{"id":15013979,"url":"https://github.com/voxpupuli/puppet-openldap","last_synced_at":"2025-04-07T17:07:21.938Z","repository":{"id":13878207,"uuid":"16576257","full_name":"voxpupuli/puppet-openldap","owner":"voxpupuli","description":"Manage OpenLDAP with Puppet","archived":false,"fork":false,"pushed_at":"2024-09-17T07:31:51.000Z","size":1033,"stargazers_count":37,"open_issues_count":22,"forks_count":135,"subscribers_count":47,"default_branch":"master","last_synced_at":"2024-10-29T14:22:40.181Z","etag":null,"topics":["bsd-puppet-module","centos-puppet-module","debian-puppet-module","freebsd-puppet-module","hacktoberfest","linux-puppet-module","puppet","redhat-puppet-module","sles-puppet-module","ubuntu-puppet-module"],"latest_commit_sha":null,"homepage":null,"language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/voxpupuli.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"open_collective":"vox-pupuli","github":"voxpupuli"}},"created_at":"2014-02-06T10:42:49.000Z","updated_at":"2024-09-17T07:31:54.000Z","dependencies_parsed_at":"2024-01-05T03:28:42.936Z","dependency_job_id":"90209623-b9e7-4318-8dd0-91b7718d9e7f","html_url":"https://github.com/voxpupuli/puppet-openldap","commit_stats":{"total_commits":845,"total_committers":84,"mean_commits":10.05952380952381,"dds":0.5834319526627219,"last_synced_commit":"28a4084c2767ce937caa4fcf42bb118ae6db2d45"},"previous_names":["camptocamp/puppet-openldap"],"tags_count":68,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/voxpupuli%2Fpuppet-openldap","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/voxpupuli%2Fpuppet-openldap/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/voxpupuli%2Fpuppet-openldap/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/voxpupuli%2Fpuppet-openldap/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/voxpupuli","download_url":"https://codeload.github.com/voxpupuli/puppet-openldap/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247217366,"owners_count":20903045,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bsd-puppet-module","centos-puppet-module","debian-puppet-module","freebsd-puppet-module","hacktoberfest","linux-puppet-module","puppet","redhat-puppet-module","sles-puppet-module","ubuntu-puppet-module"],"created_at":"2024-09-24T19:45:01.564Z","updated_at":"2025-04-07T17:07:21.914Z","avatar_url":"https://github.com/voxpupuli.png","language":"Ruby","funding_links":["https://opencollective.com/vox-pupuli","https://github.com/sponsors/voxpupuli"],"categories":[],"sub_categories":[],"readme":"OpenLDAP\n========\n\n[![Build Status](https://github.com/voxpupuli/puppet-openldap/workflows/CI/badge.svg)](https://github.com/voxpupuli/puppet-openldap/actions?query=workflow%3ACI)\n[![Release](https://github.com/voxpupuli/puppet-openldap/actions/workflows/release.yml/badge.svg)](https://github.com/voxpupuli/puppet-openldap/actions/workflows/release.yml)\n[![Puppet Forge Version](http://img.shields.io/puppetforge/v/puppet/openldap.svg)](https://forge.puppetlabs.com/puppet/openldap)\n[![Puppet Forge Downloads](http://img.shields.io/puppetforge/dt/puppet/openldap.svg)](https://forge.puppetlabs.com/puppet/openldap)\n[![Puppet Forge Endorsement](https://img.shields.io/puppetforge/e/puppet/openldap.svg)](https://forge.puppetlabs.com/puppet/openldap)\n[![puppetmodule.info docs](http://www.puppetmodule.info/images/badge.png)](http://www.puppetmodule.info/m/puppet-openldap)\n[![Apache v2 License](https://img.shields.io/github/license/voxpupuli/puppet-openldap.svg)](LICENSE)\n[![Donated by Camptocamp](https://img.shields.io/badge/donated%20by-camptocamp-fb7047.svg)](#transfer-notice)\n\nOverview\n--------\n\nThe openldap module allows you to easily manage OpenLDAP with Puppet.