openldap::client: See README.md for details.openldap::client::config: See README.md for details.openldap::client::install: See README.md for details.openldap::client::ldapvi: See README.md for details.openldap::client::utilsopenldap::server: See README.md for details.openldap::server::config: See README.md for details.openldap::server::install: See README.md for details.openldap::server::service: See README.md for details.openldap::server::slapdconf: See README.md for details.openldap::utils: See README.md for details.
openldap::server::access: See README.md for details.openldap::server::access_wrapper: == Define openldap::server::access_wrapper Generate access from a given hash. === Parameters [suffix] Default: $name Mandatory. Theopenldap::server::database: See README.md for details.openldap::server::dbindex: See README.md for details.openldap::server::globalconf: See README.md for details.openldap::server::iterate_access: This is a 'private' class used by openldap::server::access_wrapperopenldap::server::module: See README.md for details.openldap::server::overlay: See README.md for details.openldap::server::schema: See README.md for details.
openldap_access: Manages OpenLDAP ACPs/ACLsopenldap_database: Manages OpenLDAP BDB and HDB databases.openldap_dbindex: Manages OpenLDAP DB indexesopenldap_global_confopenldap_module: Manages OpenLDAP modules.openldap_overlay: Manages OpenLDAP Overlaysopenldap_schema: Manages OpenLDAP schemas.
openldap_password: Returns the openldap password hash from the clear text password.
Openldap::Access_hash: A valid acl value for openldap::server::access_wrapperOpenldap::Access_rule: A valid access rule for openldap::server::accessOpenldap::Access_title: A valid title for an openldap::server::access resourceOpenldap::Attribute: An LDAP attribute in the form "key: value"Openldap::Attributes: A set of LDAP attributesOpenldap::Limits: Limits for clientsOpenldap::Syncrepl: Parameters for database replication consumersOpenldap::Tls_moznss_compatibility: The list of possible values TLS_MOZNSS_COMPATIBILITY can have (based on the man page), and an 'absent' (a puppet directive to remove an exist
See README.md for details.
The following parameters are available in the openldap::client class:
packagefilepackage_versionbasebind_policybind_timelimitbinddnbindpwldap_versionnetwork_timeoutscopesslsuffixtimelimittimeouturinss_base_groupnss_base_hostsnss_base_passwdnss_base_shadownss_initgroups_ignoreuserspam_filterpam_login_attributepam_member_attributepam_passwordtls_cacerttls_cacertdirtls_checkpeertls_reqcerttls_moznss_compatibilitysasl_mechsasl_realmsasl_authcidsasl_secpropssasl_nocanongssapi_signgssapi_encryptgssapi_allow_remote_principalsudoers_base
Data type: String[1]
Default value: 'openldap'
Data type: Stdlib::Absolutepath
Default value: '/etc/openldap/ldap.conf'
Data type: String[1]
Default value: installed
Data type: Optional[String[1]]
Default value: undef
Data type: Optional[String[1]]
Default value: undef
Data type: Optional[String[1]]
Default value: undef
Data type: Optional[String[1]]
Default value: undef
Data type: Optional[String[1]]
Default value: undef
Data type: Optional[String[1]]
Default value: undef
Data type: Optional[String[1]]
Default value: undef
Data type: Optional[String[1]]
Default value: undef
Data type: Optional[String[1]]
Default value: undef
Data type: Optional[String[1]]
Default value: undef
Data type: Optional[String[1]]
Default value: undef
Data type: Optional[String[1]]
Default value: undef
Data type: Optional[Variant[String[1],Array[String[1]]]]
Default value: undef
Data type: Optional[String[1]]
Default value: undef
Data type: Optional[String[1]]
Default value: undef
Data type: Optional[String[1]]
Default value: undef
Data type: Optional[String[1]]
Default value: undef
Data type: Optional[String[1]]
Default value: undef
Data type: Optional[String[1]]
Default value: undef
Data type: Optional[String[1]]
Default value: undef
Data type: Optional[String[1]]
Default value: undef
Data type: Optional[String[1]]
Default value: undef
Data type: Optional[Stdlib::Absolutepath]
Default value: undef
Data type: Optional[Stdlib::Absolutepath]
Default value: undef
Data type: Optional[String[1]]
Default value: undef
Data type: Optional[String[1]]
Default value: undef
Data type: Optional[Openldap::Tls_moznss_compatibility]
Default value: undef
Data type: Optional[String[1]]
Default value: undef
Data type: Optional[String[1]]
Default value: undef
Data type: Optional[String[1]]
Default value: undef
Data type: Optional[Array[String[1]]]
Default value: undef
Data type: Optional[Boolean]
Default value: undef
Data type: Optional[Boolean]
Default value: undef
Data type: Optional[Boolean]
Default value: undef
Data type: Optional[String[1]]
Default value: undef
Data type: Optional[String[1]]
Default value: undef
See README.md for details.
