puppet-nslcd/templates/nslcd.erb

# This file is being managed by puppet
# module: 'nslcd'

# The user and group nslcd should run as.
uid <%= @uid %>
gid <%= @gid %>

# The location at which the LDAP server(s) should be reachable.
<% @ldap_uris.each do |ldap_uri| -%>
uri <%= ldap_uri %>
<% end -%>

# The LDAP protocol version to use.
ldap_version <%= @ldap_version %>

# The search base that will be used for all queries.
base <%= @ldap_search_base %>

<% if @ldap_binddn and @ldap_bindpw -%>
# The DN to bind with for normal lookups.
binddn <%= @ldap_binddn %>
bindpw <%= @ldap_bindpw %>
<% end -%>

# SSL options
ssl <%= @ldap_ssl %>
tls_reqcert <%= @ldap_tls_reqcert %>
<% if @ldap_tls_cacertfile -%>
tls_cacertfile <%= @ldap_tls_cacertfile %>
<% end -%>
<% if @ldap_tls_cacertdir -%>
tls_cacertdir <%= @ldap_tls_cacertdir %>
<% end -%>

# The search scope.
scope <%= @ldap_search_scope %>

<% if @ldap_filters.length > 0 -%>
# Custom search filters
<% @ldap_filters.each do |map, filter| -%>
filter <%= map %> <%= filter %>
<% end -%>
<% end -%>

<% if @ldap_maps.length > 0 -%>
# Custom search attributes
<% @ldap_maps.each do |map, filter| -%>
<% filter.each do | attribute | -%>
map <%= map %> <%= attribute %>
<% end -%>
<% end -%>
<% end -%>

<% if @bind_timelimit -%>
# Specifies the distinguished name with which to bind to the directory server for lookups.
# The default is  to  bind anonymously.
bind_timelimit <%= @bind_timelimit %>
<% end -%>

<% if @timelimit -%>
# Specifies  the time limit (in seconds) to wait for a response from the LDAP server.  
# A value of zero (0), which is the default, is to wait indefinitely for searches to be completed.
timelimit <%= @timelimit %>
<% end -%>

<% if @idle_timelimit -%>
# Specifies the period if inactivity (in seconds) after which the connection to the 
# LDAP server will be closed.  The default is not to time out connections.
idle_timelimit <%= @idle_timelimit %>
<% end -%>

<% if @reconnect_sleeptime -%>
# Specifies the number of seconds to sleep when connecting to all LDAP servers fails.  
# By default 1 second is waited between the first failure and the first retry.
reconnect_sleeptime <%= @reconnect_sleeptime %>
<% end -%>

<% if @reconnect_retrytime -%>
# Specifies the time after which the LDAP server is considered to be permanently unavailable.   
# Once this time is reached retries will be done only once per this time period.  The default 
# value is 10 seconds.
reconnect_retrytime <%= @reconnect_retrytime %>
<% end -%>

<% if @pagesize -%>
# Set this to a number greater than 0 to request paged results from the LDAP server 
# in accordance with RFC2696.  The default (0) is to not request paged results.
pagesize <%= @pagesize %>
<% end -%>

<% if @referrals -%>
# Specifies whether automatic referral chasing should be enabled.  The default behaviour 
# is to chase referrals.
referrals <%= @referrals %>
<% end -%>

<% if @nss_initgroups_ignoreusers -%>
# This option prevents group membership lookups through LDAP for the specified users. 
# This can be useful in case of unavailability of the LDAP server. 
<% @nss_initgroups_ignoreusers.each do | user | -%>
nss_initgroups_ignoreusers <%= user %> 
<% end -%>
<% end -%>
Initial import 2015-04-16 18:04:30 -04:00			`# This file is being managed by puppet`
			`# module: 'nslcd'`

			`# The user and group nslcd should run as.`
			`uid <%= @uid %>`
			`gid <%= @gid %>`

			`# The location at which the LDAP server(s) should be reachable.`
			`<% @ldap_uris.each do \|ldap_uri\| -%>`
			`uri <%= ldap_uri %>`
			`<% end -%>`