\nBy default it will use OLC (cn=config).\n\nFeatures supported\n------------------\n\nObject | olc (slapd.d)\n------------|--------------\nglobal_conf | Y\ndatabase | Y\nmodule | Y\noverlay | Y\naccess | Y\nindex | Y\nschema | Y\n\nUsage\n-----\n\n### Configuring the client\n\n```puppet\nclass { 'openldap::client': }\n```\n\nFor a more customized configuration:\n\n```puppet\nclass { 'openldap::client':\n base =\u003e 'dc=example,dc=com',\n uri =\u003e ['ldap://ldap.example.com', 'ldap://ldap-master.example.com:666'],\n tls_cacert =\u003e '/etc/ssl/certs/ca-certificates.crt',\n}\n```\n\n### Configuring the server\n\n```puppet\nclass { 'openldap::server': }\nopenldap::server::database { 'dc=foo,dc=example.com':\n ensure =\u003e present,\n}\n```\n\nFor a more customized configuration:\n\n```puppet\nclass { 'openldap::server':\n ldaps_ifs =\u003e ['/'],\n ssl_cert =\u003e '/etc/ldap/ssl/slapd.pem',\n ssl_key =\u003e '/etc/ldap/ssl/slapd.key',\n}\n```\n\nIf you need multiple databases:\n\n```puppet\nclass { 'openldap::server':\n databases =\u003e {\n 'dc=foo,dc=example,dc=com' =\u003e {\n directory =\u003e '/var/lib/ldap/foo',\n },\n 'dc=bar,dc=example,dc=com' =\u003e {\n directory =\u003e '/var/lib/ldap/bar',\n },\n },\n}\n```\n\nConfiguring a global parameter:\n\n```puppet\nopenldap::server::globalconf { 'security':\n ensure =\u003e present,\n value =\u003e 'tls=128',\n}\n```\n\nConfiguring multiple olc serverIDs for multiple master or mirror mode\n\n```puppet\nopenldap::server::globalconf { 'ServerID':\n ensure =\u003e present,\n value =\u003e { 'ServerID' =\u003e [ '1 ldap://master1.example.com', '2 ldap://master2.example.com' ] }\n}\n```\n\nConfiguring security for global\n\n```puppet\nopenldap::server::globalconf { 'Security':\n ensure =\u003e present,\n\tvalue =\u003e { 'Security' =\u003e [ 'simple_bind=128', 'ssf=128', 'tls=0' ] }\n```\n\n### Configuring a database\n\n```puppet\nopenldap::server::database { 'dc=example,dc=com':\n directory =\u003e '/var/lib/ldap',\n rootdn =\u003e 'cn=admin,dc=example,dc=com',\n rootpw =\u003e 'secret',\n}\n```\n\n`rootpw` will be automatically converted to a SSHA hash with random salt.\n\nSupport SHA-2 password\n```puppet\nopenldap::server::database { 'dc=example,dc=com':\n directory =\u003e '/var/lib/ldap',\n rootdn =\u003e 'cn=admin,dc=example,dc=com',\n rootpw =\u003e '{SHA384}QZdaK3FnibbilSPbthnf3cO8lBWsRyM9i1MZTUFP21RdBSLSNFgYc2eFFzJG/amX',\n}\n```\n\n### Configuring modules\n\n```puppet\nopenldap::server::module { 'memberof':\n ensure =\u003e present,\n}\n```\n\n### Configuring overlays\n\n```puppet\nopenldap::server::overlay { 'memberof on dc=example,dc=com':\n ensure =\u003e present,\n}\n```\n\n### Configuring ACPs/ACLs\n\n[Documentation](http://www.openldap.org/devel/admin/slapdconf2.html) about olcAcces state the following spec:\n\u003e 5.2.5.2. olcAccess: to \u0026lt;what\u0026gt; \\[ by \u0026lt;who\u0026gt; \\[\u0026lt;accesslevel\u0026gt;\\] \\[\u0026lt;control\u0026gt;\\] \\]+\n\nDefine priority and suffix in the title:\n```puppet\nopenldap::server::access { '0 on dc=example,dc=com':\n what =\u003e 'attrs=userPassword,shadowLastChange',\n access =\u003e [\n 'by dn=\"cn=admin,dc=example,dc=com\" write',\n 'by anonymous auth',\n 'by self write',\n 'by * none',\n ],\n}\n```\n\nfrom the openldap [documentation](http://www.openldap.org/doc/admin24/slapdconf2.html)\n\u003e The frontend is a special database that is used to hold database-level\noptions that should be applied to all the other databases. Subsequent database\ndefinitions may also override some frontend settings.