# copyright # copyright # Licence: GPL class openldap::server::slave::dev { package { [ "slapd", "ldap-utils" ]: ensure => installed } service { "slapd": ensure => running, subscribe => [ Package["slapd"] ], } file { "/etc/ldap/schema": ensure => directory, mode => 644, owner => root, group => root, source => "puppet:///openldap/etc/ldap/schema/", recurse => "true", notify => Exec_ldap_files["/etc/ldap/schema"], before => Exec_ldap_files["/etc/ldap/schema"], require => Package["slapd", "ldap-utils"]; "/var/backups/ldap": ensure => directory, owner => root, group => root, mode => 750; } file { "/etc/ldap/consumer-init.ldif": content => template("openldap/consumer-init.ldif.erb"), mode => 0600, owner => root, group => root; "/etc/ldap/consumer-sync.ldif": content => template("openldap/consumer-sync.ldif.erb"), mode => 0600, owner => root, group => root; } define exec_ldap_files($archivos) { exec_ldap_file { $archivos: archivo => $name } } define exec_ldap_file($archivo) { $test = "/usr/bin/test" $ldap_add = "/usr/bin/ldapadd -Y EXTERNAL -H ldapi:/// -f" $slapd_path = "/etc/ldap/slapd.d" $unless = "$test -e $slapd_path/cn=config/cn=schema/cn={*}$name" # file { "${archivo}/$name" : ensure => present } exec { "ejecuta$name": command => "$ldap_add $archivo/$name", unless => $unless, returns => [0,80], notify => Exec["ejecutaConsumerInit"], before => [ Exec["ejecutaConsumerInit"] ], } } exec_ldap_files { "/etc/ldap/schema": archivos => [ "cosine.ldif", "inetorgperson.ldif", "rfc2307bis.ldif", "evolutionperson.ldif", "mozillaabpersonalpha.ldif" ], } $test = "/usr/bin/test" $ldap_add = "/usr/bin/ldapadd -Y EXTERNAL -H ldapi:/// -f" $slapd_path = "/etc/ldap/slapd.d" exec { "ejecutaConsumerInit": command => "$ldap_add /etc/ldap/consumer-init.ldif", unless => "$test -e $slapd_path/cn=config/cn=module{0}.ldif", returns => [0,80], notify => Exec["ejecutaConsumerSync"], before => [ Exec["ejecutaConsumerSync"] ], } exec { "ejecutaConsumerSync": command => "$ldap_add /etc/ldap/consumer-sync.ldif", unless => "/bin/grep -q 'olcModuleLoad: {1}syncprov' $slapd_path/cn=config/cn=module{0}.ldif", returns => [0,80], } } class openldap::server::slave { debug ("configuring openldap::server::slave with dn '$ldap_base'") package {"slapd": ensure => installed, responsefile => "/var/cache/debconf/slapd.preseed", require => File["/var/cache/debconf/slapd.preseed"], } # if defined(Package["ldap-utils"]) { } else { # package {"ldap-utils": ensure => present, } # } service {"slapd": ensure => running, require => Package[slapd], } # if ($ldap_ssl_only) { # $line = 'SLAPD_SERVICES="ldaps:///"' # } else { $line = 'SLAPD_SERVICES="ldap:/// ldaps:/// ldapi:///"' # } line {"listen_locally": # line => 'SLAPD_SERVICES="ldap:/// ldaps:/// ldapi:///"', line => $line, file => "/etc/default/slapd", ensure => present, require => Package[slapd], notify => Service[slapd], } file { "/etc/ldap/slapd.conf": content => template("openldap/slapd.conf_slave.erb"), mode => 0600, owner => root, group => root; "/var/cache/debconf/slapd.preseed": content => template("openldap/slapd.preseed.erb"), mode => 0600, owner => root, group => root; "/var/backups/ldap": ensure => directory, owner => root, group => root, mode => 750; } exec{"slap_conf_update": command => "/etc/init.d/slapd stop && /bin/rm -r /etc/ldap/slapd.d/ && /bin/mkdir /etc/ldap/slapd.d && /usr/sbin/slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d/ && /bin/chown -R openldap:openldap /etc/ldap/slapd.d/ && /bin/chmod -R o-rwx /etc/ldap/slapd.d/ && /etc/init.d/slapd start", refreshonly => true, subscribe => File["/etc/ldap/slapd.conf"], require => [Package[slapd], File["/etc/ldap/slapd.conf"]], } file { "/etc/ldap/schema": ensure => directory, mode => 644, owner => root, group => root, source => "puppet:///openldap/etc/ldap/schema/", recurse => "true", require => Package[slapd]; } cron {"ldap-backup": command => "/usr/local/sbin/ldap-backup.sh", user => "root", hour => 2, minute => 0, require => File["/var/backups/ldap"], } }