A puppet module to configure our OpenLDAP servers
Go to file
Tobias Herre 5e3e1e1cd4 Restrict user to password, removed some out-commentd stuff 2020-08-27 20:22:01 +02:00
files includes posixGroup 2020-08-25 22:55:53 +02:00
manifests Restrict user to password, removed some out-commentd stuff 2020-08-27 20:22:01 +02:00
templates Added some parameters to LSC 2020-08-25 23:35:42 +02:00
LICENSE Initial commit 2020-08-18 07:19:40 +00:00
README.md Install inmstructions 2020-08-25 23:40:19 +02:00

README.md

puppet-wmdeit_ldap

A puppet module to configure our OpenLDAP servers

You have to have a running puppetserver on FreeBSD. Your clients have to Debian/Ubuntu.

Intall this module:

git clone https://srcsrv.wikimedia.de/WMDE/puppet-wmdeit\_ldap.git
ln -s puppet-wmdeit_ldap /path/to/pupet-environment/modules/wmdeit_ldap

To get it running:

puppet module install camptocamp-openldap

For lsc

puppet module install puppetlabs-java
puppet module install puppetlabs-apt
puppet generate types 

For LAM

puppet module install puppetlabs-apache
puppet module install puppet-php

Examples:

class {"wmdeit_ldap":
    serverid => 17,
    simple_bind_tls => "0",
    log_level => 4,

    # password for cn=config
    configdn => "nc=admin,nc=config",
    configpw => "123",

    # database with rootdn and rootpw
    database => "dc=wikimedia,dc=de",
    rootdn => "cn=admin,dc=wikimedia,dc=de",
    rootpw => "123",
}

class{"wmdeit_ldap::lsc":
    rootdn => "cn=admin,dc=wikimedia,dc=de",
    rootpw => "123",
    ldap => "ldap://localhost:389/dc=wikimedia,dc=de",
}

class {"wmdeit_ldap::lam":
    master_password => "1234",
    master_password_salt => "5678",

    configs => {
        wmde => {
            password => "1234",
            password_salt => "5678",
            tree_suffix => "dc=wikimedia,dc=de",
            admins => [
                "cn=admin,dc=wikimedia,dc=de",
            ],
            login_search_dn=>"cn=admin,dc=wikimedia,dc=de",
            login_search_suffix=>"dc=wikimedia,dc=de",
            login_search_password=>"123",
            login_method=>"search" # or "list or search allowed",
            server_url=>"ldap://localhost:389",
        }
    }
}