merged with puppet-forge version, wherever that comes from

.project

@@ -1,23 +1,24 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <projectDescription>
-<name>puppet-ldap</name>
-<comment></comment>
-<projects>
-</projects>
-<buildSpec>
-<buildCommand>
-<name>org.eclipse.xtext.ui.shared.xtextBuilder</name>
-<arguments>
-</arguments>
-</buildCommand>
-<buildCommand>
-<name>org.cloudsmith.geppetto.pp.dsl.ui.modulefileBuilder</name>
-<arguments>
-</arguments>
-</buildCommand>
-</buildSpec>
-<natures>
-<nature>org.cloudsmith.geppetto.pp.dsl.ui.puppetNature</nature>
-<nature>org.eclipse.xtext.ui.shared.xtextNature</nature>
-</natures>
+	<name>puppet-ldap</name>
+	<comment></comment>
+	<projects>
+	</projects>
+	<buildSpec>
+		<buildCommand>
+			<name>org.eclipse.xtext.ui.shared.xtextBuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.cloudsmith.geppetto.pp.dsl.ui.modulefileBuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+	</buildSpec>
+	<natures>
+		<nature>com.puppetlabs.geppetto.pp.dsl.ui.puppetNature</nature>
+		<nature>org.cloudsmith.geppetto.pp.dsl.ui.puppetNature</nature>
+		<nature>org.eclipse.xtext.ui.shared.xtextNature</nature>
+	</natures>
 </projectDescription>

CHANGELOG

@@ -1,9 +1,3 @@
-2013-07-18 - Version 0.2.5
- * @akesterson commit: Added support for managing sudoers via ldap
- * Improved support for sudoers ($sudoers_base, $sudoers_filter, $sudoers_timed, $sudoers_debug)
- * Bugfix #14: When trying to use an SSL cert, Exec[Build cert hash] fails ...
- * Added path to Exec[Server certificate hash] on ldap::server::(master,slave)
-
 2013-07-11 - Version 0.2.4
  * Fixed misplaced fail() on ldap::server::slave
 

Gemfile.lock

@@ -2,11 +2,11 @@ GEM
   remote: http://rubygems.org/
   specs:
     diff-lcs (1.2.4)
-    facter (1.7.2)
+    facter (1.7.1)
     metaclass (0.0.1)
     mocha (0.14.0)
       metaclass (~> 0.0.1)
-    puppet (2.7.22)
+    puppet (2.7.21)
       facter (~> 1.5)
     puppetlabs_spec_helper (0.4.1)
       mocha (>= 0.10.5)

Modulefile

@@ -1,11 +1,8 @@
 name    'torian-ldap'
-version '0.2.5'
+version '0.2.4'
 source 'https://github.com/torian/puppet-ldap'
 author 'Emiliano Castagnari [email protected] (aka Torian)'
 license 'GPL v2'
 summary 'OpenLDAP module for Puppet.'
 description 'Manage OpenLDAP clients and server via Puppet'
 project_page 'https://github.com/torian/puppet-ldap'
-
-# Dependency
-dependency 'puppetlabs/stdlib', '>= 4.1.0'

README.md

@@ -14,7 +14,7 @@ Puppet module to manage client and server configuration for
 Ldap client configuration at its simplest:
 
 
-    class { 'ldap::client':
+    class { 'ldap':
     	uri  => 'ldap://ldapserver00 ldap://ldapserver01',
     	base => 'dc=foo,dc=bar'
     }
@@ -25,7 +25,7 @@ Enable TLS/SSL:
 Note that *ssl_cert* should be the CA's certificate file, and
 it should be located under *puppet:///files/ldap/*.
 
-    class { 'ldap::client':
+    class { 'ldap':
     	uri      => 'ldap://ldapserver00 ldap://ldapserver01',
     	base     => 'dc=foo,dc=bar',
     	ssl      => true,
@@ -34,7 +34,7 @@ it should be located under *puppet:///files/ldap/*.
 
