[655] | 1 | # copyright <sebas @ koumbit.org> |
---|
| 2 | # copyright <josx @ interorganic.com.ar > |
---|
| 3 | # Licence: GPL |
---|
| 4 | |
---|
| 5 | |
---|
[651] | 6 | class openldap::server::slave::dev { |
---|
| 7 | |
---|
| 8 | package { [ |
---|
| 9 | "slapd", |
---|
| 10 | "ldap-utils" |
---|
| 11 | ]: ensure => installed |
---|
| 12 | } |
---|
| 13 | |
---|
| 14 | service { "slapd": |
---|
| 15 | enable => true, |
---|
| 16 | ensure => running, |
---|
| 17 | subscribe => [ Package["slapd"] ], |
---|
| 18 | } |
---|
| 19 | |
---|
| 20 | file { |
---|
| 21 | "/etc/ldap/schema": |
---|
| 22 | ensure => directory, |
---|
| 23 | mode => 644, |
---|
| 24 | owner => root, |
---|
| 25 | group => root, |
---|
| 26 | source => "puppet:///openldap/etc/ldap/schema/", |
---|
| 27 | recurse => "true", |
---|
[726] | 28 | notify => Exec_ldap_files["/etc/ldap/schema"], |
---|
[656] | 29 | before => Exec_ldap_files["/etc/ldap/schema"], |
---|
[726] | 30 | require => Package["slapd", "ldap-utils"]; |
---|
[651] | 31 | "/var/backups/ldap": |
---|
| 32 | ensure => directory, |
---|
| 33 | owner => root, |
---|
| 34 | group => root, |
---|
[656] | 35 | mode => 750; |
---|
[651] | 36 | } |
---|
| 37 | |
---|
| 38 | file { |
---|
| 39 | "/etc/ldap/consumer-init.ldif": |
---|
| 40 | content => template("openldap/consumer-init.ldif.erb"), |
---|
| 41 | mode => 0600, |
---|
| 42 | owner => root, |
---|
| 43 | group => root; |
---|
| 44 | "/etc/ldap/consumer-sync.ldif": |
---|
| 45 | content => template("openldap/consumer-sync.ldif.erb"), |
---|
| 46 | mode => 0600, |
---|
| 47 | owner => root, |
---|
[656] | 48 | group => root; |
---|
[651] | 49 | } |
---|
[655] | 50 | |
---|
[665] | 51 | |
---|
| 52 | define exec_ldap_files($archivos) { |
---|
| 53 | exec_ldap_file { $archivos: archivo => $name } |
---|
| 54 | } |
---|
| 55 | |
---|
| 56 | define exec_ldap_file($archivo) { |
---|
| 57 | $test = "/usr/bin/test" |
---|
| 58 | $ldap_add = "/usr/bin/ldapadd -Y EXTERNAL -H ldapi:/// -f" |
---|
| 59 | $slapd_path = "/etc/ldap/slapd.d" |
---|
| 60 | $unless = "$test -e $slapd_path/cn=config/cn=schema/cn={*}$name" |
---|
| 61 | |
---|
[726] | 62 | # file { "${archivo}/$name" : ensure => present } |
---|
[665] | 63 | exec { "ejecuta$name": |
---|
| 64 | command => "$ldap_add $archivo/$name", |
---|
| 65 | unless => $unless, |
---|
| 66 | returns => [0,80], |
---|
[726] | 67 | notify => Exec["ejecutaConsumerInit"], |
---|
| 68 | before => [ Exec["ejecutaConsumerInit"] ], |
---|
[665] | 69 | } |
---|
| 70 | } |
---|
| 71 | |
---|
[656] | 72 | exec_ldap_files { "/etc/ldap/schema": |
---|
[664] | 73 | archivos => [ "cosine.ldif", "inetorgperson.ldif", "rfc2307bis.ldif", "evolutionperson.ldif", "mozillaabpersonalpha.ldif" ], |
---|
[655] | 74 | } |
---|
| 75 | |
---|
[664] | 76 | $test = "/usr/bin/test" |
---|
| 77 | $ldap_add = "/usr/bin/ldapadd -Y EXTERNAL -H ldapi:/// -f" |
---|
| 78 | $slapd_path = "/etc/ldap/slapd.d" |
---|
| 79 | exec { "ejecutaConsumerInit": |
---|
| 80 | command => "$ldap_add /etc/ldap/consumer-init.ldif", |
---|
[726] | 81 | unless => "$test -e $slapd_path/cn=config/cn=module{0}.ldif", |
---|
[664] | 82 | returns => [0,80], |
---|
[726] | 83 | notify => Exec["ejecutaConsumerSync"], |
---|
| 84 | before => [ Exec["ejecutaConsumerSync"] ], |
---|
[664] | 85 | } |
---|
| 86 | exec { "ejecutaConsumerSync": |
---|
