puppet-nslcd/manifests/init.pp

145 lines
5.6 KiB
Puppet

# == Class: nslcd
#
# This class manages the nslcd server and service.
#
# @param package_ensure
# Sets if the package should be present or absent.
#
# @param package_name
# Name of the package to install. Depends on the Linux distrib.
# Set if your platform is not supported.
#
# @param package_manage
# Sets if the module should manage or not the package installation.
#
# @param service_ensure
# Sets if the service should be running or stopped.
#
# @param service_enable
# Sets if the service should be started on startup.
#
# @param service_name
# Sets the name of the service.
# Set if your platform is not supported.
#
# @param service_manage
# Sets if the module should manage or not the service.
#
# @param uid
# Sets the user to start the daemon.
#
# @param gid
# Sets the group to start the daemon. Depends on the Linux distrib.
#
# @param config
# Sets the path of the config file.
#
# @param config_user
# Sets the owner of the config file.
#
# @param config_group
# Sets the group of the config file. Depends on the Linux distrib.
#
# @param config_mode
# Permission of the config file. Depends on the Linux distrib.
#
# @param ldap_uris
# Array of LDAP servers.
#
# @param ldap_version
# Sets the LDAP version to use.
#
# @param ldap_binddn
# Sets the DN (distinguished name) to bind to the LDAP servers.
#
# @param ldap_bindpw
# Sets the password to bind to the LDAP servers. Only used if the parameter ldap_binddn is set.
#
# @param ldap_search_base
# Sets the base DN (distinguished name) to use as the search base.
#
# @param ldap_group_base
# Sets the base DN (distinguished name) to use as the group search base.
#
# @param ldap_search_scope
# Sets the search scope depth.
#
# @param config_options
# Key/Value hash to extend initial configuration.
#
# @param ldap_filters
# Sets the LDAP search filter for specific mapping.
#
# @param ldap_maps
# Allows for custom attributes to be looked up.
#
# @param ldap_ssl
# Whether to use SSL/TLS for the connexion to the LDAP servers.
#
# @param ldap_tls_reqcert
# Sets what checks to perform on a server-supplied certificate.
#
# @param ldap_tls_cacertfile
# Sets the path of the PEM-format file containing certificates for the CA's that will be trusted.
#
# @param bind_timelimit
# Sets the time limit (in seconds) to setup a connexion with the LDAP server.
#
# @param timelimit
# Sets the time limit (in seconds) to wait for a response from the LDAP server.
#
# @param idle_timelimit
# Sets the period if inactivity (in seconds) after which the connection to the LDAP server will be closed.
#
# @param reconnect_sleeptime
# Sets the number of seconds to sleep when connecting to all LDAP servers fails.
#
# @param reconnect_retrytime
# Sets the time after which the LDAP server is considered to be permanently unavailable.
# Once this time is reached retries will be done only once per this time period.
#
class nslcd
(
Variant[Boolean,String[1]] $package_ensure = 'present',
String[1] $package_name = $nslcd::params::package_name,
Boolean $package_manage = true,
Variant[Boolean,Enum['stopped','running']] $service_ensure = 'running',
Boolean $service_enable = true,
String[1] $service_name = 'nslcd',
Boolean $service_manage = true,
String[1] $uid = 'nslcd',
String[1] $gid = $nslcd::params::gid,
Stdlib::Unixpath $config = $nslcd::params::config,
String[1] $config_user = 'root',
String[1] $config_group = $nslcd::params::config_group,
Stdlib::Filemode $config_mode = $nslcd::params::config_mode,
Array[String[1]] $ldap_uris = ['ldap:///'],
Enum['2','3'] $ldap_version = '3',
Optional[String[1]] $ldap_binddn = undef,
Optional[String[1]] $ldap_bindpw = undef,
Optional[String[1]] $ldap_search_base = undef,
Optional[String[1]] $ldap_group_base = undef,
Enum['sub','subtree','one','onelevel','base'] $ldap_search_scope = 'subtree',
Hash $config_options = {},
Hash $ldap_filters = {},
Hash $ldap_maps = {},
Enum['on','off','start_tls'] $ldap_ssl = 'off',
Enum['never','allow','try','demand','hard'] $ldap_tls_reqcert = 'allow',
Optional[String[1]] $ldap_tls_cacertfile = undef,
Optional[Integer] $bind_timelimit = undef,
Integer $timelimit = 10,
Optional[Integer] $idle_timelimit = undef,
Integer $reconnect_sleeptime = 1,
Integer $reconnect_retrytime = 10,
)
inherits nslcd::params
{
contain nslcd::install
contain nslcd::config
contain nslcd::service
Class['nslcd::install']
-> Class['nslcd::config']
~> Class['nslcd::service']
}