See README.md for details.
See README.md for details.
The following parameters are available in the openldap::client::ldapvi class:
Data type: String[1]
Default value: 'ldapvi'
The openldap::client::utils class.
See README.md for details.
The following parameters are available in the openldap::server class:
krb5_keytab_filekrb5_client_keytab_filepldap_ifspldaps_ifspackageconfdirconffileserviceownergroupescape_ldapi_ifsldapi_ifsdefault_directorymanage_epelpackage_versionenable_chownservice_hasstatusenablestartssl_keyssl_certssl_cadatabasesldap_ifsldaps_ifsslapd_paramsldap_portldap_addressldaps_portldaps_addressldapi_socket_pathregister_slpldap_config_backendenable_memory_limit
Data type: Optional[Stdlib::Absolutepath]
if set, manage the env variable KRB5_KTNAME on Debian based operating systems. This is required when configuring sasl with backend GSSAPI
Default value: undef
Data type: Optional[Stdlib::Absolutepath]
if set, manage the env variable KRB5_CLIENT_KTNAME on Debian based operating systems. This is required when configuring sasl with backend GSSAPI
Default value: undef
Data type: Array[String[1]]
Allows to configure the HAProxy PROXY protol handling of openldap. This allows to get IPs of clients through a load-balancer for logging or filtering. Must not use the same ports as the native listeners.
Default value: []
Data type: Array[String[1]]
Allows to configure the HAProxy PROXY protol handling of openldap. This allows to get IPs of clients through a load-balancer for logging or filtering. Must not use the same ports as the native listeners.
Default value: []
Data type: String[1]
Data type: String[1]
Default value: '/etc/openldap/slapd.d'
Data type: String[1]
Default value: '/etc/openldap/slapd.conf'
Data type: String[1]
Default value: 'slapd'
Data type: String[1]
Default value: 'ldap'
Data type: String[1]
Default value: 'ldap'
Data type: Boolean
Default value: false
Data type: Array[String[1]]
Default value: ['/']
Data type: Stdlib::Absolutepath
Default value: '/var/lib/ldap'
Data type: Boolean
Default value: true
Data type: String[1]
Default value: installed
Data type: Optional[Boolean]
Default value: undef
Data type: Optional[Boolean]
Default value: undef
Data type: Boolean
Default value: true
Data type: Boolean
Default value: true
Data type: Optional[Stdlib::Absolutepath]
Default value: undef
Data type: Optional[Stdlib::Absolutepath]
Default value: undef
Data type: Optional[Stdlib::Absolutepath]
Default value: undef
Data type: Hash
Default value: {}
Data type: Array[String[1]]
Default value: ['/']
Data type: Array[String[1]]
Default value: []
Data type: Optional[String]
Default value: undef
Data type: Optional[Stdlib::Port]
Default value: undef
Data type: Optional[Stdlib::IP::Address]
Default value: undef
Data type: Optional[Stdlib::Port]
Default value: undef
Data type: Optional[Stdlib::IP::Address]
Default value: undef
Data type: Optional[Stdlib::Absolutepath]
Default value: undef
Data type: Optional[Boolean]
Default value: undef
Data type: Optional[String]
Default value: undef
Data type: Optional[Boolean]
Default value: undef
See README.md for details.
See README.md for details.
See README.md for details.
See README.md for details.
See README.md for details.
The following parameters are available in the openldap::utils class:
Data type: Optional[String[1]]
Default value: undef
Data type: String[1]
Default value: installed
See README.md for details.
The following parameters are available in the openldap::server::access defined type:
Data type: String[1]
Data type: Array[Openldap::Access_rule]
Data type: Enum['present', 'absent']
Default value: 'present'
== Define openldap::server::access_wrapper
Generate access from a given hash.
=== Parameters
[suffix] Default: $name Mandatory. The suffix to apply acls
[acl] Default: Mandatory. Array of Hash in the form { => , ... }
example: $acl = [ { 'to *' => [ 'by dn.base="cn=replicator,dc=suretecsystems,dc=com" write', 'by * break' ], }, { 'to dn.base=""' => [ 'by * read', ], }, { 'to dn.base="cn=Subschema"' => [ 'by * read', ], }, { 'to dn.subtree="cn=Monitor"' => [ 'by dn.exact="uid=admin,dc=suretecsystems,dc=com" write', 'by users read', 'by * none', ], }, { 'to *' => [ 'by self write', 'by * none', ] }, ]
The following parameters are available in the openldap::server::access_wrapper defined type:
Data type: Array[Hash[Pattern[/\Ato\s/], Array[Openldap::Access_rule], 1, 1]]
Data type: String[1]
Default value: $name
See README.md for details.
