{"id":15013973,"url":"https://github.com/bodgit/puppet-openldap","last_synced_at":"2025-08-21T12:42:48.809Z","repository":{"id":25883783,"uuid":"29324137","full_name":"bodgit/puppet-openldap","owner":"bodgit","description":"Puppet Module for managing OpenLDAP","archived":false,"fork":false,"pushed_at":"2020-02-05T11:36:59.000Z","size":414,"stargazers_count":8,"open_issues_count":4,"forks_count":6,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-08-01T19:36:14.850Z","etag":null,"topics":["openldap","puppet"],"latest_commit_sha":null,"homepage":"https://forge.puppetlabs.com/bodgit/openldap","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bodgit.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-01-15T23:53:15.000Z","updated_at":"2024-06-28T01:00:17.000Z","dependencies_parsed_at":"2022-08-24T01:01:02.250Z","dependency_job_id":null,"html_url":"https://github.com/bodgit/puppet-openldap","commit_stats":null,"previous_names":[],"tags_count":15,"template":false,"template_full_name":null,"purl":"pkg:github/bodgit/puppet-openldap","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bodgit%2Fpuppet-openldap","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bodgit%2Fpuppet-openldap/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bodgit%2Fpuppet-openldap/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bodgit%2Fpuppet-openldap/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bodgit","download_url":"https://codeload.github.com/bodgit/puppet-openldap/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bodgit%2Fpuppet-openldap/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":271484126,"owners_count":24767760,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-21T02:00:08.990Z","response_time":74,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["openldap","puppet"],"created_at":"2024-09-24T19:45:01.092Z","updated_at":"2025-08-21T12:42:48.754Z","avatar_url":"https://github.com/bodgit.png","language":"Ruby","readme":"# openldap\n\nTested with Travis CI\n\n[![Build Status](https://travis-ci.org/bodgit/puppet-openldap.svg?branch=master)](https://travis-ci.org/bodgit/puppet-openldap)\n[![Coverage Status](https://coveralls.io/repos/bodgit/puppet-openldap/badge.svg?branch=master\u0026service=github)](https://coveralls.io/github/bodgit/puppet-openldap?branch=master)\n[![Puppet Forge](http://img.shields.io/puppetforge/v/bodgit/openldap.svg)](https://forge.puppetlabs.com/bodgit/openldap)\n[![Dependency Status](https://gemnasium.com/bodgit/puppet-openldap.svg)](https://gemnasium.com/bodgit/puppet-openldap)\n\n#### Table of Contents\n\n1. [Description](#description)\n2. [Setup - The basics of getting started with openldap](#setup)\n    * [Setup requirements](#setup-requirements)\n    * [Beginning with openldap](#beginning-with-openldap)\n3. [Usage - Configuration options and additional functionality](#usage)\n4. [Reference - An under-the-hood peek at what the module is doing and how](#reference)\n5. [Limitations - OS compatibility, etc.](#limitations)\n6. [Development - Guide for contributing to the module](#development)\n\n## Description\n\nThis module can install LDAP libraries, client utilities and more importantly\ninstall and configure the `slapd` ḋaemon to provide directory services.\n\nRHEL/CentOS, Ubuntu, Debian and OpenBSD are supported using Puppet 4.4.0 or\nlater.\n\n## Setup\n\n### Setup Requirements\n\nYou will need pluginsync enabled.\n\n### Beginning with openldap\n\n```puppet\ninclude ::openldap\n```\n\n## Usage\n\nInstall the LDAP libraries and create a global `ldap.conf` mimicking the stock\nRHEL/CentOS install as well as a per-user `.ldaprc` for any subsequently\ncreated users. Also install the client utilities:\n\n```puppet\nclass { '::openldap':\n  tls_cacertdir =\u003e '/etc/openldap/certs'\n}\n\n::openldap::configuration { '/etc/skel/.ldaprc':\n  ensure =\u003e file,\n  owner  =\u003e 0,\n  group  =\u003e 0,\n  mode   =\u003e '0640',\n  base   =\u003e 'dc=example,dc=com',\n  uri    =\u003e ['ldap://ldap.example.com/'],\n}\n\n::Openldap::Configuration['/etc/skel/.ldaprc'] -\u003e User \u003c||\u003e\n\ninclude ::openldap::client\n```\n\nCreate a standalone directory server listening on the standard LDAP TCP port\n389 that disallows anonymous reads and allows users to update their own object:\n\n```puppet\ninclude ::openldap\ninclude ::openldap::client\n\nclass { '::openldap::server':\n  root_dn       =\u003e 'cn=Manager,dc=example,dc=com',\n  root_password =\u003e '{SSHA}7dSAJPGe4YKKEvUPuGJIeSL/03GV2IMY',\n  suffix        =\u003e 'dc=example,dc=com',\n  access        =\u003e [\n    [\n      {\n        'attrs' =\u003e ['userPassword'],\n      },\n      [\n        {\n          'who'    =\u003e ['self'],\n          'access' =\u003e '=xw',\n        },\n        {\n          'who'    =\u003e ['anonymous'],\n          'access' =\u003e 'auth',\n        },\n      ],\n    ],\n    [\n      {\n        'dn' =\u003e '*',\n      },\n      [\n        {\n          'who'    =\u003e ['dn.base=\"gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\"'],\n          'access' =\u003e 'manage',\n        },\n        {\n          'who'    =\u003e ['self'],\n          'access' =\u003e 'write',\n        },\n        {\n          'who'    =\u003e ['users'],\n          'access' =\u003e 'read',\n        },\n      ],\n    ],\n  ],\n  indices       =\u003e [\n    [['objectClass'], ['eq', 'pres']],\n    [['ou', 'cn', 'mail', 'surname', 'givenname'], ['eq', 'pres', 'sub']],\n  ],\n  interfaces    =\u003e [\"ldap://${::ipaddress}/\"],\n}\n::openldap::server::schema { 'cosine':\n  ensure =\u003e present,\n}\n::openldap::server::schema { 'inetorgperson':\n  ensure =\u003e present,\n}\n::openldap::server::schema { 'nis':\n  ensure  =\u003e present,\n  require =\u003e ::Openldap::Server::Schema['cosine'],\n}\n```\n\n## Reference\n\nThe reference documentation is generated with\n[puppet-strings](https://github.com/puppetlabs/puppet-strings) and the latest\nversion of the documentation is hosted at\n[https://bodgit.github.io/puppet-openldap/](https://bodgit.github.io/puppet-openldap/).\n\n## Limitations\n\nRather than expose overlays, modules, databases, etc. as defined or native\ntypes and leave the user to build their own configuration this module takes\nthe decision to hide most of this complexity and build what most people\nprobably want out of OpenLDAP; a single database, possibly replicated. This\nis largely due to a number of behaviours and idiosyncrasies of OpenLDAP; the\norder of overlays matters for example.\n\nMost of the attributes or objects are additive and cannot be deleted without\nmanually editing the configuration with the server stopped. This module will\nalways try and issue the necessary LDIF commands however the server will likely\nbe \"unwilling to perform\" them. Experimental delete support is apparently\navailable as a compile-time option which may allow this module to remove\nconfiguration more easily but I have not tested it.\n\nThis means that if you try to convert from say a replicating producer back to a\nstandalone server you will probably get errors from trying to remove the\nvarious replication objects.  However things should always build from scratch\ncleanly.\n\nThis module has been built on and tested against Puppet 4.4.0 and higher.\n\nThe module has been tested on:\n\n* RedHat Enterprise Linux 6/7\n* Ubuntu 14.04/16.04\n* Debian 7/8\n* OpenBSD 6.0/6.1/6.2/6.3\n\n## Development\n\nThe module has both [rspec-puppet](http://rspec-puppet.com) and\n[beaker-rspec](https://github.com/puppetlabs/beaker-rspec) tests. Run them\nwith:\n\n```\n$ bundle exec rake test\n$ PUPPET_INSTALL_TYPE=agent PUPPET_INSTALL_VERSION=x.y.z bundle exec rake beaker:\u003cnodeset\u003e\n```\n\nPlease log issues or pull requests at\n[github](https://github.com/bodgit/puppet-openldap).\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbodgit%2Fpuppet-openldap","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbodgit%2Fpuppet-openldap","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbodgit%2Fpuppet-openldap/lists"}