{"id":13781154,"url":"https://github.com/sous-chefs/openldap","last_synced_at":"2025-05-06T21:40:47.990Z","repository":{"id":2725947,"uuid":"3720875","full_name":"sous-chefs/openldap","owner":"sous-chefs","description":"Development repository for the openldap cookbook","archived":false,"fork":false,"pushed_at":"2024-12-04T17:52:27.000Z","size":441,"stargazers_count":43,"open_issues_count":9,"forks_count":107,"subscribers_count":48,"default_branch":"main","last_synced_at":"2025-04-19T06:39:23.422Z","etag":null,"topics":["chef","chef-cookbook","chef-resource","hacktoberfest","managed-by-terraform","openldap"],"latest_commit_sha":null,"homepage":"https://supermarket.chef.io/cookbooks/openldap","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sous-chefs.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null},"funding":{"open_collective":"sous-chefs"}},"created_at":"2012-03-14T18:35:53.000Z","updated_at":"2025-01-10T03:12:50.000Z","dependencies_parsed_at":"2023-01-11T16:12:05.972Z","dependency_job_id":"e9a6cfa4-c947-4542-9a3f-e09b84a52add","html_url":"https://github.com/sous-chefs/openldap","commit_stats":{"total_commits":438,"total_committers":40,"mean_commits":10.95,"dds":0.8310502283105023,"last_synced_commit":"d0a5ff825fed237a73bfc8eca64931688696b798"},"previous_names":[],"tags_count":43,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sous-chefs%2Fopenldap","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sous-chefs%2Fopenldap/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sous-chefs%2Fopenldap/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sous-chefs%2Fopenldap/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sous-chefs","download_url":"https://codeload.github.com/sous-chefs/openldap/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250718988,"owners_count":21475986,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["chef","chef-cookbook","chef-resource","hacktoberfest","managed-by-terraform","openldap"],"created_at":"2024-08-03T18:01:23.431Z","updated_at":"2025-05-06T21:40:47.939Z","avatar_url":"https://github.com/sous-chefs.png","language":"Ruby","funding_links":["https://opencollective.com/sous-chefs"],"categories":["Cookbooks"],"sub_categories":["Network/Security"],"readme":"# openldap Cookbook\n\n[![Cookbook Version](https://img.shields.io/cookbook/v/openldap.svg)](https://supermarket.chef.io/cookbooks/openldap)\n[![CI State](https://github.com/sous-chefs/openldap/workflows/ci/badge.svg)](https://github.com/sous-chefs/openldap/actions?query=workflow%3Aci)\n[![OpenCollective](https://opencollective.com/sous-chefs/backers/badge.svg)](#backers)\n[![OpenCollective](https://opencollective.com/sous-chefs/sponsors/badge.svg)](#sponsors)\n[![License](https://img.shields.io/badge/License-Apache%202.0-green.svg)](https://opensource.org/licenses/Apache-2.0)\n\nConfigures a server to be an OpenLDAP provider or replication consumer. Also includes a recipe to install the client libs, but not to setup actual LDAP auth as there are several ways to do this. We recommend looking at the [sssd_ldap cookbook](https://github.com/chef-cookbooks/sssd_ldap).\n\n## Maintainers\n\nThis cookbook is maintained by the Sous Chefs. The Sous Chefs are a community of Chef cookbook maintainers working together to maintain important cookbooks. If you’d like to know more please visit [sous-chefs.org](https://sous-chefs.org/) or come chat with us on the Chef Community Slack in [#sous-chefs](https://chefcommunity.slack.com/messages/C2V7B88SF).\n\n## Requirements\n\n### Platforms\n\n- Ubuntu\n- Debian\n- FreeBSD\n- RHEL/CentOS \u003e= 7.0 *NOTE: RHEL 8 [removed support](https://www.redhat.com/en/blog/preparing-identity-management-red-hat-enterprise-linux-8) for openldap. We provide support via a repository provided by the [OSUOSL](https://osuosl.org).*\n- Fedora\n- openSUSE Leap\n\n### Chef\n\n- Chef 15.3+\n\n### Cookbooks\n\n- dpkg_autostart\n\n## Attributes\n\nThis is not an exhaustive list of attributes as most are directly comparable to their OpenLDAP equivalents.\n\n### Required\n\n- `openldap['rootpw']`\n\nThis should be a password hash generated from slappasswd. The default slappasswd command will generate a salted SHA1 hash:\n\n```shell\n$ slappasswd -s \"secretsauce\"\n{SSHA}6BjlvtSbVCL88li8IorkqMSofkLio58/\n```\n\nSet this via a node/role/env attribute or in a wrapper cookbook with an encrypted data_bag. OpenLDAP will fail to start if this is not set.\n\n### Install/Upgrade\n\n- `openldap['package_install_action']` - The action to be taken for all packages in the recipes. Defaults to :install, but can also be set to :upgrade to upgrade all packages referenced in the recipes.