The following parameters are available in the openldap::server::database defined type:
ensuredirectorysuffixrelaybackendrootdnrootpwinitdbreadonlysizelimitdbmaxsizetimelimitupdatereflastbindlastbindprecisionlimitsdboptionssynctypemirrormodemultiprovidersyncusesubentrysyncreplsecurity
Data type: Enum['present', 'absent']
Default value: present
Data type: Optional[Stdlib::Absolutepath]
Default value: undef
Data type: String[1]
Default value: $title
Data type: Optional[String[1]]
Default value: undef
Data type: Optional[String[1]]
Default value: undef
Data type: Optional[Variant[Sensitive[String[1]],String[1]]]
Default value: undef
Data type: Optional[Variant[Sensitive[String[1]],String[1]]]
Default value: undef
Data type: Optional[Boolean]
Default value: undef
Data type: Boolean
Default value: false
Data type: Optional[String[1]]
Default value: undef
Data type: Optional[String[1]]
Default value: undef
Data type: Optional[String[1]]
Default value: undef
Data type: Optional[String[1]]
Default value: undef
Data type: Optional[Boolean]
Default value: undef
Data type: Optional[Integer[0]]
Default value: undef
Data type: Openldap::Limits
Default value: {}
Data type: Hash[String[1],Variant[String[1],Array[String[1]]]]
Default value: {}
Data type: Optional[String[1]]
Default value: undef
Data type: Optional[Boolean]
Default value: undef
Data type: Optional[Boolean]
Default value: undef
Data type: Optional[String[1]]
Default value: undef
Data type: Array[Openldap::Syncrepl]
Default value: []
Data type:
Hash[
Enum[
'transport',
'sasl',
'simple_bind',
'ssf',
'tls',
'update_sasl',
'update_ssf',
'update_tls',
'update_transport',
],
Integer[0]
]Default value: {}
See README.md for details.
The following parameters are available in the openldap::server::dbindex defined type:
Data type: Optional[Enum['present', 'absent']]
Default value: undef
Data type: Optional[String[1]]
Default value: undef
Data type: String[1]
Default value: $name
Data type: Optional[String[1]]
Default value: undef
See README.md for details.
The following parameters are available in the openldap::server::globalconf defined type:
Data type: Variant[String[1],Array[String[1],1],Openldap::Attributes]
Data type: Enum['present', 'absent']
Default value: 'present'
This is a 'private' class used by openldap::server::access_wrapper
The following parameters are available in the openldap::server::iterate_access defined type:
Data type: Openldap::Access_hash
See README.md for details.
The following parameters are available in the openldap::server::module defined type:
Data type: Optional[Enum['present', 'absent']]
Default value: undef
See README.md for details.
The following parameters are available in the openldap::server::overlay defined type:
Data type: Enum['present', 'absent']
Default value: present
Data type: String[1]
Default value: regsubst($title, '^(\S+)\s+on\s+(\S+)$', '\1')
Data type: String[1]
Default value: regsubst($title, '^(\S+)\s+on\s+(\S+)$', '\2')
Data type: Optional[Openldap::Attributes]
Default value: undef
See README.md for details.
The following parameters are available in the openldap::server::schema defined type:
Data type: Optional[Enum['present', 'absent']]
Default value: undef
Data type: Stdlib::Absolutepath
Default value:
$facts['os']['family'] ? {
'Debian' => "/etc/ldap/schema/${title}.schema",
'Redhat' => "/etc/openldap/schema/${title}.schema",
'Archlinux' => "/etc/openldap/schema/${title}.schema",
'FreeBSD' => "/usr/local/etc/openldap/schema/${title}.schema",
'Suse' => "/etc/openldap/schema/${title}.schema"Manages OpenLDAP ACPs/ACLs
The following properties are available in the openldap_access type.
Access rule.
Valid values: present, absent
The basic property that the resource should be in.
Default value: present
The entries and/or attributes to which the access applies
The following parameters are available in the openldap_access type.
namevar
The default namevar
Where to place the new entry
The specific backend to use for this openldap_access resource. You will seldom need to specify this --- Puppet will
usually discover the appropriate provider for your platform.
The suffix to which the access applies
The slapd.conf file
Manages OpenLDAP BDB and HDB databases.
The following properties are available in the openldap_database type.
