Fuel plugin which allows to use LDAP as an authentication backend
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

multiple_domain.pp 3.8KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091
  1. define plugin_ldap::multiple_domain (
  2. $domain_info = $title,
  3. $identity_driver = undef,
  4. $ldap_proxy = undef,
  5. $management_vip = undef,
  6. $slapd_config_template = undef,
  7. $slapd_conf = '/etc/ldap/slapd.conf',
  8. ){
  9. $domain_params_hash = parse_it($domain_info)
  10. $domain = $domain_params_hash['domain']
  11. $suffix = $domain_params_hash['suffix']
  12. $user_tree_dn = $domain_params_hash['user_tree_dn']
  13. $user = $domain_params_hash['user']
  14. $password = $domain_params_hash['password']
  15. $ldap_url = $domain_params_hash['url']
  16. $use_tls = $domain_params_hash['use_tls']
  17. $ldap_proxy_multidomain = $domain_params_hash['ldap_proxy']
  18. $ca_chain = $domain_params_hash['ca_chain']
  19. if $ldap_proxy and $ldap_proxy_multidomain =~ /^[Tt]rue$/ {
  20. $url = "ldap://${management_vip}"
  21. if $domain in $slapd_config_template {
  22. if $use_tls =~ /^[Ff]alse$/ {
  23. concat::fragment { "${domain}_fragment" :
  24. target => $slapd_conf,
  25. content => template('plugin_ldap/slapd_conf.erb'),
  26. order => '40',
  27. }
  28. }
  29. elsif $use_tls =~ /^[Tt]rue$/ {
  30. concat::fragment { "${domain}_tls_fragment" :
  31. target => $slapd_conf,
  32. content => template('plugin_ldap/slapd_tls_conf.erb'),
  33. order => '40',
  34. }
  35. plugin_ldap::tls { "${domain}_tls_certificate" :
  36. domain_tls => $domain,
  37. ca_chain => $ca_chain,
  38. }
  39. }
  40. }
  41. $tls = false
  42. } else {
  43. $url = $domain_params_hash['url']
  44. $tls = $use_tls ? { /^[Tt]rue$/ => true, default => false }
  45. }
  46. plugin_ldap::keystone { "$domain_params_hash['domain']" :
  47. domain => $domain,
  48. identity_driver => $identity_driver,
  49. url => $url,
  50. use_tls => $tls,
  51. ca_chain => $ca_chain,
  52. suffix => $suffix,
  53. user => $user,
  54. password => $password,
  55. query_scope => $domain_params_hash['query_scope'],
  56. user_tree_dn => $user_tree_dn,
  57. user_filter => $domain_params_hash['user_filter'],
  58. user_objectclass => $domain_params_hash['user_objectclass'],
  59. user_id_attribute => $domain_params_hash['user_id_attribute'],
  60. user_name_attribute => $domain_params_hash['user_name_attribute'],
  61. user_pass_attribute => $domain_params_hash['user_pass_attribute'],
  62. user_enabled_attribute => $domain_params_hash['user_enabled_attribute'],
  63. user_enabled_default => $domain_params_hash['user_enabled_default'],
  64. user_enabled_mask => $domain_params_hash['user_enabled_mask'],
  65. user_allow_create => $domain_params_hash['user_allow_create'],
  66. user_allow_update => $domain_params_hash['user_allow_update'],
  67. user_allow_delete => $domain_params_hash['user_allow_delete'],
  68. group_tree_dn => $domain_params_hash['group_tree_dn'],
  69. group_filter => $domain_params_hash['group_filter'],
  70. group_objectclass => $domain_params_hash['group_objectclass'],
  71. group_id_attribute => $domain_params_hash['group_id_attribute'],
  72. group_name_attribute => $domain_params_hash['group_name_attribute'],
  73. group_member_attribute => $domain_params_hash['group_member_attribute'],
  74. group_desc_attribute => $domain_params_hash['group_desc_attribute'],
  75. group_allow_create => $domain_params_hash['group_allow_create'],
  76. group_allow_update => $domain_params_hash['group_allow_update'],
  77. group_allow_delete => $domain_params_hash['group_allow_delete'],
  78. page_size => $domain_params_hash['page_size'],
  79. chase_referrals => $domain_params_hash['chase_referrals'],
  80. }
  81. }