manifests/slapd.pp

   1 class hgr::slapd {
   2
   3      # first define a admin password for LDAP
   4
   5      package {
   6         "slapd" : ensure => installed;
   7         "ldapscripts" : ensure => installed;
   8      }
   9
  10      service {
  11         "slapd":
  12            ensure => running,
  13            enable => true,
  14            require => [Package["slapd"],File["/etc/default/slapd"]];
  15      }
  16
  17      file {
  18          "/etc/default/slapd":
  19              ensure => present,
  20              source => "puppet:///modules/hgr/slapd/slapd.default",
  21              owner => "root",
  22              group => "root",
  23              mode => "0644",
  24              require => Package["slapd"];
  25
  26          "/etc/ldap/slapd.d/tls-config.ldif":
  27              ensure => present,
  28              contents => template("hgr/slapd/tls-config.ldif.erb"),
  29              owner => "root",
  30              group => "root",
  31              mode => "0644",
  32              require => Package["slapd"];
  33      }
  34
  35      exec {
  36         "tls-config.ldif":
  37             command => "/usr/bin/ldapmodify -QY EXTERNAL -H ldapi:/// -f /etc/ldap/slapd.d/tls-config.ldif",
  38             unless => "/bin/grep olcTLS 'cn=config.ldif'",
  39             logoutput => true,
  40             refreshonly => true,
  41             subscribe => File["/etc/ldap/slapd.d/tls-config.ldif"],
  42             timeout => 5,
  43             require => [Service["slapd"],File["/etc/ldap/slapd.d/tls-config.ldif"]];
  44      }
  45
  46      # add openldap to the ssl-cert group
  47      # (usermod -a -G ssl-cert openldap)
  48      # unless 'groups openldap | grep ssl-cert'
  49
  50      # Need to ensure /etc/ssl/private is group-readable
  51
  52      # Need to open 636 on /etc/iptables/rules.v4
  53
  54
  55 }