Initial import

.fixtures.yml

@@ -0,0 +1,5 @@
+fixtures:
+  repositories:
+    "stdlib": "git://github.com/puppetlabs/puppetlabs-stdlib.git"
+  symlinks:
+    "nslcd": "#{source_dir}"

.gitignore

@@ -0,0 +1,4 @@
+/.bundle/
+/vendor/
+/pkg/
+

Gemfile

@@ -0,0 +1,38 @@
+source 'https://rubygems.org'
+
+def location_for(place, fake_version = nil)
+  if place =~ /^(git[:@][^#]*)#(.*)/
+    [fake_version, { :git => $1, :branch => $2, :require => false }].compact
+  elsif place =~ /^file:\/\/(.*)/
+    ['>= 0', { :path => File.expand_path($1), :require => false }]
+  else
+    [place, { :require => false }]
+  end
+end
+
+group :development, :unit_tests do
+  gem 'rake', '~> 10.1.0',       :require => false
+  gem 'rspec', '~> 3.1.0',       :require => false
+  gem 'rspec-puppet',            :require => false
+  gem 'puppetlabs_spec_helper',  :require => false
+  gem 'puppet-lint', '< 1.1.0',  :require => false
+  gem 'metadata-json-lint',      :require => false
+  gem 'pry',                     :require => false
+  gem 'simplecov',               :require => false
+end
+
+facterversion = ENV['GEM_FACTER_VERSION'] || ENV['FACTER_GEM_VERSION']
+if facterversion
+      gem 'facter', *location_for(facterversion)
+else
+      gem 'facter', :require => false
+end
+
+puppetversion = ENV['GEM_PUPPET_VERSION'] || ENV['PUPPET_GEM_VERSION']
+if puppetversion
+      gem 'puppet', *location_for(puppetversion)
+else
+      gem 'puppet', :require => false
+end
+
+# vim:ft=ruby

Gemfile.lock

@@ -0,0 +1,76 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    CFPropertyList (2.2.8)
+    coderay (1.1.0)
+    diff-lcs (1.2.5)
+    docile (1.1.5)
+    facter (2.4.3)
+      CFPropertyList (~> 2.2.6)
+    hiera (1.3.4)
+      json_pure
+    json (1.8.2)
+    json_pure (1.8.2)
+    metaclass (0.0.4)
+    metadata-json-lint (0.0.6)
+      json
+      spdx-licenses (~> 1.0)
+    method_source (0.8.2)
+    mocha (1.1.0)
+      metaclass (~> 0.0.1)
+    multi_json (1.11.0)
+    pry (0.10.1)
+      coderay (~> 1.1.0)
+      method_source (~> 0.8.1)
+      slop (~> 3.4)
+    puppet (3.7.5)
+      facter (> 1.6, < 3)
+      hiera (~> 1.0)
+      json_pure
+    puppet-lint (1.0.1)
+    puppet-syntax (2.0.0)
+      rake
+    puppetlabs_spec_helper (0.10.2)
+      mocha
+      puppet-lint
+      puppet-syntax
+      rake
+      rspec-puppet
+    rake (10.1.1)
+    rspec (3.1.0)
+      rspec-core (~> 3.1.0)
+      rspec-expectations (~> 3.1.0)
+      rspec-mocks (~> 3.1.0)
+    rspec-core (3.1.7)
+      rspec-support (~> 3.1.0)
+    rspec-expectations (3.1.2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.1.0)
+    rspec-mocks (3.1.3)
+      rspec-support (~> 3.1.0)
+    rspec-puppet (2.0.1)
+      rspec
+    rspec-support (3.1.2)
+    simplecov (0.9.2)
+      docile (~> 1.1.0)
+      multi_json (~> 1.0)
+      simplecov-html (~> 0.9.0)
+    simplecov-html (0.9.0)
+    slop (3.6.0)
+    spdx-licenses (1.0.0)
+      json
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  facter
+  metadata-json-lint
+  pry
+  puppet (< 4.0.0)
+  puppet-lint (< 1.1.0)
+  puppetlabs_spec_helper
+  rake (~> 10.1.0)
+  rspec (~> 3.1.0)
+  rspec-puppet
+  simplecov