Valid values: bdb, hdb, mdb, monitor, config, relay, ldap
The name of the backend.
Specifies the maximum size of the DB in bytes.
Hash to pass specific HDB/BDB options for the database
The directory where the BDB files containing this database and associated indexes live.
Valid values: present, absent
The basic property that the resource should be in.
Default value: present
The index of the database.
Valid values: true, false
This option controls whether slapd will automatically maintain the pwdLastSuccess attribute for entries
specifies how frequently pwdLastSuccess will be updated
Limits the number entries returned and/or the time spent by a request
Valid values: true, false
This option puts a replica database into "mirror" mode, deprecated as of 2.5
Valid values: true, false
This option puts a replica database into "multiprovider" mode
Puts the database into read-only mode.
The distinguished name that is not subject to access control or administrative limit restrictions for operations on this database.
Password (or hash of the password) for the rootdn.
The olcSecurity configuration.
Specifies the maximum number of entries to return from a search operation.
Specify the current database as a consumer which is kept up-to-date with the provider content by establishing the current slapd(8) as a replication consumer site running a syncrepl replication engine.
Store the syncrepl contextCSN in a subentry instead of the context entry of the database
Specifies the maximum number of seconds (in real time) slapd will spend answering a search request.
This directive is only applicable in a replica (or shadow) slapd. It specifies the URL to return to clients which submit update requests upon the replica.
The following parameters are available in the openldap_database type.
Valid values: true, false
When true it initiales the database with the top object. When false, it does not create any object in the database, so you have to create it by other mechanism. It defaults to false when the backend is one of config, ldap, monitor or relay, true otherwise.
Organization name used when initdb is true
The specific backend to use for this openldap_database resource. You will seldom need to specify this --- Puppet will
usually discover the appropriate provider for your platform.
The relay configuration.
The default namevar.
Valid values: inclusive, minimum
Whether specified dboptions should be considered the complete list (inclusive) or the minimum list (minimum) of dboptions the database should have. Defaults to minimum.
Valid values are inclusive, minimum.
Default value: minimum
Manages OpenLDAP DB indexes
The following properties are available in the openldap_dbindex type.
Valid values: present, absent
The basic property that the resource should be in.
Default value: present
The indices to maintain
The following parameters are available in the openldap_dbindex type.
The attribute to index
Default value: default
namevar
The default namevar
The specific backend to use for this openldap_dbindex resource. You will seldom need to specify this --- Puppet will
usually discover the appropriate provider for your platform.
The suffix to which the index applies
The slapd.conf file
The openldap_global_conf type.
The following properties are available in the openldap_global_conf type.
Valid values: present, absent
The basic property that the resource should be in.
Default value: present
The following parameters are available in the openldap_global_conf type.
namevar
The specific backend to use for this openldap_global_conf resource. You will seldom need to specify this --- Puppet
will usually discover the appropriate provider for your platform.
Manages OpenLDAP modules.
The following properties are available in the openldap_module type.
Valid values: present, absent
The basic property that the resource should be in.
Default value: present
The following parameters are available in the openldap_module type.
namevar
The default namevar.
The specific backend to use for this openldap_module resource. You will seldom need to specify this --- Puppet will
usually discover the appropriate provider for your platform.
Manages OpenLDAP Overlays
The following properties are available in the openldap_overlay type.
Valid values: present, absent
The basic property that the resource should be in.
Default value: present
The index of the overlay.
Overlay options.
The following parameters are available in the openldap_overlay type.
namevar
The default namevar
The name of the overlay to apply
The specific backend to use for this openldap_overlay resource. You will seldom need to specify this --- Puppet will
usually discover the appropriate provider for your platform.
The suffix to which the overlay applies
The slapd.conf file
Manages OpenLDAP schemas.
The following properties are available in the openldap_schema type.
The modifyTimestamp of the schema.
Valid values: present, absent
The basic property that the resource should be in.
Default value: present
The index of the schema.
The following parameters are available in the openldap_schema type.
namevar
The default namevar.
The location to the schema file.
The specific backend to use for this openldap_schema resource. You will seldom need to specify this --- Puppet will
usually discover the appropriate provider for your platform.
Type: Ruby 4.x API
Returns the openldap password hash from the clear text password.
openldap_password(String $secret, Optional[Enum["PBKDF2","CRYPT","MD5","SMD5","SSHA","SHA"]] $scheme, Optional[Integer] $iterations, Optional[Enum["SHA256", "SHA512"]] $hash_type)
The openldap_password function.
Returns: String The hashed secret.
Data type: String
The secret to be hashed.
