Fuel plugin which allows to use LDAP as an authentication backend
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

multiple_domain.pp 3.8KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114
  1. define plugin_ldap::multiple_domain (
  2. $domain = $title,
  3. $identity_driver = undef,
  4. $url = undef,
  5. $use_tls = undef,
  6. $ca_chain = undef,
  7. $suffix = undef,
  8. $user = undef,
  9. $password = undef,
  10. $query_scope = undef,
  11. $user_tree_dn = undef,
  12. $user_filter = undef,
  13. $user_objectclass = undef,
  14. $user_id_attribute = undef,
  15. $user_name_attribute = undef,
  16. $user_pass_attribute = undef,
  17. $user_enabled_attribute = undef,
  18. $user_enabled_default = undef,
  19. $user_enabled_mask = undef,
  20. $user_allow_create = undef,
  21. $user_allow_update = undef,
  22. $user_allow_delete = undef,
  23. $group_tree_dn = undef,
  24. $group_filter = undef,
  25. $group_objectclass = undef,
  26. $group_id_attribute = undef,
  27. $group_name_attribute = undef,
  28. $group_member_attribute = undef,
  29. $group_desc_attribute = undef,
  30. $group_allow_create = undef,
  31. $group_allow_update = undef,
  32. $group_allow_delete = undef,
  33. $page_size = undef,
  34. $chase_referrals = undef,
  35. $ldap_proxy = undef,
  36. $ldap_proxy_default = undef,
  37. $management_vip = undef,
  38. $slapd_config_template = undef,
  39. $slapd_conf = '/etc/ldap/slapd.conf',
  40. ){
  41. # ldap_url variable is used in slapd.conf templates
  42. $ldap_url = $url
  43. if $ldap_proxy_default and $ldap_proxy =~ /^[Tt]rue$/ {
  44. $url_real = "ldap://${management_vip}"
  45. if $domain in $slapd_config_template {
  46. if $use_tls =~ /^[Ff]alse$/ {
  47. concat::fragment { "${domain}_fragment" :
  48. target => $slapd_conf,
  49. content => template('plugin_ldap/slapd_conf.erb'),
  50. order => '40',
  51. }
  52. }
  53. elsif $use_tls =~ /^[Tt]rue$/ {
  54. concat::fragment { "${domain}_tls_fragment" :
  55. target => $slapd_conf,
  56. content => template('plugin_ldap/slapd_tls_conf.erb'),
  57. order => '40',
  58. }
  59. plugin_ldap::tls { "${domain}_tls_certificate" :
  60. domain_tls => $domain,
  61. ca_chain => $ca_chain,
  62. }
  63. }
  64. }
  65. $tls = false
  66. } else {
  67. $url_real = $url
  68. $tls = $use_tls ? { /^[Tt]rue$/ => true, default => false }
  69. }
  70. plugin_ldap::keystone { $domain :
  71. domain => $domain,
  72. identity_driver => $identity_driver,
  73. url => $url_real,
  74. use_tls => $tls,
  75. ca_chain => $ca_chain,
  76. suffix => $suffix,
  77. user => $user,
  78. password => $password,
  79. query_scope => $query_scope,
  80. user_tree_dn => $user_tree_dn,
  81. user_filter => $user_filter,
  82. user_objectclass => $user_objectclass,
  83. user_id_attribute => $user_id_attribute,
  84. user_name_attribute => $user_name_attribute,
  85. user_pass_attribute => $user_pass_attribute,
  86. user_enabled_attribute => $user_enabled_attribute,
  87. user_enabled_default => $user_enabled_default,
  88. user_enabled_mask => $user_enabled_mask,
  89. user_allow_create => $user_allow_create,
  90. user_allow_update => $user_allow_update,
  91. user_allow_delete => $user_allow_delete,
  92. group_tree_dn => $group_tree_dn,
  93. group_filter => $group_filter,
  94. group_objectclass => $group_objectclass,
  95. group_id_attribute => $group_id_attribute,
  96. group_name_attribute => $group_name_attribute,
  97. group_member_attribute => $group_member_attribute,
  98. group_desc_attribute => $group_desc_attribute,
  99. group_allow_create => $group_allow_create,
  100. group_allow_update => $group_allow_update,
  101. group_allow_delete => $group_allow_delete,
  102. page_size => $page_size,
  103. chase_referrals => $chase_referrals,
  104. }
  105. }