README.md

@@ -0,0 +1,58 @@
+# nslcd
+
+#### Table of Contents
+
+1. [Overview](#overview)
+2. [Module Description - What the module does and why it is useful](#module-description)
+3. [Setup - The basics of getting started with nslcd](#setup)
+    * [What nslcd affects](#what-nslcd-affects)
+4. [Usage - Configuration options and additional functionality](#usage)
+5. [Reference - An under-the-hood peek at what the module is doing and how](#reference)
+5. [Limitations - OS compatibility, etc.](#limitations)
+6. [Development - Guide for contributing to the module](#development)
+
+## Overview
+
+This module installs and configured nslcd to get pam/nss data from ldap.
+
+## Module Description
+
+This module allows you to install and configure the nslcd daemon (and its dependencies), to provide ldap support for 
+PAM and NSS.
+
+## Setup
+
+### What nslcd affects
+
+* `nslcd` package and service
+* `/etc/nslcd.conf`
+
+## Usage
+
+Simply include/contain/required/declare the nslcd class.
+It includes a few sane defaults, so it should work out of the box.
+However, we recommend that you declare the class and override a few parameters:
+
+```
+class { 'nslcd':
+  ldap_uris => ['ldap://ldap.mycompany.com'],
+  ldap_ssl  => 'on',
+}
+```
+
+## Reference
+
+*todo*
+
+## Limitations
+
+The module has been tested with Ubuntu 12.04 and 14.04, Debian 6 and 7, and Puppet 3.7.
+It should work Puppet 3.x.
+For additional OS support, you should contribute it back upstream!
+
+The module doesn't support setting the `rootbinddn` and `rootbindpw` attributes, but it can be easily added.
+
+## Development
+
+If you want to improve this module, send us a patch of pull request!
+

Rakefile

@@ -0,0 +1,18 @@
+require 'rubygems'
+require 'puppetlabs_spec_helper/rake_tasks'
+require 'puppet-lint/tasks/puppet-lint'
+PuppetLint.configuration.send('disable_80chars')
+PuppetLint.configuration.ignore_paths = ["spec/**/*.pp", "pkg/**/*.pp"]
+
+desc "Validate manifests, templates, and ruby files"
+task :validate do
+  Dir['manifests/**/*.pp'].each do |manifest|
+    sh "puppet parser validate --noop #{manifest}"
+  end
+  Dir['spec/**/*.rb','lib/**/*.rb'].each do |ruby_file|
+    sh "ruby -c #{ruby_file}" unless ruby_file =~ /spec\/fixtures/
+  end
+  Dir['templates/**/*.erb'].each do |template|
+    sh "erb -P -x -T '-' #{template} | ruby -c"
+  end
+end

manifests/config.pp

@@ -0,0 +1,15 @@
+# == Class: nslcd::config
+#
+# Manages the nslcd server configuration file
+class nslcd::config inherits nslcd {
+
+  file { $nslcd::config:
+    ensure  => file,
+    owner   => $nslcd::config_user,
+    group   => $nslcd::config_group,
+    mode    => $nslcd::config_mode,
+    content => template('nslcd/nslcd.erb'),
+  }
+
+}
+