 Enable nsswitch and pam configuration (requires both modules):
 
-    class { 'ldap::client':
+    class { 'ldap':
       uri      => 'ldap://ldapserver00 ldap://ldapserver01',
       base     => 'dc=foo,dc=bar',
       ssl      => true

manifests/init.pp

@@ -6,6 +6,92 @@
 #
 # === Parameters
 #
+#  [uri]
+#    Ldap URI as a string. Multiple values can be set
+#    separated by spaces ('ldap://ldapmaster ldap://ldapslave')
+#    **Required**
+#
+#  [base]
+#    Ldap base dn.
+#    **Required**
+#
+#  [version]
+#    Ldap version for the connecting client
+#    *Optional* (defaults to 3)
+#
+#  [timelimit]
+#    Time limit in seconds to use when performing searches
+#    *Optional* (defaults to 30)
+#
+#  [bind_timelimit]
+#    *Optional* (defaults to 30)
+#
+#  [idle_timelimit]
+#    *Optional* (defaults to 30)
+#
+#  [binddn]
+#    Default bind dn to use when performing ldap operations
+#    *Optional* (defaults to false)
+#
+#  [bindpw]
+#    Password for default bind dn
+#    *Optional* (defaults to false)
+#
+#  [ssl]
+#    Enable TLS/SSL negotiation with the server
+#    *Requires*: ssl_cert parameter
+#    *Optional* (defaults to false)
+#
+#  [ssl_cert]
+#    Filename for the CA (or self signed certificate). It should
+#    be located under puppet:///files/ldap/
+#    *Optional* (defaults to false)
+#
+#  [nsswitch]
+#    If enabled (nsswitch => true) enables nsswitch to use
+#    ldap as a backend for password, group and shadow databases.
+#    *Requires*: https://github.com/torian/puppet-nsswitch.git (in alpha)
+#    *Optional* (defaults to false)
+#
+#  [nss_passwd]
+#    Search base for the passwd database. *base* will be appended.
+#    *Optional* (defaults to false)
+#
+#  [nss_group]
+#    Search base for the group database. *base* will be appended.
+#    *Optional* (defaults to false)
+#
+#  [nss_shadow]
+#    Search base for the shadow database. *base* will be appended.
+#    *Optional* (defaults to false)
+#
+#  [pam]
+#    If enabled (pam => true) enables pam module, which will
+#    be setup to use pam_ldap, to enable authentication.
+#    *Requires*: https://github.com/torian/puppet-pam.git (in alpha)
+#    *Optional* (defaults to false)
+#
+#  [pam_att_login]
+#    User's login attribute
+#    *Optional* (defaults to *'uid'*)
+#
+#  [pam_att_member]
+#    Member attribute to use when testing user's membership
+#    *Optional* (defaults to *'member'*)
+#
+#  [pam_passwd]
+#    Password hash algorithm
+#    *Optional* (defaults to *'md5'*)
+#
+#  [pam_filter]
+#    Filter to use when retrieving user information
+#    *Optional* (defaults to *'objectClass=posixAccount'*)
+#
+#  [enable_motd]
+#    Use motd to report the usage of this module.
+#    *Requires*: https://github.com/torian/puppet-motd.git
+#    *Optional* (defaults to false)
+#
 #  [ensure]
 #    *Optional* (defaults to 'present')
 #
@@ -21,11 +107,31 @@
 # === Examples
 #
 # class { 'ldap':
-# }
+#  uri  => 'ldap://ldapserver00 ldap://ldapserver01',
+#  base => 'dc=suffix',
+#}
+#
+# class { 'ldap':
+#  uri  => 'ldap://ldapserver00',
+#  base => 'dc=suffix',
+#  ssl  => true,
+#  ssl_cert => 'ldapserver00.pem'
+#}
 #
 # class { 'ldap':
-#   ensure => present,
-# }
+#  uri        => 'ldap://ldapserver00',
+#  base       => 'dc=suffix',
+#  ssl        => true,
+#  ssl_cert => 'ldapserver00.pem'
+#
+#  nsswitch   => true,
+#  nss_passwd => 'ou=users',
+#  nss_shadow => 'ou=users',
+#  nss_group  => 'ou=groups',
+#
+#  pam        => true,
+#}
+#
 #
 # === Authors
 #
@@ -36,15 +142,98 @@
 #
 # Copyleft (C) 2012 Emiliano Castagnari [email protected] (a.k.a. Torian)
 #
-#
-class ldap($ensure = present) {
+class ldap (
+  $uri,
+  $base,
+  $version        = '3',
+  $timelimit      = 30,
+  $bind_timelimit = 30,
+  $idle_timelimit = 60,
+  $binddn         = false,
+  $bindpw         = false,
+  $ssl            = false,
+  $ssl_cert       = false,
+  $ssl_cacert     = false,
+  $nsswitch       = false,
+  $nss_passwd     = false,
+  $nss_group      = false,
+  $nss_shadow     = false,
+  $pam            = false,
+  $pam_att_login  = 'uid',
+  $pam_att_member = 'member',
+  $pam_passwd     = 'md5',
+  $pam_filter     = 'objectClass=posixAccount',
+  $enable_motd    = false,
+  $ensure         = present) {
+  include ldap::params
+
+  if ($enable_motd) {
+    motd::register { 'ldap': }
+  }
+
+  package { $ldap::params::package: ensure => $ensure, }
 
