Merge branch 'master' of ssh://pwan.org/var/www/git/projects/hgr

[hgr.git] / manifests / slapd.pp

diff --git a/manifests/slapd.pp b/manifests/slapd.pp
new file mode 100644 (file)
index 0000000..b60eda8
--- /dev/null
+++ b/manifests/slapd.pp
@@ -0,0 +1,55 @@
+class hgr::slapd {
+
+     # first define a admin password for LDAP
+
+     package {
+       "slapd" : ensure => installed;
+        "ldapscripts" : ensure => installed;
+     }
+ 
+     service {
+       "slapd":
+          ensure => running,
+           enable => true,
+           require => [Package["slapd"],File["/etc/default/slapd"]];
+     }
+
+     file {
+         "/etc/default/slapd":
+             ensure => present,
+             source => "puppet:///modules/hgr/slapd/slapd.default",
+             owner => "root",
+             group => "root",
+             mode => "0644",
+             require => Package["slapd"];
+
+         "/etc/ldap/slapd.d/tls-config.ldif":
+             ensure => present,
+             contents => template("hgr/slapd/tls-config.ldif.erb"),
+             owner => "root",
+             group => "root",
+             mode => "0644",
+             require => Package["slapd"];
+     }
+
+     exec {
+       "tls-config.ldif":
+            command => "/usr/bin/ldapmodify -QY EXTERNAL -H ldapi:/// -f /etc/ldap/slapd.d/tls-config.ldif",
+            unless => "/bin/grep olcTLS 'cn=config.ldif'",
+            logoutput => true,
+            refreshonly => true,
+            subscribe => File["/etc/ldap/slapd.d/tls-config.ldif"],
+            timeout => 5,
+            require => [Service["slapd"],File["/etc/ldap/slapd.d/tls-config.ldif"]];
+     }
+
+     # add openldap to the ssl-cert group
+     # (usermod -a -G ssl-cert openldap)
+     # unless 'groups openldap | grep ssl-cert'
+
+     # Need to ensure /etc/ssl/private is group-readable
+  
+     # Need to open 636 on /etc/iptables/rules.v4
+     
+
+}