115 lines
3.8 KiB
Puppet
115 lines
3.8 KiB
Puppet
define plugin_ldap::multiple_domain (
|
|
$domain = $title,
|
|
$identity_driver = undef,
|
|
$url = undef,
|
|
$use_tls = undef,
|
|
$ca_chain = undef,
|
|
$suffix = undef,
|
|
$user = undef,
|
|
$password = undef,
|
|
$query_scope = undef,
|
|
$user_tree_dn = undef,
|
|
$user_filter = undef,
|
|
$user_objectclass = undef,
|
|
$user_id_attribute = undef,
|
|
$user_name_attribute = undef,
|
|
$user_pass_attribute = undef,
|
|
$user_enabled_attribute = undef,
|
|
$user_enabled_default = undef,
|
|
$user_enabled_mask = undef,
|
|
$user_allow_create = undef,
|
|
$user_allow_update = undef,
|
|
$user_allow_delete = undef,
|
|
$group_tree_dn = undef,
|
|
$group_filter = undef,
|
|
$group_objectclass = undef,
|
|
$group_id_attribute = undef,
|
|
$group_name_attribute = undef,
|
|
$group_member_attribute = undef,
|
|
$group_desc_attribute = undef,
|
|
$group_allow_create = undef,
|
|
$group_allow_update = undef,
|
|
$group_allow_delete = undef,
|
|
$page_size = undef,
|
|
$chase_referrals = undef,
|
|
$ldap_proxy = undef,
|
|
$ldap_proxy_default = undef,
|
|
$management_vip = undef,
|
|
$slapd_config_template = undef,
|
|
$slapd_conf = '/etc/ldap/slapd.conf',
|
|
){
|
|
|
|
# ldap_url variable is used in slapd.conf templates
|
|
$ldap_url = $url
|
|
|
|
if $ldap_proxy_default and $ldap_proxy =~ /^[Tt]rue$/ {
|
|
$url_real = "ldap://${management_vip}"
|
|
|
|
if $domain in $slapd_config_template {
|
|
if $use_tls =~ /^[Ff]alse$/ {
|
|
|
|
concat::fragment { "${domain}_fragment" :
|
|
target => $slapd_conf,
|
|
content => template('plugin_ldap/slapd_conf.erb'),
|
|
order => '40',
|
|
}
|
|
}
|
|
elsif $use_tls =~ /^[Tt]rue$/ {
|
|
|
|
concat::fragment { "${domain}_tls_fragment" :
|
|
target => $slapd_conf,
|
|
content => template('plugin_ldap/slapd_tls_conf.erb'),
|
|
order => '40',
|
|
}
|
|
|
|
plugin_ldap::tls { "${domain}_tls_certificate" :
|
|
domain_tls => $domain,
|
|
ca_chain => $ca_chain,
|
|
}
|
|
|
|
}
|
|
}
|
|
$tls = false
|
|
} else {
|
|
$url_real = $url
|
|
$tls = $use_tls ? { /^[Tt]rue$/ => true, default => false }
|
|
}
|
|
|
|
plugin_ldap::keystone { $domain :
|
|
domain => $domain,
|
|
identity_driver => $identity_driver,
|
|
url => $url_real,
|
|
use_tls => $tls,
|
|
ca_chain => $ca_chain,
|
|
suffix => $suffix,
|
|
user => $user,
|
|
password => $password,
|
|
query_scope => $query_scope,
|
|
user_tree_dn => $user_tree_dn,
|
|
user_filter => $user_filter,
|
|
user_objectclass => $user_objectclass,
|
|
user_id_attribute => $user_id_attribute,
|
|
user_name_attribute => $user_name_attribute,
|
|
user_pass_attribute => $user_pass_attribute,
|
|
user_enabled_attribute => $user_enabled_attribute,
|
|
user_enabled_default => $user_enabled_default,
|
|
user_enabled_mask => $user_enabled_mask,
|
|
user_allow_create => $user_allow_create,
|
|
user_allow_update => $user_allow_update,
|
|
user_allow_delete => $user_allow_delete,
|
|
group_tree_dn => $group_tree_dn,
|
|
group_filter => $group_filter,
|
|
group_objectclass => $group_objectclass,
|
|
group_id_attribute => $group_id_attribute,
|
|
group_name_attribute => $group_name_attribute,
|
|
group_member_attribute => $group_member_attribute,
|
|
group_desc_attribute => $group_desc_attribute,
|
|
group_allow_create => $group_allow_create,
|
|
group_allow_update => $group_allow_update,
|
|
group_allow_delete => $group_allow_delete,
|
|
page_size => $page_size,
|
|
chase_referrals => $chase_referrals,
|
|
}
|
|
|
|
}
|