Activated syncrepl

manifests/init.pp

@@ -90,15 +90,16 @@ class wmdeit_ldap (
 		        "by anonymous break",	
 			"by * read",
 		],
+		# let anonymous users list uids
 		"4 to dn.subtree=\"$database\" attrs=entry,objectClass,uid" => [
 		        "by anonymous read",
 			"by * break",
 		],
+		# deny access to anything else
 		'5 to *' => [
 		        "by * none",	
 		]
 
-
 	},
 
 ){
@@ -131,7 +132,6 @@ class wmdeit_ldap (
 		ensure => present,
 	}  
 
-
 	class { 'openldap::server': 
 		ssl_ca => "$cacert",
 		ssl_cert => "$pubcert",
@@ -141,20 +141,20 @@ class wmdeit_ldap (
 
 	# delete all schema and databases created by default during installation
 	# This is some kind of a dirty hack because we use 
-	# in before => and irequire => some internal classes of module openldap 
+	# in "before =>" and "require =>" some internal classes of module openldap 
 	exec { 'wmdemanaged':
 		before => Class['::openldap::server::config'],
 		require => Class['::openldap::server::install'],
 
 		creates => "/etc/ldap/wmde.managed",
 		command => @(CMD/L),
-		/usr/sbin/service slapd stop &&
-		rm -rf '/etc/ldap/slapd.d/cn=config/cn=schema' &&
-		rm -rf '/etc/ldap/slapd.d/cn=config/cn=schema.ldif' &&
-		rm -rf '/etc/ldap/slapd.d/cn=config/olcDatabase={1}mdb.ldif' &&
-		/usr/sbin/service slapd start &&
-		touch /etc/ldap/wmde.managed
-		| CMD
+			/usr/sbin/service slapd stop &&
+			rm -rf '/etc/ldap/slapd.d/cn=config/cn=schema' &&
+			rm -rf '/etc/ldap/slapd.d/cn=config/cn=schema.ldif' &&
+			rm -rf '/etc/ldap/slapd.d/cn=config/olcDatabase={1}mdb.ldif' &&
+			/usr/sbin/service slapd start &&
+			touch /etc/ldap/wmde.managed
+			| CMD
 	} 
 
 
@@ -194,7 +194,6 @@ class wmdeit_ldap (
 #		value   => { "TLSCACertificateFile"=>"$ssldir/ca.pem" }
 #	}
 
-
 #	openldap::server::globalconf { 'TLSCertificateKeyFile':
 #		ensure  => present,
 #		value   => { "TLSCertificateKeyFile"=>"$ssldir/privkey.pem" }
@@ -259,14 +258,23 @@ class wmdeit_ldap (
 
 	
 	# Build list of syncrepl-entries, store it in $syncrepl
-#	if !empty ($syncrepl_providers) {
-#		$mirrormode=true
-#		$syncrepl = $syncrepl_providers.map |Integer $index, String $provider| {
-#			$i = $index+1
-#			"rid=00$i provider=$provider binddn=\"$rootdn\" bindmethod=simple credentials=$rootpw searchbase=\"$database\" type=refreshAndPersist tls_cacert=$cacert tls_key=$privkey tls_cert=$pubcert starttls=yes retry=\"3 60 6 300 30 +\"" #timeout=1"
-#		}
-#	}
+	if !empty ($syncrepl_providers) {
+		$mirrormode=true
+		$syncrepl = $syncrepl_providers.map |Integer $index, $provider| {
+			$i = $index+1
+			"rid=00$i provider=${provider[proto]}://${provider[host]}:${provider[port]} binddn=\"$rootdn\" bindmethod=simple credentials=$rootpw searchbase=\"$database\" scope=sub attrs=\"*,+\" filter=\"(objectClass=*)\" type=refreshAndPersist tls_cacert=$cacert tls_key=$privkey tls_cert=$pubcert starttls=yes retry=\"3 60 6 300 30 +\" timeout=1"
+		}
+		$syncrepl_providers.each |Integer $index, $provider| {
+			if $provider[ip] {
+				host{"host_$index":
+					name => $provider[host],
+					ip => $provider[ip],
+					ensure => present,
+				}
+			}
+		}
 
+	}
 
 	# create the main database
 	openldap::server::database { "$database":
@@ -274,17 +282,17 @@ class wmdeit_ldap (
 		ensure => present,
 		rootdn => $rootdn,
 		rootpw => $rootpw,
-#		syncrepl => $syncrepl,
+		syncrepl => $syncrepl,
 		mirrormode => $mirrormode,
 	} 
 	->
 	openldap::server::overlay { "memberof on $database":
 		ensure => present,
 	} 
-#	-> 
-#	openldap::server::overlay { "syncprov on $database":
-#		ensure => present,
-#	} 
+	-> 
+	openldap::server::overlay { "syncprov on $database":
+		ensure => present,
+	} 
 	->
 	openldap::server::overlay { "smbk5pwd on $database":
 		ensure => present,