more work on firewall

manifests/authentication.pp

+# IMPORTANT NOTE: This class does not install the
+# private-key/certificate. You must install it in the calling class.
+
 # $auth_gssapi: if true support GSSAPI authentication.
 
 # $auth_simple: if true support simple-bind authentication.

manifests/init.pp

@@ -33,6 +33,9 @@ class su_ldap (
   $debian_repository   = undef,
   #
   $keytab_path = '/etc/krb5.keytab',
+  #
+  $port_389_cidrs = [],
+  $port_636_cidrs = [],
 ){
 
   ## ERROR CHECKING ##
@@ -81,7 +84,9 @@ class su_ldap (
 
   if ($hosting_model == 'traditional') {
     class { 'su_ldap::traditional':
-      keytab_path => $keytab_path,
+      keytab_path    => $keytab_path,
+      port_389_cidrs => $port_389_cidrs,
+      port_636_cidrs => $port_636_cidrs,
     }
   }
 

manifests/traditional.pp

 class su_ldap::traditional (
-  $keytab_path = '/etc/krb5.keytab',
+  $keytab_path    = '/etc/krb5.keytab',
+  #
+  $port_389_cidrs = [],
+  $port_636_cidrs = [],
 ) {
 
   ## Firewall rules
+  class { 'su_ldap::traditional::firewall':
+    port_389_cidrs => $port_389_cidrs,
+    port_636_cidrs => $port_636_cidrs,
+  }
 
   ## Keytabs
   # Make sure the keytab for the ldap/hostname service principal is installed.