diff options
Diffstat (limited to 'manifests')
| -rw-r--r-- | manifests/auto_number/search.pp | 32 | ||||
| -rw-r--r-- | manifests/auto_number/uidpool.pp | 13 | ||||
| -rw-r--r-- | manifests/init.pp | 68 |
3 files changed, 111 insertions, 2 deletions
diff --git a/manifests/auto_number/search.pp b/manifests/auto_number/search.pp new file mode 100644 index 0000000..2bb5ce8 --- /dev/null +++ b/manifests/auto_number/search.pp @@ -0,0 +1,32 @@ +# @summary Enable automatic uid and gid numbers by searching. +# +# @param search_base +# ou=People,dc=example,dc=com +# +# @param uid +# Minimum value for user id when searching for next available. +# +# @param gid +# Minimum value for group id when searching for next available. +# +# @param dn +# If you set this, then phpldapadmin will bind to LDAP with this user ID when +# searching for the uidnumber. The idea is, this user id would have full +# (readonly) access to uidnumber in your ldap directory (the logged in user +# may not), so that you can be guaranteed to get a unique uidnumber for your +# directory. +# @param pass +# The password for the dn above. +class phpldapadmin::auto_number::search ( + String $search_base, + Integer $uid = 10000, + Integer $gid = 10000, + Optional[String] $dn = undef, + Optional[Variant[String, Sensitive[String]]] $pass = undef, +) { + concat::fragment { 'phpLDAPadmin Auto Number': + content => epp("${module_name}/auto_number/search.epp"), + target => $phpldapadmin::config_file, + order => $phpldapadmin::base_config_order + 10, + } +} diff --git a/manifests/auto_number/uidpool.pp b/manifests/auto_number/uidpool.pp new file mode 100644 index 0000000..813afd0 --- /dev/null +++ b/manifests/auto_number/uidpool.pp @@ -0,0 +1,13 @@ +# @summary Enable automatic uid and gid number through a pool. +# +# It's unclear if this module works. the documentation mentions a +# pre-defined uid pool, but no information about how to set it up. +# +class phpldapadmin::auto_number::uidpool ( +) { + concat::fragment { 'phpLDAPadmin Auto Number': + content => epp("${module_name}/auto_number/uidpool.epp"), + target => $phpldapadmin::config_file, + order => $phpldapadmin::base_config_order + 10, + } +} diff --git a/manifests/init.pp b/manifests/init.pp index b8be630..736ed79 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,19 +1,52 @@ # @summary Configures PHPLDAPAdmin # @param servername # Pretty name for the server +# +# Only used if `$ldap_servers` is unset. # @param server_uri # Address of ldap server to connect to +# /* Examples: +# 'ldap.example.com', +# 'ldaps://ldap.example.com/', +# 'ldapi://%2fusr%local%2fvar%2frun%2fldapi' +# (Unix socket at /usr/local/var/run/ldap) */ +# +# Only used if `$ldap_servers` is unset. # @param port # Port of ldap server to connect to +# +# Only used if `$ldap_servers` is unset. # @param debug_mode # @param tmpdir # @param timezone # @param friendly_attrs # @param auth_type +# @param blowfish_secret +# phpLDAPadmin can encrypt the content of sensitive cookies if you +# set this to a big random string. +# @param base_dn +# Optional list of base DNs of the ldap server. If left blank +# then phpLDAPadmin auto-detect it for you +# @param bind_dn_template +# If login_attr was set to 'dn', it is possible to specify a template string to +# build the DN from. Use '%s' where user input should be inserted. A user may +# still enter the complete DN. In this case the template will not be used. +# +# Example: "cn=%s,ou=people,dc=example,dc=com" +# @param config_file +# Path to the configuration file. +# TODO manage the symlink from the webroot to the configuration file. +# @param ldap_servers +# List of configured ldap servers. Defaults to a single server +# consisting of $server_uri, $servername, and $port. +# +# @param open_tree +# @param base_config_order class phpldapadmin ( String $servername = 'My LDAP Server', String $server_uri = '127.0.0.1', - Integer[0, 65535] $port = 389, + Optional[Integer[0, 65535]] $port = undef, + String $config_file = '/etc/webapps/phpldapadmin/config.php', Boolean $debug_mode = false, String $tmpdir = '/tmp', Optional[String] $timezone = undef, @@ -26,9 +59,24 @@ class phpldapadmin ( 'userPassword' => 'Password', }, Enum['cookie', 'session', 'http', 'config', 'sasl', 'sasl_external'] $auth_type = 'session', + Array[Struct[{ + name => Optional[String], + host => String, + port => Optional[Stdlib::Port], + }]] $ldap_servers = [{ + name => $servername, + host => $server_uri, + port => $port, + }], + Optional[Sensitive[String]] $blowfish_secret = undef, + Optional[Array[String]] $base_dn = undef, + Optional[String] $bind_dn_template = undef, + Boolean $open_tree = false, + Integer $base_config_order = 10, ) { ensure_packages(['phpldapadmin']) + # TODO # /etc/php7/php.ini # extension=ldap # exteniosn @@ -38,7 +86,23 @@ class phpldapadmin ( ensure => directory, } - file { '/etc/webapps/phpldapadmin/config.php': + concat { $config_file: + order => 'numeric', + } + + concat::fragment { 'phpLDAPadmin header': + order => 0, + source => "puppet:///modules/${module_name}/head.php", + } + + concat::fragment { 'phpLDAPadmin trailer': + order => 99, + source => "puppet:///modules/${module_name}/tail.php", + } + + concat::fragment { 'Base phpLDAPadmin configuration': content => epp("${module_name}/config.php.epp"), + target => $config_file, + order => $base_config_order, } } |