\n\nSo use the suffix 'cn=frontend' for this special database\n\n\n```puppet\nopenldap::server::access { '0 on cn=frontend' :\n what =\u003e '*',\n access =\u003e [\n 'by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage',\n 'by * break',\n ],\n}\n```\n\n#### Note:\nFor purging unmanaged entries, rely on the `resources` resource:\n\n```\nresources { 'openldap_access':\n purge =\u003e true,\n}\n\nopenldap::server::access { '0 on dc=example,dc=com':\n what =\u003e ...,\n access =\u003e [...],\n}\nopenldap::server::access { '1 on dc=example,dc=com':\n what =\u003e ...,\n access =\u003e [...],\n}\n```\n\n#### Call your acl from a hash:\nThe class `openldap::server::access_wrapper` was designed to simplify creating ACL.\nEach ACL is distinct hash in order to avoid collisions when multiple identical `what` are present (`to *` in this example).\n\n```puppet\n$example_acl = [\n {\n 'to *' =\u003e [\n 'by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage',\n 'by dn.exact=cn=admin,dc=example,dc=com write',\n 'by dn.exact=cn=replicator,dc=example,dc=com read',\n 'by * break',\n ],\n },\n {\n 'to attrs=userPassword,shadowLastChange' =\u003e [\n 'by dn=\"cn=admin,dc=example,dc=com\" write',\n 'by self write',\n 'by anonymous auth',\n ],\n },\n {\n 'to *' =\u003e [\n 'by self read',\n ],\n },\n]\n\n\nopenldap::server::access_wrapper { 'dc=example,dc=com' :\n acl =\u003e $example_acl,\n}\n```\n\n### Configuring Schemas\n```puppet\nopenldap::server::schema { 'samba':\n ensure =\u003e present,\n path =\u003e '/etc/ldap/schema/samba.schema',\n require =\u003e Openldap::Server::Schema[\"inetorgperson\"],\n}\n\nopenldap::server::schema { 'nis':\n ensure =\u003e present,\n path =\u003e '/etc/ldap/schema/nis.ldif',\n require =\u003e Openldap::Server::Schema[\"inetorgperson\"],\n}\n```\n\n### Configuring Rewrite-overlay\n```puppet\nopenldap::server::database { 'relay':\n ensure =\u003e present,\n backend =\u003e 'relay',\n suffix =\u003e 'o=example',\n relay =\u003e 'dc=example,dc=com',\n}-\u003e\n\nopenldap::server::overlay { \"rwm on relay\":\n ensure =\u003e present,\n suffix =\u003e 'cn=config',\n overlay =\u003e 'rwm',\n options =\u003e {\n 'olcRwmRewrite' =\u003e [\n 'rwm-rewriteEngine \"on\"',\n 'rwm-suffixmassage , \"dc=example,dc=com\"]',\n },\n}\n```\n\n### Configuring Dbindex\n\n```puppet\n# Configuration suffix\nOpenldap::Server::Dbindex {\n suffix =\u003e 'dc=example,dc=com',\n}\n\n# The module only sets \"objectClass eq\" by default\nopenldap::server::dbindex {\n 'cn':\n attribute =\u003e 'cn',\n indices =\u003e 'eq,pres,sub';\n 'uid':\n attribute =\u003e 'uid',\n indices =\u003e 'eq,pres,sub';\n 'uidNumber':\n attribute =\u003e 'uidNumber',\n indices =\u003e 'eq,pres';\n 'gidNumber':\n attribute =\u003e 'gidNumber',\n indices =\u003e 'eq,pres';\n 'member':\n attribute =\u003e 'member',\n indices =\u003e 'eq,pres';\n 'memberUid':\n attribute =\u003e 'memberUid',\n indices =\u003e 'eq,pres';\n}\n```\n\n## Transfer Notice\n\nThis plugin was originally authored by [Camptocamp](http://www.camptocamp.com).\nThe maintainer preferred that Puppet Community take ownership of the module for future improvement and maintenance.\nExisting pull requests and issues were transferred over, please fork and continue to contribute here instead of Camptocamp.\n\nPreviously: https://github.com/camptocamp/puppet-openldap\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvoxpupuli%2Fpuppet-openldap","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvoxpupuli%2Fpuppet-openldap","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvoxpupuli%2Fpuppet-openldap/lists"}