Newer
Older
# $auth_gssapi: if true support GSSAPI authentication.
# $auth_simple: if true support simple-bind authentication.
# The default is to install both, tehn control simple binds by
# two methods: iptables access to 636, and whether the saslauthd
# service is actually running
$auth_gssapi = true,
$auth_simple = true,
) {
# saslauthd package
package { 'sasl2-bin': ensure => installed }
# TODO: commit files and fix path names
# note: the file slapd.conf-saslauthd permits both sasl and gssapi auth
file {
'/etc/default/saslauthd':
ensure => present,
source => 'puppet:///modules/s_ldap/etc/default/saslauthd',
require => Package['sasl2-bin'];
'/etc/ldap/sasl2/slapd.conf':
ensure => present,
source => 'puppet:///modules/s_ldap/etc/ldap/sasl2/slapd.conf-saslauthd',
require => Package['slapd'];
}
# Make sure the saslauthd service, the service that allows "simple"
# binds to work, is running.
# TODO: see if we can specify this at run time, especially for containers
service { 'saslauthd':
ensure => running,
require => Package['sasl2-bin'],
hasstatus => false,
status => 'test -f /etc/nosaslauthd || pidof saslauthd',
}
## Do the iptables dance elsewhere, because it's different depending on what
## type of server or location is used, and this module is generic for building
## the auth part