Puppet module to manage client and server configuration for OpenLdap.
Ldap client configuration at its simplest:
class { 'ldap':
	uri  => 'ldap://ldapserver00 ldap://ldapserver01',
	base => 'dc=foo,dc=bar'
}
Enable TLS/SSL:
Note that ssl_cert should be the CA's certificate file, and it should be located under puppet:///files/ldap/.
class { 'ldap':
	uri      => 'ldap://ldapserver00 ldap://ldapserver01',
	base     => 'dc=foo,dc=bar',
	ssl      => true,
	ssl_cert => 'ldapserver.pem'
}
Enable nsswitch and pam configuration (requires both modules):
class { 'ldap':
  uri      => 'ldap://ldapserver00 ldap://ldapserver01',
  base     => 'dc=foo,dc=bar',
  ssl      => true
  ssl_cert => 'ldapserver.pem',
  nsswitch   => true,
  nss_passwd => 'ou=users',
  nss_shadow => 'ou=users',
  nss_group  => 'ou=groups',
  pam        => true,
}
OpenLdap server as simple as it is:
class { 'ldap::server::master':
  suffix      => 'dc=foo,dc=bar',
  rootpw      => '{SHA}iEPX+SQWIR3p67lj/0zigSWTKHg=',
}
Configure an OpenLdap master with syncrepl enabled:
class { 'ldap::server::master':
  suffix      => 'dc=foo,dc=bar',
  rootpw      => '{SHA}iEPX+SQWIR3p67lj/0zigSWTKHg=',
  syncprov    => true,
  sync_binddn => 'cn=sync,dc=foo,dc=bar',
  modules_inc => [ 'syncprov' ],
  schema_inc  => [ 'gosa/samba3', 'gosa/gosystem' ],
  index_inc   => [
    'index memberUid            eq',
    'index mail                 eq',
    'index givenName            eq,subinitial',
    ],
}
With TLS/SSL enabled:
class { 'ldap::server::master':
  suffix      => 'dc=foo,dc=bar',
  rootpw      => '{SHA}iEPX+SQWIR3p67lj/0zigSWTKHg=',
  ssl         => true,
  ssl_ca      => 'ca.pem',
  ssl_cert    => 'master-ldap.pem',
  ssl_key     => 'master-ldap.key',
}
NOTE: SSL certificates should reside in you puppet master file repository 'puppet:///files/ldap/'
Configure an OpenLdap slave:
class { 'ldap::server::slave':
  suffix        => 'dc=foo,dc=bar',
  rootpw        => '{SHA}iEPX+SQWIR3p67lj/0zigSWTKHg=',
  sync_rid      => '1234',
  sync_provider => 'ldap://ldapmaster',
  sync_updatedn => 'cn=admin,dc=foo,dc=bar',
  sync_binddn   => 'cn=sync,dc=foo,dc=bar',
  sync_bindpw   => 'super_secret',
  schema_inc    => [ 'gosa/samba3', 'gosa/gosystem' ],
  index_inc     => [
    'index memberUid            eq',
    'index mail                 eq',
    'index givenName            eq,subinitial',
    ],
}
Ldap client / server configuration tested on:
- Debian: 5 / 6 / 7
- Redhat: 5.x / 6.x
- CentOS: 5.x / 6.x
- OpenSuSe: 12.x
- SLES: 11.x
Should also work on (I'd appreciate reports on this distros and versions):
- Ubuntu
- Fedora
- Scientific Linux 6
- If nsswitch is enabled (nsswitch => true) you'll need puppet-nsswitch
- If pam is enabled (pam => true) you'll need puppet-pam
- If enable_motd is enabled (enable_motd => true) you'll need puppet-motd
- ldap::server::master and ldap::server::slave do not copy the schemas specified by index_inc. It just adds an include to slapd
- Need support for extending ACLs
Copyleft (C) 2012 Emiliano Castagnari ecastag@gmail.com (a.k.a. Torian)