# copyright # copyright # Licence: GPL class openldap::server::slave::dev { # TODO # ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif # ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif # ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/rfc2307bis.ldif # ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/evolutionperson.ldif # ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/mozillaabpersonalpha.ldif # ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/consumer-init.ldif # ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/consumer-sync.ldif define exec_ldap_files($archivos) { exec_ldap_file { $archivos: archivo => $name } } define exec_ldap_file($archivo) { $ldap_add = "/usr/bin/ldapadd -Y EXTERNAL -H ldapi:/// -f" file { "${archivo}/$name" : ensure => present } exec { "ejecuta$name": command => "$ldap_add $archivo/$name", creates => "/etc/ldap/slapd.d/cn\=config/cn\=schema/cn\=\{1\}cosine.ldif", returns => [0,80], } } package { [ "slapd", "ldap-utils" ]: ensure => installed } service { "slapd": enable => true, ensure => running, subscribe => [ Package["slapd"] ], } file { "/etc/ldap/schema": ensure => directory, mode => 644, owner => root, group => root, source => "puppet:///openldap/etc/ldap/schema/", recurse => "true", before => Exec_ldap_files["/etc/ldap/schema"], require => Package[slapd]; "/var/backups/ldap": ensure => directory, owner => root, group => root, mode => 750; # before => Exec_ldap_file["/etc/ldap/schema"]; } file { "/etc/ldap/consumer-init.ldif": content => template("openldap/consumer-init.ldif.erb"), mode => 0600, owner => root, group => root; # before => Exec_ldap_files["/etc/ldap"]; "/etc/ldap/consumer-sync.ldif": content => template("openldap/consumer-sync.ldif.erb"), mode => 0600, owner => root, group => root; # before => Exec_ldap_files["/etc/ldap"]; } exec_ldap_files { "/etc/ldap/schema": archivos => [ "cosine.ldif", "inetorgperson.ldif", "rfc2307bis.ldif", "evolutionperson.ldif" ] } # exec_ldap_files { "/etc/ldap": # archivos => [ "consumer-init.ldif", "consumer-sync.ldif" ] # } } class openldap::server::slave { debug ("configuring openldap::server::slave with dn '$ldap_base'") package {"slapd": ensure => installed, responsefile => "/var/cache/debconf/slapd.preseed", require => File["/var/cache/debconf/slapd.preseed"], } # if defined(Package["ldap-utils"]) { } else { # package {"ldap-utils": ensure => present, } # } service {"slapd": ensure => running, require => Package[slapd], } # if ($ldap_ssl_only) { # $line = 'SLAPD_SERVICES="ldaps:///"' # } else { $line = 'SLAPD_SERVICES="ldap:/// ldaps:/// ldapi:///"' # } line {"listen_locally": # line => 'SLAPD_SERVICES="ldap:/// ldaps:/// ldapi:///"', line => $line, file => "/etc/default/slapd", ensure => present, require => Package[slapd], notify => Service[slapd], } file { "/etc/ldap/slapd.conf": content => template("openldap/slapd.conf_slave.erb"), mode => 0600, owner => root, group => root; "/var/cache/debconf/slapd.preseed": content => template("openldap/slapd.preseed.erb"), mode => 0600, owner => root, group => root; "/var/backups/ldap": ensure => directory, owner => root, group => root, mode => 750; } exec{"slap_conf_update": command => "/etc/init.d/slapd stop && /bin/rm -r /etc/ldap/slapd.d/ && /bin/mkdir /etc/ldap/slapd.d && /usr/sbin/slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d/ && /bin/chown -R openldap:openldap /etc/ldap/slapd.d/ && /bin/chmod -R o-rwx /etc/ldap/slapd.d/ && /etc/init.d/slapd start", refreshonly => true, subscribe => File["/etc/ldap/slapd.conf"], require => [Package[slapd], File["/etc/ldap/slapd.conf"]], } file { "/etc/ldap/schema": ensure => directory, mode => 644, owner => root, group => root, source => "puppet:///openldap/etc/ldap/schema/", recurse => "true", require => Package[slapd]; } cron {"ldap-backup": command => "/usr/local/sbin/ldap-backup.sh", user => "root", hour => 2, minute => 0, require => File["/var/backups/ldap"], } }