Newer
Older
# IMPORTANT NOTE: This class does not install the
# private-key/certificate. You must install it in the calling class.
# $auth_gssapi: if true support GSSAPI authentication.
# $auth_simple: if true support simple-bind authentication.
# The default is to install both but to then control simple binds by
# two methods: iptables access to 636, and whether the saslauthd
# service is actually running
$auth_gssapi = true,
$auth_simple = true,
) {
if ((!$auth_gssapi) and (!$auth_simple)) {
crit("at least one of auth_gssapi and/or auth_simple must be enabled")
}
# Configure SASL for slapd.
file { '/etc/ldap/sasl2/slapd.conf':
content => template('su_ldap/etc/ldap/sasl2/slapd.conf.erb'),
owner => root,
group => root,
mode => '0644',
}
# saslauthd package
package { 'sasl2-bin': ensure => installed }
# Make sure the saslauthd service, the service that allows "simple"
# binds to work, is running.
# TODO: see if we can specify this at run time, especially for containers
if ($auth_simple) {
service { 'saslauthd':
ensure => running,
require => Package['sasl2-bin'],
hasstatus => false,
status => 'test -f /etc/nosaslauthd || pidof saslauthd',
}
file { '/etc/default/saslauthd':
ensure => present,
source => 'puppet:///modules/s_ldap/etc/default/saslauthd',
require => Package['sasl2-bin'];
}
## Do the iptables dance elsewhere, because it's different depending on what
## type of server or location is used, and this module is generic for building