99 lines
3.0 KiB
Markdown
99 lines
3.0 KiB
Markdown
# nslcd
|
|
|
|
#### Table of Contents
|
|
|
|
1. [Overview](#overview)
|
|
2. [Module Description - What the module does and why it is useful](#module-description)
|
|
3. [Setup - The basics of getting started with nslcd](#setup)
|
|
* [What nslcd affects](#what-nslcd-affects)
|
|
4. [Usage - Configuration options and additional functionality](#usage)
|
|
5. [Reference - An under-the-hood peek at what the module is doing and how](#reference)
|
|
5. [Limitations - OS compatibility, etc.](#limitations)
|
|
6. [Development - Guide for contributing to the module](#development)
|
|
|
|
## Overview
|
|
|
|
This module installs and configured nslcd to get pam/nss data from ldap.
|
|
|
|
## Module Description
|
|
|
|
This module allows you to install and configure the nslcd daemon (and its dependencies), to provide ldap support for
|
|
PAM and NSS.
|
|
|
|
## Setup
|
|
|
|
### What nslcd affects
|
|
|
|
* `nslcd` package and service
|
|
* `/etc/nslcd.conf`
|
|
|
|
## Usage
|
|
|
|
Simply include/contain/required/declare the nslcd class.
|
|
It includes a few sane defaults, so it should work out of the box.
|
|
However, we recommend that you declare the class and override a few parameters:
|
|
|
|
```
|
|
class { 'nslcd':
|
|
ldap_uris => ['ldap://ldap.mycompany.com'],
|
|
ldap_ssl => 'on',
|
|
ldap_filters => { group => '(&(objectClass=group)(gidNumber=*))',
|
|
passwd => '(&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))',
|
|
shadow => '(&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))',
|
|
},
|
|
ldap_maps => { group => 'uniqueMember member',
|
|
passwd => ['homedirectory unixHomeDirectory', 'uid sAMAccountName', 'gecos displayName', ],
|
|
shadow => ['shadowLastChange pwdLastSet', 'uid sAMAccountName', ],
|
|
},
|
|
}
|
|
```
|
|
|
|
An example in YAML using hashes/arrays:
|
|
|
|
```
|
|
nslcd::ldap_uris:
|
|
- 'ldap://ldap1.mycompany.com/'
|
|
- 'ldap://ldap2.mycompany.com/'
|
|
nslcd::ldap_search_base: 'dc=acme,dc=example,dc=org'
|
|
nslcd::ldap_binddn: 'binduser@acme.example.org'
|
|
nslcd::ldap_bindpw: 'password'
|
|
nslcd::ldap_filters:
|
|
- group: " (&(objectClass=group)(gidNumber=*))"
|
|
- passwd: " (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))"
|
|
- shadow: " (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))"
|
|
nslcd::ldap_maps:
|
|
group: 'uniqueMember member'
|
|
passwd:
|
|
- 'homedirectory unixHomeDirectory'
|
|
- 'uid sAMAccountName'
|
|
- 'gecos displayName'
|
|
shadow:
|
|
- 'shadowLastChange pwdLastSet'
|
|
- 'uid sAMAccountName'
|
|
nslcd::nss_initgroups_ignoreusers:
|
|
- 'root'
|
|
- 'ALLLOCAL'
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
## Reference
|
|
|
|
*todo*
|
|
|
|
## Limitations
|
|
|
|
The module has been tested with Ubuntu 12.04 and 14.04, Debian 6 and 7, and Puppet 3.7.
|
|
It should work Puppet 3.x.
|
|
For additional OS support, you should contribute it back upstream!
|
|
|
|
The module doesn't support setting the `rootbinddn` and `rootbindpw` attributes, but it can be easily added.
|
|
|
|
## Development
|
|
|
|
If you want to improve this module, send us a patch of pull request!
|
|
|