-    include stdlib
-    include ldap::params
+  File {
+    ensure => $ensure,
+    mode   => '0644',
+    owner  => $ldap::params::owner,
+    group  => $ldap::params::group,
+  }
 
-    package { $ldap::params::package :
-      ensure => $ensure,
+  file { $ldap::params::prefix:
+    ensure  => $ensure ? {
+      present => directory,
+      default => absent,
+    },
+    require => Package[$ldap::params::package],
+  }
+
+  file { "${ldap::params::prefix}/${ldap::params::config}":
+    content => template("ldap/${ldap::params::config}.erb"),
+    require => File[$ldap::params::prefix],
+  }
+
+  if ($ssl) {
+    if (!$ssl_cert and !$ssl_cacert) {
+      fail('When ssl is enabled you must define ssl_cert (filename) or ssl_cert (abspath)')
+    }
+    if ($ssl_cert and $ssl_cacert) {
+      fail('You defined both ssl_cert (filename) and ssl_cert (abspath). Please use only one.')
+    }
+    if ($ssl_cert) {
+      file { "${ldap::params::cacertdir}/${ssl_cert}":
+        ensure => $ensure,
+        owner  => 'root',
+        group  => $ldap::params::group,
+        mode   => '0644',
+        source => "puppet:///files/ldap/${ssl_cert}"
+      }
+
+      # Create certificate hash file
+      exec { 'Build cert hash':
+        command => "ln -s ${ldap::params::cacertdir}/${ssl_cert} ${ldap::params::cacertdir}/$(openssl x509 -noout -hash -in ${ldap::params::cacertdir}/${ssl_cert}).0",
+        unless  => "test -f ${ldap::params::cacertdir}/$(openssl x509 -noout -hash -in ${ldap::params::cacertdir}/${ssl_cert}).0",
+        require => File["${ldap::params::cacertdir}/${ssl_cert}"]
+      }
+    }
+  }
+
+  # require module nsswitch
+  if ($nsswitch == true) {
+    class { 'nsswitch':
+      uri         => $uri,
+      base        => $base,
+      module_type => $ensure ? {
+        'present' => 'ldap',
+        default   => 'none'
+      },
     }
+  }
+
+  # require module pam
+  if ($pam == true) {
+    Class['pam::pamd'] -> Class['ldap']
+  }
 
 }