| 87 | command => "$ldap_add /etc/ldap/consumer-sync.ldif", |
---|
| 88 | unless => "/bin/grep -q 'olcModuleLoad: {1}syncprov' $slapd_path/cn=config/cn=module{0}.ldif", |
---|
| 89 | returns => [0,80], |
---|
| 90 | } |
---|
[655] | 91 | |
---|
[651] | 92 | } |
---|
| 93 | |
---|
[446] | 94 | class openldap::server::slave { |
---|
| 95 | |
---|
| 96 | debug ("configuring openldap::server::slave with dn '$ldap_base'") |
---|
| 97 | |
---|
| 98 | package {"slapd": |
---|
| 99 | ensure => installed, |
---|
| 100 | responsefile => "/var/cache/debconf/slapd.preseed", |
---|
| 101 | require => File["/var/cache/debconf/slapd.preseed"], |
---|
| 102 | } |
---|
| 103 | # if defined(Package["ldap-utils"]) { } else { |
---|
| 104 | # package {"ldap-utils": ensure => present, } |
---|
| 105 | # } |
---|
| 106 | |
---|
| 107 | service {"slapd": |
---|
| 108 | ensure => running, |
---|
| 109 | require => Package[slapd], |
---|
| 110 | } |
---|
| 111 | |
---|
| 112 | # if ($ldap_ssl_only) { |
---|
| 113 | # $line = 'SLAPD_SERVICES="ldaps:///"' |
---|
| 114 | # } else { |
---|
| 115 | $line = 'SLAPD_SERVICES="ldap:/// ldaps:/// ldapi:///"' |
---|
| 116 | # } |
---|
| 117 | line {"listen_locally": |
---|
| 118 | # line => 'SLAPD_SERVICES="ldap:/// ldaps:/// ldapi:///"', |
---|
| 119 | line => $line, |
---|
| 120 | file => "/etc/default/slapd", |
---|
| 121 | ensure => present, |
---|
| 122 | require => Package[slapd], |
---|
| 123 | notify => Service[slapd], |
---|
| 124 | } |
---|
| 125 | |
---|
| 126 | file { |
---|
| 127 | "/etc/ldap/slapd.conf": |
---|
[449] | 128 | content => template("openldap/slapd.conf_slave.erb"), |
---|
[446] | 129 | mode => 0600, |
---|
| 130 | owner => root, |
---|
| 131 | group => root; |
---|
| 132 | "/var/cache/debconf/slapd.preseed": |
---|
| 133 | content => template("openldap/slapd.preseed.erb"), |
---|
| 134 | mode => 0600, |
---|
| 135 | owner => root, |
---|
| 136 | group => root; |
---|
| 137 | "/var/backups/ldap": |
---|
| 138 | ensure => directory, |
---|
| 139 | owner => root, |
---|
| 140 | group => root, |
---|
| 141 | mode => 750; |
---|
| 142 | } |
---|
[501] | 143 | |
---|
| 144 | exec{"slap_conf_update": |
---|
[503] | 145 | command => "/etc/init.d/slapd stop && /bin/rm -r /etc/ldap/slapd.d/ && /bin/mkdir /etc/ldap/slapd.d && /usr/sbin/slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d/ && /bin/chown -R openldap:openldap /etc/ldap/slapd.d/ && /bin/chmod -R o-rwx /etc/ldap/slapd.d/ && /etc/init.d/slapd start", |
---|
[501] | 146 | refreshonly => true, |
---|
| 147 | subscribe => File["/etc/ldap/slapd.conf"], |
---|
[502] | 148 | require => [Package[slapd], File["/etc/ldap/slapd.conf"]], |
---|
[501] | 149 | } |
---|
| 150 | |
---|
[446] | 151 | |
---|
| 152 | file { |
---|
| 153 | "/etc/ldap/schema": |
---|
| 154 | ensure => directory, |
---|
[506] | 155 | mode => 644, |
---|
[446] | 156 | owner => root, |
---|
| 157 | group => root, |
---|
[506] | 158 | source => "puppet:///openldap/etc/ldap/schema/", |
---|
| 159 | recurse => "true", |
---|
[446] | 160 | require => Package[slapd]; |
---|
| 161 | } |
---|
| 162 | |
---|
| 163 | cron {"ldap-backup": |
---|
| 164 | command => "/usr/local/sbin/ldap-backup.sh", |
---|
| 165 | user => "root", |
---|
| 166 | hour => 2, |
---|
| 167 | minute => 0, |
---|
| 168 | require => File["/var/backups/ldap"], |
---|
| 169 | } |
---|
| 170 | } |
---|