Skip to content
Snippets Groups Projects
Normal view Permalink
README.md 2.57 KiB
Newer Older
Adam Lewenberg's avatar
add TOC  
Adam Lewenberg committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 
<!-- START doctoc generated TOC please keep comment here to allow auto update -->
<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
**Table of Contents**  *generated with [DocToc](https://github.com/thlorenz/doctoc)*

- [Stanford ACS OpenLDAP Puppet Module](#stanford-acs-openldap-puppet-module)
  - [Introduction](#introduction)
  - [Usage](#usage)
    - [OpenLDAP Installation and Configuration](#openldap-installation-and-configuration)
      - [Hosting Model](#hosting-model)
      - [OpenLDAP Version](#openldap-version)
  - [Schema Files](#schema-files)

<!-- END doctoc generated TOC please keep comment here to allow auto update -->
Adam Lewenberg's avatar
Start work on openldap_install class  
Adam Lewenberg committed
15 16 17 18 19 20 21 22 23 24 25 26 27 28 
Stanford ACS OpenLDAP Puppet Module
===================================

Introduction
------------

Puppet module to manage Stanford's OpenLDAP service. Supports both
traditional servers and containers.

## Usage ##

### OpenLDAP Installation and Configuration ###

The main class `ldap` supports the installation of OpenLDAP and some of
Adam Lewenberg's avatar
found some other ldap to su_ldap I missed before  
Adam Lewenberg committed
29 30 
OpenLDAP's configuration. The simplest installation (which accepts all the
defaults) is:
Adam Lewenberg's avatar
Start work on openldap_install class  
Adam Lewenberg committed
31 32 33 34 35 

    class { 'ldap':
    }

This assumes installation on a traditional Debian server and will install
Adam Lewenberg's avatar
found some other ldap to su_ldap I missed before  
Adam Lewenberg committed
36 
whichever version of OpenLDAP is current for that version of Debian.
Adam Lewenberg's avatar
Start work on openldap_install class  
Adam Lewenberg committed
37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 

#### Hosting Model

If you are installing onto a container, use the parameter `hosting_model`
and set to `container`:

    class { 'ldap':
      hosting_model => 'container',
    }

The only two acceptable values for `hosting_model` are "`traditional`" and
"`container`".

#### OpenLDAP Version

As mentioned above, the default is to install whichever version of
OpenLDAP `apt` thinks should be installed. This will, of course, depend on
the version of Debian underlying the host.

However, you can override this by using the `install_archive` and
`install_distro`. If the distribution you want to use is already in
Adam Lewenberg's avatar
found some other ldap to su_ldap I missed before  
Adam Lewenberg committed
58 59 
included in the APT sources via `/etc/apt/sources.list.d` then use
`install_distribution` to specify the distribution:
Adam Lewenberg's avatar
Start work on openldap_install class  
Adam Lewenberg committed
60 61 62 63 64 65 66 

    # Use the "testing" distribution
    class { 'ldap':
      install_distribution => 'testing',
    }

If the distribution is _not_ already included in `/etc/apt/sources.list.d`
Adam Lewenberg's avatar
found some other ldap to su_ldap I missed before  
Adam Lewenberg committed
67 68 69 
then you can use `install_repository` to add a `.list` file to
`/etc/apt/sources.list.d` that tells `apt` where to look for the
distribution. For example,
Adam Lewenberg's avatar
Start work on openldap_install class  
Adam Lewenberg committed
70 71 72 73 74 75 76 

    # Use the "stretch-prod" distribution.
    class { 'ldap':
      install_distribution => 'stretch-prod',
      install_repository   => 'https://debian.stanford.edu/debian-stanford',
    }
Adam Lewenberg's avatar
add TOC  
Adam Lewenberg committed
77 
## Schema Files
Adam Lewenberg's avatar
Initial commit
Adam Lewenberg committed
78
Adam Lewenberg's avatar
add TOC  
Adam Lewenberg committed
79 80 
We keep the definitive source for Stanford's LDAP schema files in the
directory `files/schema`.