Puppet Class: ckan::ext::ldap

Defined in:
manifests/ext/ldap.pp

Summary

Installs the "ldap" extension.

Overview

Parameters:

  • uri (String)

    The uri to the ldap server to connect. @example ‘ldap://localhost:389’

  • base_dn (String)

    The ldap base dn to use for user authentication. @example ‘ou=users,dc=landcareresearch,dc=co,dc=nz’

  • search_filter (String) (defaults to: 'uid={login}')

    The filter for searching through identities in ldap.

  • username (String) (defaults to: 'uid')

    The user name to use as a lookup.

  • email (String) (defaults to: 'mail')

    The field that contains the user’s email address.

  • fullname (String) (defaults to: 'cn')

    The field that contains the user’s full name.

  • organization_role (String) (defaults to: 'member')

    The role of the user when logged in through ldap.

  • organization_id (Optional[String]) (defaults to: undef)

    If this is set, users that log in using LDAP will automatically get added to the given organization.

    To create the organisation specified in ckanext.ldap.organization.id use the paste command:

    “‘

    paster --plugin=ckanext-ldap ldap setup-org -c

    /etc/ckan/default/development.ini “‘

  • revision (String) (defaults to: 'master')

    The revision of the ldap repository.

  • source (Enum['ofkn','history']) (defaults to: 'ofkn')

    The source version of the ldap respository.

  • use_fallback (Boolean) (defaults to: false)

    true if the system should use the ckan database for user authentication if LDAP auth fails.



47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
 
# File 'manifests/ext/ldap.pp', line 47

class ckan::ext::ldap (
  String                 $uri,
  String                 $base_dn,
  Optional[String]       $organization_id   = undef,
  String                 $search_filter     = 'uid={login}',
  String                 $username          = 'uid',
  String                 $email             = 'mail',
  String                 $fullname          = 'cn',
  String                 $organization_role = 'member',
  String                 $revision          = 'master',
  Enum['ofkn','history'] $source            = 'ofkn',
  Boolean                $use_fallback      = false,
) {
  # required packages for ldap integration
  $required_packages = ['libldap2-dev','libsasl2-dev','libssl-dev','python-dev','python-ldap']

  ensure_packages($required_packages)

  if $source == 'ofkn' {
    $source_url = 'http://github.com/okfn/ckanext-ldap'
    $run_setup  = false
    $branch     = 'master'
  } else {
    $source_url = 'http://github.com/NaturalHistoryMuseum/ckanext-ldap'
    $run_setup  = true
    $branch     = 'main'
  }

  ckan::ext { 'ldap':
    source           => $source_url,
    revision         => $revision,
    branch           => $branch,
    plugin           => ['ldap'],
    pip_requirements => 'requirements.txt',
    run_setup        => $run_setup,
    require          => Package[$required_packages],
  }

  # set configuration
  # LDAP Extension
  ckan::conf::setting { 'ckanext.ldap.uri':
    value   => $uri,
    require => Class['ckan::conf::production'],
  }
  ckan::conf::setting { 'ckanext.ldap.base_dn':
    value   => $base_dn,
    require => Class['ckan::conf::production'],
  }
  ckan::conf::setting { 'ckanext.ldap.search.filter':
    value   => $search_filter,
    require => Class['ckan::conf::production'],
  }
  ckan::conf::setting { 'ckanext.ldap.username':
    value   => $username,
    require => Class['ckan::conf::production'],
  }
  ckan::conf::setting { 'ckanext.ldap.email':
    value   => $email,
    require => Class['ckan::conf::production'],
  }
  ckan::conf::setting { 'ckanext.ldap.fullname':
    value   => $fullname,
    require => Class['ckan::conf::production'],
  }
  ckan::conf::setting { 'ckanext.ldap.organization.id':
    value   => $organization_id,
    require => Class['ckan::conf::production'],
  }
  ckan::conf::setting { 'ckanext.ldap.organization.role':
    value   => $organization_role,
    require => Class['ckan::conf::production'],
  }
  ckan::conf::setting { 'ckanext.ldap.ckan_fallback':
    value   => $use_fallback,
    require => Class['ckan::conf::production'],
  }

  # check if ldap is using a default organization
  if $organization_id {
    file { '/usr/local/bin/ckan_ldap_setup_org.bash':
      ensure  => file,
      source  => 'puppet:///modules/ckan/ext/ckan_ldap_setup_org.bash',
      mode    => '0755',
      require => Ckan::Ext['ldap'],
    }
    file { "${ckan::ckan_etc}/ldap_setup_org.txt":
      ensure  => file,
      content => "${organization_id}\n",
      require => File['/usr/local/bin/ckan_ldap_setup_org.bash'],
    }
    # run command if organization_id has been changed :(
    exec { 'ckan_ldap_setup_org':
      command     => '/usr/local/bin/ckan_ldap_setup_org.bash',
      cwd         => '/usr/local/bin',
      refreshonly => true,
      subscribe   => File["${ckan::ckan_etc}/ldap_setup_org.txt"],
    }
  }
}