sketch in auth, with TODOs

manifests/authentication.pp

@@ -2,9 +2,43 @@
 
 # $auth_simple: if true support simple-bind authentication.
 
+# The default is to install both, tehn control simple binds by 
+# two methods: iptables access to 636, and whether the saslauthd
+# service is actually running
+
 class su_ldap::authentication (
   $auth_gssapi = true,
   $auth_simple = true,
 ) {
 
+  # saslauthd package
+  package { 'sasl2-bin': ensure => installed }
+
+  # TODO: commit files and fix path names
+  # note: the file slapd.conf-saslauthd permits both sasl and gssapi auth
+  file {
+    '/etc/default/saslauthd':
+      ensure  => present,
+      source  => 'puppet:///modules/s_ldap/etc/default/saslauthd',
+      require => Package['sasl2-bin'];
+    '/etc/ldap/sasl2/slapd.conf':
+      ensure  => present,
+      source  => 'puppet:///modules/s_ldap/etc/ldap/sasl2/slapd.conf-saslauthd',
+      require => Package['slapd'];
+  }
+
+  # Make sure the saslauthd service, the service that allows "simple"
+  # binds to work, is running.
+  # TODO: see if we can specify this at run time, especially for containers
+  service { 'saslauthd':
+    ensure    => running,
+    require   => Package['sasl2-bin'],
+    hasstatus => false,
+    status    => 'test -f /etc/nosaslauthd || pidof saslauthd',
+  }
+
+  ## Do the iptables dance elsewhere, because it's different depending on what 
+  ## type of server or location is used, and this module is generic for building 
+  ## the auth part
+
 }