', 'finding', 'always']] $deref                         = undef,
  Optional[Integer[0]]                                      $network_timeout               = undef,
  Optional[Boolean]                                         $referrals                     = undef,
  Optional[Integer[0]]                                      $sizelimit                     = undef,
  Optional[Integer[0]]                                      $timelimit                     = undef,
  Optional[Integer[0]]                                      $timeout                       = undef,
  # sasl
  Optional[String]                                          $sasl_mech                     = undef,
  Optional[String]                                          $sasl_realm                    = undef,
  Optional[String]                                          $sasl_authcid                  = undef,
  Optional[String]                                          $sasl_authzid                  = undef,
  Optional[Array[String, 1]]                                $sasl_secprops                 = undef,
  Optional[Boolean]                                         $sasl_nocanon                  = undef,
  # gssapi
  Optional[Boolean]                                         $gssapi_sign                   = undef,
  Optional[Boolean]                                         $gssapi_encrypt                = undef,
  Optional[Boolean]                                         $gssapi_allow_remote_principal = undef,
  # tls
  Optional[Stdlib::Absolutepath]                            $tls_cacert                    = undef,
  Optional[Stdlib::Absolutepath]                            $tls_cacertdir                 = undef,
  Optional[Stdlib::Absolutepath]                            $tls_cert                      = undef,
  Optional[Stdlib::Absolutepath]                            $tls_key                       = undef,
  Optional[String]                                          $tls_cipher_suite              = undef,
  Optional[Boolean]                                         $tls_moznss_compatibility      = undef,
  Optional[Variant[Integer[0], Float[0]]]                   $tls_protocol_min              = undef,
  Optional[Stdlib::Absolutepath]                            $tls_randfile                  = undef,
  Optional[Enum['never', 'allow', 'try', 'demand', 'hard']] $tls_reqcert                   = undef,
  Optional[Enum['none', 'peer', 'all']]                     $tls_crlcheck                  = undef,
  Optional[Stdlib::Absolutepath]                            $tls_crlfile                   = undef,
) {

  if ! defined(Class['::openldap']) {
    fail('You must include the openldap base class before using any openldap defined resources')
  }

  file { $file:
    ensure  => $ensure,
    owner   => $owner,
    group   => $group,
    mode    => $mode,
    content => template("${module_name}/ldap.conf.erb"),
  }
}