manifests/init.pp

@@ -0,0 +1,46 @@
+# == Class: nslcd
+#
+# This class manages the nslcd server and service.
+class nslcd (
+  $package_ensure      = $nslcd::params::package_ensure,
+  $package_name        = $nslcd::params::package_name,
+  $service_ensure      = $nslcd::params::service_ensure,
+  $service_enable      = $nslcd::params::service_enable,
+  $service_name        = $nslcd::params::service_name,
+  $uid                 = $nslcd::params::uid,
+  $gid                 = $nslcd::params::gid,
+  $config              = $nslcd::params::config,
+  $config_user         = $nslcd::params::config_user,
+  $config_group        = $nslcd::params::config_group,
+  $config_mode         = $nslcd::params::config_mode,
+  $ldap_uris           = $nslcd::params::ldap_uris,
+  $ldap_version        = $nslcd::params::ldap_version,
+  $ldap_binddn         = $nslcd::params::ldap_binddn,
+  $ldap_bindpw         = $nslcd::params::ldap_bindpw,
+  $ldap_search_base    = $nslcd::params::ldap_search_base,
+  $ldap_search_scope   = $nslcd::params::ldap_search_scope,
+  $ldap_filters        = $nslcd::params::ldap_filters,
+  $ldap_ssl            = $nslcd::params::ldap_ssl,
+  $ldap_tls_reqcert    = $nslcd::params::ldap_tls_reqcert,
+  $ldap_tls_cacertfile = $nslcd::params::ldap_tls_cacertfile,
+) inherits nslcd::params {
+
+  # Input validation
+  $valid_ldap_versions     = [ '2', '3' ]
+  $valid_ldap_ssl          = [ 'on', 'off', 'start_tls' ]
+  $valid_ldap_tls_reqcert  = [ 'never', 'allow', 'try', 'demand', 'hard' ]
+  $valid_ldap_search_scope = [ 'sub', 'subtree', 'one', 'onelevel', 'base' ]
+
+  validate_re($ldap_version, $valid_ldap_versions)
+  validate_re($ldap_ssl, $valid_ldap_ssl)
+  validate_re($ldap_tls_reqcert, $valid_ldap_tls_reqcert)
+  validate_re($ldap_search_scope, $valid_ldap_search_scope)
+
+  anchor { 'nslcd::begin': } ->
+  class { 'nslcd::install': } ->
+  class { 'nslcd::config': } ~>
+  class { 'nslcd::service': } ->
+  anchor { 'nslcd::end': }
+
+}
+

manifests/install.pp

@@ -0,0 +1,10 @@
+# == Class: nslcd::install
+#
+# Installs the nslcd package.
+class nslcd::install inherits nslcd {
+
+  package { $nslcd::package_name:
+    ensure => $nslcd::package_ensure,
+  }
+
+}

manifests/params.pp

@@ -0,0 +1,42 @@
+# == Class: nslcd::params
+#
+# Sets the default parameters for the nslcd class.
+class nslcd::params {
+
+  $package_ensure = present
+  $service_ensure = running
+  $service_enable = true
+
+  $ldap_uris           = ['ldap:///']
+  $ldap_version        = '3'
+  $ldap_binddn         = undef
+  $ldap_bindpw         = undef
+  $ldap_search_base    = ''
+  $ldap_search_scope   = 'subtree'
+  $ldap_filters        = {}
+  $ldap_ssl            = 'off'
+  $ldap_tls_reqcert    = 'allow'
+  $ldap_tls_cacertfile = undef
+
+  $default_config       = '/etc/nslcd.conf'
+  $default_package_name = 'nslcd'
+  $default_service_name = 'nslcd'
+
+  case $::osfamily {
+    Debian: {
+      $config        = $default_config
+      $package_name  = $default_package_name
+      $service_name  = $default_service_name
+      $uid          = 'nslcd'
+      $gid         = 'nslcd'
+      $config_user         = 'root'
+      $config_group        = 'nslcd'
+      $config_mode         = '0640'
+    }
+    default: {
+      fail("The ${module_name} module is not supported on an ${::osfamily} based system.")
+    }
+  }
+
+}
+

manifests/service.pp

@@ -0,0 +1,12 @@
+# == Class: nslcd::service
+#
+# Manages the nslcd service.
+class nslcd::service inherits nslcd {
+
+  service { 'nslcd':
+    ensure => $nslcd::service_ensure,
+    enable => $nslcd::service_enable,
+    name   => $nslcd::service_name,
+  }
+
+}

metadata.json

@@ -0,0 +1,28 @@
+{
+  "name": "OpenConceptConsulting-nslcd",
+  "version": "0.1.0",
+  "author": "OpenConceptConsulting",
+  "summary": "Installs and configures nslcd.",
+  "license": "Apache-2.0",
+  "source": "https://github.com/OpenConceptConsulting/puppet-nslcd",
+  "project_page": "https://github.com/OpenConceptConsulting/puppet-nslcd",
+  "issues_url": "https://github.com/OpenConceptConsulting/puppet-nslcd/issues",
+  "tags": ["nslcd","pam","nss","ldap"],
+  "operatingsystem_support": [
+    {
+      "operatingsystem": "Debian",
+      "operatingsystemrelease":[ "6.0", "7.0"]
+    },
+    {
+      "operatingsystem": "Ubuntu",
+      "operatingsystemrelease":[ "12.04", "14.04"]
+    }
+  ],
+  "dependencies": [
+    {
+      "name": "puppetlabs-stdlib",
+      "version_range": ">= 4.0.0 < 5.0.0"
+    }
+  ]
+}
+