\n\n### General configuration\n\n- `openldap['schemas']` - Array of ldap schema file names to load\n- `openldap['modules']` - Array of slapd modules names to load\n- `openldap['indexes]' - Array of indexes to use\n- `openldap['admin_cn']` - Admin CN name `administrators (default)`\n- `openldap['user_attrs']` - User access attributes `userPassword,shadowLastChange (default)`\n\n### TLS/SSL\n\nIf `openldap['ldaps_enabled']` or `openldap['tls_enabled']` are set, then `openldap['tls_cert']` and `openldap['tls_key']` must also be set and the files must exist prior to execution. Depending on the certificates, `openldap['tls_cafile']` may also need to be set. See the test cookbook for an example.\n\n- `openldap['ldaps_enabled']` - listen on LDAPS (636) true | false (default)\n- `openldap['tls_enabled']` - true | false (default)\n- `openldap['tls_cert']` - full path to your SSL certificate\n- `openldap['tls_key']` - full path to your SSL key\n- `openldap['tls_cafile']` - full path to your CA certificate (or intermediate authorities), if needed.\n- `openldap['tls_ciphersuite']` - OpenSSL cipher suite specification to use, defaults to none (use system default)\n\n### Replication\n\nAttributes related to replication (syncrepl). Only used if a provider or consumer.\n\n- `openldap['slapd_type']` - `'provider' | 'consumer'`, default is `nil`\n- `openldap['slapd_provider']` - hostname of slapd provider\n- `openldap['slapd_replpw']` - replication password\n- `openldap['slapd_rid']` - unique integer ID, required if type is consumer\n- `openldap['syncrepl_uri']` - `ldap (default) | ldaps`\n- `openldap['syncrepl_port']` - `'389 (default) | 636'`\n- `openldap['syncrepl_cn']` - the CN (only) of the user to use as binddn as consumer\n\nThe following syncrepl values are set by default, others can be added by setting the appropriate key value\npair in the `openldap['syncrepl_*_config]` (See the OpenLDAP Adminstrator Guide):\n\n- `openldap']['syncrepl_provider_config']['overlay']` - defaults to 'syncprov'\n- `openldap']['syncrepl_provider_config']['syncprov-checkpoint']` - defaults to '100 10'\n- `openldap']['syncrepl_provider_config']['syncprov-sessionlog']` - defaults to '100'\n- `openldap['syncrepl_consumer_config']['type']` - defaults to 'refreshAndPersist'\n- `openldap['syncrepl_consumer_config']['interval']` - interval for the sync. Defaults to 1 day\n- `openldap['syncrepl_consumer_config']['searchbase']` - calculated in recipe\n- `openldap['syncrepl_consumer_config']['filter']` - search filter to use in the replication\n- `openldap['syncrepl_consumer_config']['scope']` - defaults to 'sub'\n- `openldap['syncrepl_consumer_config']['schemachecking']` - defaults to 'off'\n- `openldap['syncrepl_consumer_config']['bindmethod']` - defaults to 'simple'\n- `openldap['syncrepl_consumer_config']['binddn']` - calculated in recipe\n- `openldap['syncrepl_consumer_config']['starttls']` - `yes | no (default)`\n- `openldap['syncrepl_consumer_config']['credentials']` - defaults to `openldap['slapd_replpw']`\n\n## Recipes\n\n### default\n\nInstall and configure OpenLDAP (slapd).\n\n## Resources\n\n- [install](https://github.com/sous-chefs/openldap/blob/master/documentation/resource_openldap_install.md)\n\n## Contributors\n\nThis project exists thanks to all the people who [contribute.](https://opencollective.com/sous-chefs/contributors.svg?width=890\u0026button=false)\n\n### Backers\n\nThank you to all our backers!\n\n![https://opencollective.com/sous-chefs#backers](https://opencollective.com/sous-chefs/backers.svg?width=600\u0026avatarHeight=40)\n\n### Sponsors\n\nSupport this project by becoming a sponsor. Your logo will show up here with a link to your website.\n\n![https://opencollective.com/sous-chefs/sponsor/0/website](https://opencollective.com/sous-chefs/sponsor/0/avatar.svg?avatarHeight=100)\n![https://opencollective.com/sous-chefs/sponsor/1/website](https://opencollective.com/sous-chefs/sponsor/1/avatar.svg?avatarHeight=100)\n![https://opencollective.com/sous-chefs/sponsor/2/website](https://opencollective.com/sous-chefs/sponsor/2/avatar.svg?avatarHeight=100)\n![https://opencollective.com/sous-chefs/sponsor/3/website](https://opencollective.com/sous-chefs/sponsor/3/avatar.svg?avatarHeight=100)\n![https://opencollective.com/sous-chefs/sponsor/4/website](https://opencollective.com/sous-chefs/sponsor/4/avatar.svg?avatarHeight=100)\n![https://opencollective.com/sous-chefs/sponsor/5/website](https://opencollective.com/sous-chefs/sponsor/5/avatar.svg?avatarHeight=100)\n![https://opencollective.com/sous-chefs/sponsor/6/website](https://opencollective.com/sous-chefs/sponsor/6/avatar.svg?avatarHeight=100)\n![https://opencollective.com/sous-chefs/sponsor/7/website](https://opencollective.com/sous-chefs/sponsor/7/avatar.svg?avatarHeight=100)\n![https://opencollective.com/sous-chefs/sponsor/8/website](https://opencollective.com/sous-chefs/sponsor/8/avatar.svg?avatarHeight=100)\n![https://opencollective.com/sous-chefs/sponsor/9/website](https://opencollective.com/sous-chefs/sponsor/9/avatar.svg?avatarHeight=100)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsous-chefs%2Fopenldap","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsous-chefs%2Fopenldap","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsous-chefs%2Fopenldap/lists"}