2018-09-04 07:44:12 -04:00
# puppet-nslcd
2015-04-16 18:04:30 -04:00
#### Table of Contents
1. [Overview ](#overview )
2021-11-06 07:36:59 -04:00
2. [Dependencies ](#dependencies )
3. [Usage ](#usage )
4. [What the module affects ](#what-the-module-affects )
5. [Parameters ](#parameters )
6. [Extend the configuration ](#extend-the-configuration )
7. [Limitations ](#limitations )
8. [Development ](#development )
2015-04-16 18:04:30 -04:00
## Overview
2021-11-06 07:36:59 -04:00
This module installs and configured a local NSLCD daemon.
NSLCD is used to provide LDAP authentication through PAM/NSS.
2015-04-16 18:04:30 -04:00
2021-11-06 07:36:59 -04:00
## Dependencies
2015-04-16 18:04:30 -04:00
2021-11-06 07:36:59 -04:00
[Stdlib - https://forge.puppet.com/modules/puppetlabs/stdlib ](https://forge.puppet.com/modules/puppetlabs/stdlib )
2015-04-16 18:04:30 -04:00
## Usage
2021-11-06 07:36:59 -04:00
The module includes a few sane defaults, so it should work out of the box.
Just fill in these parameters :
2015-04-16 18:04:30 -04:00
2021-11-06 07:36:59 -04:00
* Example
2018-09-04 07:42:52 -04:00
2015-04-16 18:04:30 -04:00
```
2021-11-06 07:36:59 -04:00
class
{
'nslcd':
ldap_uris => ['ldap://ldap01.mycompany.com:389','ldap://ldap02.mycompany.com:389'],
ldap_search_base => 'dc=company,dc=com'
2015-04-16 18:04:30 -04:00
}
```
2021-11-06 07:36:59 -04:00
* The same in Hiera
2018-09-04 07:42:52 -04:00
```
nslcd::ldap_uris:
- 'ldap://ldap01.company.com:389'
- 'ldap://ldap02.company.com:389'
nslcd::ldap_search_base: 'dc=company,dc=com'
```
2021-11-06 07:36:59 -04:00
* Will give this in the config file
2015-04-16 18:04:30 -04:00
2021-11-06 07:36:59 -04:00
```
uri ldap://ldap01.company.com:389 ldap://ldap02.company.com:389
base dc=company,dc=com
```
2015-04-16 18:04:30 -04:00
2021-11-06 07:36:59 -04:00
## What the module affects
* `nslcd` package and service
* `/etc/nslcd.conf`
## Parameters
Parameter | Parameter type | Default value | Description
--------- | ---------- | ------------- | -----------
package_ensure | Variant[Boolean,String] | present | Sets if the package should be present or absent.
package_name | String | Depends on the Linux distrib | Name of the package to install. Set if your platform is not supported.
package_manage | Boolean | true | Sets if the module should manage or not the package installation.
service_ensure | Variant[Boolean,Enum['stopped','running']] | running | Sets if the service should be running or stopped.
service_enable | Boolean | true | Sets if the service should be started on system boot.
service_name | String | nslcd | Sets the name of the service. Set if your platform is not supported.
service_manage | Boolean | true | Sets if the module should manage or not the service.
uid | String | nslcd | Sets the user to start the daemon.
gid | String | Depends on the Linux distrib | Sets the group to start the daemon.
config | Stdlib::Unixpath | /etc/nslcd.conf | Sets the path of the config file.
config_user | String | root | Sets the owner of the config file.
config_group | String | Depends on the Linux distrib | Sets the group of the config file.
config_mode | Stdlib::Filemode | Depends on the Linux distrib | Permission of the config file.
ldap_uris | Array[String] | ldap:/// | Array of LDAP servers.
ldap_version | Enum['2','3'] | 3 | Sets the LDAP version to use.
ldap_binddn | String | undef | Sets the DN (distinguished name) to bind to the LDAP servers.
ldap_bindpw | String | undef | Sets the password to bind to the LDAP servers. Only used if the parameter ldap_binddn is set.
ldap_search_base | String | undef | Sets the base DN (distinguished name) to use as the search base.
ldap_group_base | String | undef | Sets the base DN (distinguished name) to use as the group search base.
ldap_search_scope | Enum['sub','subtree','one','onelevel','base'] | subtree | Sets the search scope depth.
config_options | Hash | {} | Key/Value hash to extend the configuration.
ldap_filters | Hash | {} | Sets the LDAP search filter for specific mapping.
ldap_maps | Hash | {} | Allows for custom attributes to be looked up.
ldap_ssl | Enum['on','off','start_tls'] | off | Whether to use SSL/TLS for the connexion to the LDAP servers.
ldap_tls_reqcert | Enum['never','allow','try','demand','hard'] | allow | Sets what checks to perform on a server-supplied certificate.
ldap_tls_cacertfile | String | undef | Sets the path of the PEM-format file containing certificates for the CA's that will be trusted.
bind_timelimit | Integer | undef | Sets the time limit (in seconds) to setup a connexion with the LDAP server.
timelimit | Integer | undef | Sets the time limit (in seconds) to wait for a response from the LDAP server.
idle_timelimit | Integer | undef | Sets the period if inactivity (in seconds) after which the connection to the LDAP server will be closed.
reconnect_sleeptime | Integer | 1 | Sets the number of seconds to sleep when connecting to all LDAP servers fails.
reconnect_retrytime | Integer | 10 | Sets the time after which the LDAP server is considered to be permanently unavailable. Once this time is reached retries will be done only once per this time period.
## Extend the configuration
The module exposes the most commonly used paramaters. However, to extend the configuration use the **config_options** parameter.
It allows you to set any parameter not listed above.
* Example configuration
```
class
{
'nslcd':
config_options:
threads: '10'
}
```
2015-04-16 18:04:30 -04:00
2021-11-06 07:36:59 -04:00
* The same config in Hiera
2018-09-06 04:26:07 -04:00
2021-11-06 07:36:59 -04:00
```
nslcd::config_options:
threads: '10'
```
2015-04-16 18:04:30 -04:00
2021-11-06 07:36:59 -04:00
* Will give this in the config file
2015-04-16 18:04:30 -04:00
2021-11-06 07:36:59 -04:00
```
threads 10
```
## Limitations
2015-04-16 18:04:30 -04:00
2021-11-06 07:36:59 -04:00
The module has been tested with :
* Ubuntu 14.04 / 16.04 / 18.04 / 20.04
* Debian 8 / 9 / 10 / 11
* Puppet 4 / 5 / 6
## Development
2015-04-16 18:04:30 -04:00
2021-11-06 07:36:59 -04:00
If you want to improve this module, send us a pull request !
