Puppet Class: autofs::ldap_auth

Defined in:
manifests/ldap_auth.pp

Summary

Set up the `autofs_ldap_auth.conf` file

Overview

Parameters:

  • ldap_auth_conf_file (Stdlib::Absolutepath) (defaults to: $autofs::auth_conf_file)

    Set the location of the LDAP authentication configuration file

  • usetls (Boolean) (defaults to: true)

    Determines whether an encrypted connection to the ldap server should be attempted

  • tlsrequired (Boolean) (defaults to: true)

    Encrypt the LDAP connection

    • If enabled, the automounter will fail to start if an encrypted connection cannot be established

  • authrequired (Variant[Boolean, Enum['autodetect','simple']]) (defaults to: true)

    This option tells whether an authenticated connection to the ldap server is required in order to perform ldap queries

    • If this flag is set to ‘true`, then only authenticated connections will be allowed

    • If it is set to ‘false` then authentication is not needed for ldap server connections

    • If it is set to ‘autodetect` then the ldap server will be queried to establish a suitable authentication mechanism

    • If no suitable mechanism can be found, connections to the ldap server are made without authentication

  • authtype (Autofs::Authtype) (defaults to: 'LOGIN')

    This attribute can be used to specify a preferred authentication mechanism

    • In normal operations, the automounter will attempt to authenticate to the ldap server using the list of ‘supportedSASLmechanisms` obtained from the directory server

    • Explicitly setting ‘$authtype` will bypass this selection and only try the mechanism specified

    • The ‘EXTERNAL` mechanism may be used to authenticate using a client certificate and requires that `$authrequired` is set to `true` if using SSL or `$usetls`, `$tlsrequired` and `$authrequired` are all set to `true` if using TLS, in addition to `authtype` being set `EXTERNAL`

  • external_cert (Stdlib::Absolutepath) (defaults to: "/etc/pki/simp_apps/autofs/x509/public/${facts['fqdn']}.pub")

    This specifies the path of the file containing the client certificate. Set ‘$autofs::pki` to `false` if you don’t want SIMP to manage this cert.

  • external_key (Stdlib::Absolutepath) (defaults to: "/etc/pki/simp_apps/autofs/x509/private/${facts['fqdn']}.pem")

    This specifies the path of the file containing the client certificate key Set ‘$autofs::pki` to `false` if you don’t want SIMP to manage this key.

  • user (Optional[String]) (defaults to: simplib::lookup('simp_options::ldap::bind_dn', { 'default_value' => undef }))

    This attribute holds the authentication identity used by authentication mechanisms that require it

    • Legal values for this attribute include any printable characters that can be used by the selected authentication mechanism

  • secret (Optional[String]) (defaults to: simplib::lookup('simp_options::ldap::bind_pw', { 'default_value' => undef}))

    This attribute holds the secret used by authentication mechanisms that require it

    • Legal values for this attribute include any printable characters that can be used by the selected authentication mechanism

  • clientprinc (Optional[String]) (defaults to: undef)

    When using ‘GSSAPI` authentication, this attribute is consulted to determine the principal name to use when authenticating to the directory server

  • credentialcache (Optional[Stdlib::Absolutepath]) (defaults to: undef)

    When using ‘GSSAPI` authentication, this attribute can be used to specify an externally configured credential cache that is used during authentication

  • encoded_secret (Optional[String]) (defaults to: undef)

Author:



78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
 
# File 'manifests/ldap_auth.pp', line 78

class autofs::ldap_auth (
  Optional[String]                              $user                = simplib::lookup('simp_options::ldap::bind_dn', { 'default_value' => undef }),
  Optional[String]                              $secret              = simplib::lookup('simp_options::ldap::bind_pw', { 'default_value' =>  undef}),
  Optional[String]                              $encoded_secret      = undef,
  Stdlib::Absolutepath                          $ldap_auth_conf_file = $autofs::auth_conf_file,
  Boolean                                       $usetls              = true,
  Boolean                                       $tlsrequired         = true,
  Variant[Boolean, Enum['autodetect','simple']] $authrequired        = true,
  Autofs::Authtype                              $authtype            = 'LOGIN',
  Stdlib::Absolutepath                          $external_cert       = "/etc/pki/simp_apps/autofs/x509/public/${facts['fqdn']}.pub",
  Stdlib::Absolutepath                          $external_key        = "/etc/pki/simp_apps/autofs/x509/private/${facts['fqdn']}.pem",
  Optional[String]                              $clientprinc         = undef,
  Optional[Stdlib::Absolutepath]                $credentialcache     = undef
) {
  assert_private()

  file { $ldap_auth_conf_file:
    owner   => 'root',
    group   => 'root',
    mode    => '0600',
    content => epp("${module_name}/etc/autofs_ldap_auth.conf.epp")
  }

  if $authtype == 'EXTERNAL' {
    contain 'autofs::config::pki'
  }
}