manifests | ||
spec | ||
templates | ||
tests | ||
.fixtures.yml | ||
.gitignore | ||
.travis.yml | ||
CONTRIBUTING.md | ||
Gemfile | ||
Gemfile.lock | ||
metadata.json | ||
Rakefile | ||
README.md |
nslcd
Table of Contents
- Overview
- Module Description - What the module does and why it is useful
- Setup - The basics of getting started with nslcd
- Usage - Configuration options and additional functionality
- Reference - An under-the-hood peek at what the module is doing and how
- Limitations - OS compatibility, etc.
- Development - Guide for contributing to the module
Overview
This module installs and configured nslcd to get pam/nss data from ldap.
Module Description
This module allows you to install and configure the nslcd daemon (and its dependencies), to provide ldap support for PAM and NSS.
Setup
What nslcd affects
nslcd
package and service/etc/nslcd.conf
Usage
Simply include/contain/required/declare the nslcd class. It includes a few sane defaults, so it should work out of the box. However, we recommend that you declare the class and override a few parameters:
class { 'nslcd':
ldap_uris => ['ldap://ldap.mycompany.com'],
ldap_ssl => 'on',
ldap_filters => { group => '(&(objectClass=group)(gidNumber=*))',
passwd => '(&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))',
shadow => '(&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))',
},
ldap_maps => { group => 'uniqueMember member',
passwd => ['homedirectory unixHomeDirectory', 'uid sAMAccountName', 'gecos displayName', ],
shadow => ['shadowLastChange pwdLastSet', 'uid sAMAccountName', ],
},
}
An example in YAML using hashes/arrays:
nslcd::ldap_uris:
- 'ldap://ldap1.mycompany.com/'
- 'ldap://ldap2.mycompany.com/'
nslcd::ldap_search_base: 'dc=acme,dc=example,dc=org'
nslcd::ldap_binddn: 'binduser@acme.example.org'
nslcd::ldap_bindpw: 'password'
nslcd::ldap_filters:
- group: " (&(objectClass=group)(gidNumber=*))"
- passwd: " (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))"
- shadow: " (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))"
nslcd::ldap_maps:
group: 'uniqueMember member'
passwd:
- 'homedirectory unixHomeDirectory'
- 'uid sAMAccountName'
- 'gecos displayName'
shadow:
- 'shadowLastChange pwdLastSet'
- 'uid sAMAccountName'
nslcd::nss_initgroups_ignoreusers:
- 'root'
- 'ALLLOCAL'
Reference
todo
Limitations
The module has been tested with Ubuntu 12.04 and 14.04, Debian 6 and 7, and Puppet 3.7. It should work Puppet 3.x. For additional OS support, you should contribute it back upstream!
The module doesn't support setting the rootbinddn
and rootbindpw
attributes, but it can be easily added.
Development
If you want to improve this module, send us a patch of pull request!