Allow matchingRule and attrstyle in olcAccess #1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
puppet/systemd: allow 8.x
https://www.openldap.org/doc/admin26/guide.html#ppolicy%20overlay In upgrading openldap 2.5->2.6, you have to make ppolicy adjustments. It's documented in "assumes ldap expert-ese", but from in an older bug: https://bugs.openldap.org/show_bug.cgi?id=9666#c1 * You add (config-overlay) olcPPolicyCheckModule=somemodule.so * You add (policies) pwdUseCheckModule=TRUE * You remove (policies) pwdCheckModule=somemodule.so ... and puppet doesn't know about PPolicyCheckModule. So here we are. It's lumped in with a lot of other attributes, but it has siblings from https://www.openldap.org/software/man.cgi?query=slapo-ppolicy&manpath=OpenLDAP+2.6-Release
Add `PPolicyCheckModule` as a valid database/overlay option
Allow Sensitive[String[1]] for rootpw
Add support for FreeBSD 14
Release 8.1.0
https://www.openldap.org/software/man.cgi?query=slapd-config&manpath=OpenLDAP+2.6-Release#GENERAL_DATABASE_OPTIONS openldap2.6 introduces olcLastBind and olcLastBindPrecision options as a replacement for the older contrib-overlay slapo-lastbind(5)
Add LastBind and LastBindPrecision to database options
Replace systemd::dropin_file with systemd::manage_dropin
modulesync 9.4.0
modulesync 9.5.0-4-g2cf9dc0
metadata.json: Add OpenVox
Currently only rootpw can be assigned as Sensitive, but in some cases one might want to keep the username (DN) out of the PuppetDB and the logs. In our case, we use a secret lookup function that automatically wraps the data into a Sensitive type, and we store the DN and password together.
…sitive Also allow to have Sensitive[String[1]] for rootdn
We had a requirement to use a diffent matchingRule for the Access Rule. This inported well but on the next run it did fail because it could not parse it. This fixes this
Add olcChainConfig overlay
Allow matchingRule and attrstyle in olcAccess
modulesync 9.6.0-4-gdb4d91b
modulesync 9.7.0-10-g2151f5f
chore: cleanup .fixtures.yml
Flushes happen every time a resource changes, whether it is creation, destroy or modify. Ensure we do not needlesly copy-paste the ldapmodify code in those three separate instances. This also ensures that if a new property is ever added, we do not need create a separate setter. This commit thus also fixes a bug where if a `what` of an openldap_access resource changed, it would not trigger an update. The setter for that property was lost in the refactor of commit 91e9723. -> Fixes voxpupuli#420.
cbergmann
force-pushed
the
ldiff_flushing
branch
from
16e457c to
b1b5bc3
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
We had a requirement to use a diffent matchingRule for the Access Rule. This inported well but on the next run it did fail because it could not parse it. This fixes this
Pull Request (PR) description
This Pull Request (PR) fixes the following issues