Data type: Optional[Enum["PBKDF2","CRYPT","MD5","SMD5","SSHA","SHA"]]
The optional scheme to use (defaults to SSHA).
Data type: Optional[Integer]
The number of iterations to use for the hashing (defaults to 60000). Only applicable for PBKDF2.
Data type: Optional[Enum["SHA256", "SHA512"]]
The hash algorithm to use: 'SHA256' (32 bytes) or 'SHA512' (64 bytes). Defaults to 'SHA512'. Only applicable for PBKDF2.
A valid acl value for openldap::server::access_wrapper
Alias of
Hash[Openldap::Access_title, Struct[{
position => Optional[Variant[Integer,String[1]]],
what => Optional[String[1]],
access => Array[Openldap::Access_rule],
suffix => Optional[String[1]],
}]]A valid access rule for openldap::server::access
Alias of Pattern[/\Aby /]
A valid title for an openldap::server::access resource
Alias of Pattern[/\A\d+ on /]
An LDAP attribute in the form "key: value"
Alias of Pattern[/\A[^ ]+: [^\n]+/]
A set of LDAP attributes
Alias of
Variant[Hash[
String[1],
Variant[
String[1],
Array[
String[1],
1,
],
],
], Array[
Openldap::Attribute,
1,
], Openldap::Attribute]Limits for clients
Alias of
Hash[String[1], Struct[
{
# Specify time limits
Optional['time'] => Variant[Integer[0], Enum['unlimited']],
Optional['time.soft'] => Variant[Integer[0], Enum['unlimited']],
Optional['time.hard'] => Variant[Integer[0], Enum['unlimited']],
# Specifying size limits
Optional['size'] => Variant[Integer[0], Enum['unlimited']],
Optional['size.soft'] => Variant[Integer[0], Enum['unlimited']],
Optional['size.hard'] => Variant[Integer[0], Enum['unlimited']],
Optional['size.unchecked'] => Variant[Integer[0], Enum['disabled', 'unlimited']],
# Size limits and Paged Results
Optional['size.pr'] => Variant[Integer[0], Enum['noEstimate', 'unlimited']],
Optional['size.prtotal'] => Variant[Integer[0], Enum['disabled', 'unlimited']],
},
]]Parameters for database replication consumers
Alias of
Struct[{
rid => Variant[Integer[0, 999], Pattern['\A\d{1,3}\z']],
provider => Pattern['\Aldaps?://[^/:]+(:\d+)?\z'],
searchbase => String[1],
Optional['type'] => Enum['refreshOnly', 'refreshAndPersist'],
Optional[interval] => Pattern['\A\d{2}:\d{2}:\d{2}:\d{2}\z'],
Optional[retry] => String[1],
Optional[filter] => String[1],
Optional[scope] => Enum['sub', 'one','base'],
Optional[attrs] => String[1],
Optional[exattrs] => String[1],
Optional[attrsonly] => Boolean,
Optional[sizelimit] => Integer[0],
Optional[timelimit] => Integer[0],
Optional[schemachecking] => Enum['on', 'off'],
Optional[network-timeout] => Integer[0],
Optional[timeout] => Integer[0],
Optional[updatedn] => String[1],
Optional[bindmethod] => Enum['simple', 'sasl'],
Optional[binddn] => String[1],
Optional[saslmech] => String[1],
Optional[authcid] => String[1],
Optional[authzid] => String[1],
Optional[credentials] => Variant[String[1], Sensitive[String[1]]],
Optional[realm] => String[1],
Optional[secprops] => String[1],
Optional[keepalive] => Pattern['\A\d+:\d+:\d+\z'],
Optional[starttls] => Enum['yes', 'critical'],
Optional[tls_cert] => Stdlib::Absolutepath,
Optional[tls_key] => Stdlib::Absolutepath,
Optional[tls_cacert] => Stdlib::Absolutepath,
Optional[tls_cacertdir] => Stdlib::Absolutepath,
Optional[tls_reqcert] => Enum['never', 'allow', 'try', 'demand'],
Optional[tls_cipher_suite] => String[1],
Optional[tls_crlcheck] => Enum['none', 'peer', 'all'],
Optional[tls_protocol_min] => Pattern['\A\d+(\.\d+)?\z'],
Optional[suffixmassage] => String[1],
Optional[logbase] => String[1],
Optional[logfilter] => String[1],
Optional[syncdata] => Enum['default', 'accesslog', 'changelog'],
}]The list of possible values TLS_MOZNSS_COMPATIBILITY can have (based on the man page), and an 'absent' (a puppet directive to remove an existing declaration).
Alias of Enum['on', 'true', 'yes', 'off', 'false', 'no', 'absent']