spec/classes/init_spec.rb

@@ -0,0 +1,29 @@
+require 'spec_helper'
+
+describe 'nslcd' do
+
+  {'Ubuntu' => 'Debian', 'Debian' => 'Debian'}.each do |system, family|
+    context "when on system #{system}" do
+      let :facts do
+        {
+          :osfamily        => family,
+          :operatingsystem => system,
+        }
+      end
+
+      it { should contain_class('nslcd') }
+      it { should contain_class('nslcd::install') }
+      it { should contain_class('nslcd::config') }
+      it { should contain_class('nslcd::service') }
+
+      it {
+        should contain_package('nslcd')
+        should contain_service('nslcd')
+      }
+    end
+  end
+
+  context 'when on an unknown system' do
+    it { expect { should raise_error(Puppet::Error) } }
+  end
+end

spec/spec.opts

@@ -0,0 +1,6 @@
+--format
+s
+--colour
+--loadby
+mtime
+--backtrace

spec/spec_helper.rb

@@ -0,0 +1,28 @@
+require 'puppetlabs_spec_helper/module_spec_helper'
+
+RSpec.configure do |c|
+  c.include PuppetlabsSpec::Files
+
+  c.before :each do
+    # Ensure that we don't accidentally cache facts and environment
+    # between test cases.
+    Facter::Util::Loader.any_instance.stubs(:load_all)
+    Facter.clear
+    Facter.clear_messages
+
+    # Store any environment variables away to be restored later
+    @old_env = {}
+    ENV.each_key {|k| @old_env[k] = ENV[k]}
+
+    if Gem::Version.new(`puppet --version`) >= Gem::Version.new('3.5')
+      Puppet.settings[:strict_variables]=true
+    end
+    if ENV['PARSER']
+      Puppet.settings[:parser]=ENV['PARSER']
+    end
+  end
+
+  c.after :each do
+    PuppetlabsSpec::Files.cleanup
+  end
+end

templates/nslcd.erb

@@ -0,0 +1,40 @@
+# This file is being managed by puppet
+# module: 'nslcd'
+
+# The user and group nslcd should run as.
+uid <%= @uid %>
+gid <%= @gid %>
+
+# The location at which the LDAP server(s) should be reachable.
+<% @ldap_uris.each do |ldap_uri| -%>
+uri <%= ldap_uri %>
+<% end -%>
+
+# The LDAP protocol version to use.
+ldap_version <%= @ldap_version %>
+
+# The search base that will be used for all queries.
+base <%= @ldap_search_base %>
+
+<% if @ldap_binddn and @ldap_bindpw -%>
+# The DN to bind with for normal lookups.
+binddn <%= @ldap_binddn %>
+bindpw <%= @ldap_bindpw %>
+<% end -%>
+
+# SSL options
+ssl <%= @ldap_ssl %>
+tls_reqcert <%= @ldap_tls_reqcert %>
+<% if @ldap_tls_cacertfile -%>
+tls_cacertfile <%= @ldap_tls_cacertfile %>
+<% end -%>
+
+# The search scope.
+scope <%= @ldap_search_scope %>
+
+<% if @ldap_filters.length > 0 -%>
+# Custom search filters
+<% @ldap_filters.each do |map, filter| -%>
+filter <%= map %> <%= filter %>
+<% end -%>
+<% end -%>

tests/init.pp

@@ -0,0 +1,12 @@
+# The baseline for module testing used by Puppet Labs is that each manifest
+# should have a corresponding test manifest that declares that class or defined
+# type.
+#
+# Tests are then run by using puppet apply --noop (to check for compilation
+# errors and view a log of events) or by fully applying the test in a virtual
+# environment (to compare the resulting system state to the desired state).
+#
+# Learn more about module testing here:
+# http://docs.puppetlabs.com/guides/tests_smoke.html
+#
+include nslcd