3 # first define a admin password for LDAP
6 "slapd" : ensure => installed;
7 "ldapscripts" : ensure => installed;
14 require => [Package["slapd"],File["/etc/default/slapd"]];
20 source => "puppet:///modules/hgr/slapd/slapd.default",
24 require => Package["slapd"];
26 "/etc/ldap/slapd.d/tls-config.ldif":
28 contents => template("hgr/slapd/tls-config.ldif.erb"),
32 require => Package["slapd"];
37 command => "/usr/bin/ldapmodify -QY EXTERNAL -H ldapi:/// -f /etc/ldap/slapd.d/tls-config.ldif",
38 unless => "/bin/grep olcTLS 'cn=config.ldif'",
41 subscribe => File["/etc/ldap/slapd.d/tls-config.ldif"],
43 require => [Service["slapd"],File["/etc/ldap/slapd.d/tls-config.ldif"]];
46 # add openldap to the ssl-cert group
47 # (usermod -a -G ssl-cert openldap)
48 # unless 'groups openldap | grep ssl-cert'
50 # Need to ensure /etc/ssl/private is group-readable
52 # Need to open 636 on /etc/iptables/rules.v4