			`# The LDAP protocol version to use.`
			`ldap_version <%= @ldap_version %>`

			`# The search base that will be used for all queries.`
			`base <%= @ldap_search_base %>`

			`<% if @ldap_binddn and @ldap_bindpw -%>`
			`# The DN to bind with for normal lookups.`
			`binddn <%= @ldap_binddn %>`
			`bindpw <%= @ldap_bindpw %>`
			`<% end -%>`

			`# SSL options`
			`ssl <%= @ldap_ssl %>`
			`tls_reqcert <%= @ldap_tls_reqcert %>`
			`<% if @ldap_tls_cacertfile -%>`
			`tls_cacertfile <%= @ldap_tls_cacertfile %>`
			`<% end -%>`
Added a lot more parameters. 2015-11-20 11:36:19 -05:00			`<% if @ldap_tls_cacertdir -%>`
			`tls_cacertdir <%= @ldap_tls_cacertdir %>`
			`<% end -%>`
Initial import 2015-04-16 18:04:30 -04:00
			`# The search scope.`
			`scope <%= @ldap_search_scope %>`

			`<% if @ldap_filters.length > 0 -%>`
			`# Custom search filters`
			`<% @ldap_filters.each do \|map, filter\| -%>`
			`filter <%= map %> <%= filter %>`
			`<% end -%>`
			`<% end -%>`
Added a lot more parameters. 2015-11-20 11:36:19 -05:00
			`<% if @ldap_maps.length > 0 -%>`
			`# Custom search attributes`
			`<% @ldap_maps.each do \|map, filter\| -%>`
			`<% filter.each do \| attribute \| -%>`
			`map <%= map %> <%= attribute %>`
			`<% end -%>`
			`<% end -%>`
			`<% end -%>`

			`<% if @bind_timelimit -%>`
			`# Specifies the distinguished name with which to bind to the directory server for lookups.`
			`# The default is to bind anonymously.`
			`bind_timelimit <%= @bind_timelimit %>`
			`<% end -%>`

			`<% if @timelimit -%>`
			`# Specifies the time limit (in seconds) to wait for a response from the LDAP server.`
			`# A value of zero (0), which is the default, is to wait indefinitely for searches to be completed.`
			`timelimit <%= @timelimit %>`
			`<% end -%>`

			`<% if @idle_timelimit -%>`
			`# Specifies the period if inactivity (in seconds) after which the connection to the`
			`# LDAP server will be closed. The default is not to time out connections.`
			`idle_timelimit <%= @idle_timelimit %>`
			`<% end -%>`

			`<% if @reconnect_sleeptime -%>`
			`# Specifies the number of seconds to sleep when connecting to all LDAP servers fails.`
			`# By default 1 second is waited between the first failure and the first retry.`
			`reconnect_sleeptime <%= @reconnect_sleeptime %>`
			`<% end -%>`

			`<% if @reconnect_retrytime -%>`
			`# Specifies the time after which the LDAP server is considered to be permanently unavailable.`
			`# Once this time is reached retries will be done only once per this time period. The default`
			`# value is 10 seconds.`
			`reconnect_retrytime <%= @reconnect_retrytime %>`
			`<% end -%>`

			`<% if @pagesize -%>`
			`# Set this to a number greater than 0 to request paged results from the LDAP server`
			`# in accordance with RFC2696. The default (0) is to not request paged results.`
			`pagesize <%= @pagesize %>`
			`<% end -%>`

			`<% if @referrals -%>`
			`# Specifies whether automatic referral chasing should be enabled. The default behaviour`
			`# is to chase referrals.`
			`referrals <%= @referrals %>`
			`<% end -%>`

			`<% if @nss_initgroups_ignoreusers -%>`
			`# This option prevents group membership lookups through LDAP for the specified users.`
			`# This can be useful in case of unavailability of the LDAP server.`
			`<% @nss_initgroups_ignoreusers.each do \| user \| -%>`
			`nss_initgroups_ignoreusers <%= user %>`
			`<% end -%>`
			`<% end -%>`