Newer
Older
Linda J Laubenheimer
committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
## built based on previous
class su_ldap::tools (
$env = undef,
$masters = [],
$gssapi_replicas = [],
$simple_bind_replicas = [],
$nagios_servers = [],
$sync_sugal_master = undef,
)
{
## Nagios monitoring
## Firewall rules
## syncs from - to etc
## Keytabs
# Create primary keytab file. Probably don't need to do this
# but it makes the specification more consistent.
base::wallet { "host/$fqdn":
path => '/etc/krb5.keytab',
owner => 'root',
primary => true,
ensure => present,
}
# Add the service/ldap keytab to the primary keytab.
base::wallet { 'service/ldap':
path => '/etc/krb5.keytab',
primary => false,
require => Base::Wallet["host/$fqdn"],
ensure => present,
}
# keytab acls the thing needs access to
# wallet acl add ldap-wg-api-dev ...
# or ldap-wg-api
# wallet acl add idg-ldapadmin-db-ldaplog ...
# wallet acl add group/ldap-hosts ...
#
## Remctl
## krb5 ticket cache
## ldap-reports
## bundle remctl endpoint
## Non-sync cron jobs
}