1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
|
# @summary Configures PHPLDAPAdmin
# @param servername
# Pretty name for the server
#
# Only used if `$ldap_servers` is unset.
# @param server_uri
# Address of ldap server to connect to
# /* Examples:
# 'ldap.example.com',
# 'ldaps://ldap.example.com/',
# 'ldapi://%2fusr%local%2fvar%2frun%2fldapi'
# (Unix socket at /usr/local/var/run/ldap) */
#
# Only used if `$ldap_servers` is unset.
# @param port
# Port of ldap server to connect to
#
# Only used if `$ldap_servers` is unset.
# @param debug_mode
# @param tmpdir
# @param timezone
# @param friendly_attrs
# @param auth_type
# @param blowfish_secret
# phpLDAPadmin can encrypt the content of sensitive cookies if you
# set this to a big random string.
# @param base_dn
# Optional list of base DNs of the ldap server. If left blank
# then phpLDAPadmin auto-detect it for you
# @param bind_dn_template
# If login_attr was set to 'dn', it is possible to specify a template string to
# build the DN from. Use '%s' where user input should be inserted. A user may
# still enter the complete DN. In this case the template will not be used.
#
# Example: "cn=%s,ou=people,dc=example,dc=com"
# @param config_file
# Path to the configuration file.
# TODO manage the symlink from the webroot to the configuration file.
# @param ldap_servers
# List of configured ldap servers. Defaults to a single server
# consisting of $server_uri, $servername, and $port.
#
# @param open_tree
# @param base_config_order
class phpldapadmin (
String $servername = 'My LDAP Server',
String $server_uri = '127.0.0.1',
Optional[Integer[0, 65535]] $port = undef,
String $config_file = '/etc/webapps/phpldapadmin/config.php',
Boolean $debug_mode = false,
String $tmpdir = '/tmp',
Optional[String] $timezone = undef,
Hash[String, String] $friendly_attrs = {
'facsimileTelephoneNumber' => 'Fax',
'gid' => 'Group',
'mail' => 'Email',
'telephoneNumber' => 'Telephone',
'uid' => 'User Name',
'userPassword' => 'Password',
},
Enum['cookie', 'session', 'http', 'config', 'sasl', 'sasl_external'] $auth_type = 'session',
Array[Struct[{
name => Optional[String],
host => String,
port => Optional[Stdlib::Port],
}]] $ldap_servers = [{
name => $servername,
host => $server_uri,
port => $port,
}],
Optional[Sensitive[String]] $blowfish_secret = undef,
Optional[Array[String]] $base_dn = undef,
Optional[String] $bind_dn_template = undef,
Boolean $open_tree = false,
Integer $base_config_order = 10,
) {
ensure_packages(['phpldapadmin'])
# TODO
# /etc/php7/php.ini
# extension=ldap
# extension
# TODO also ensure writable by web server
file { $tmpdir:
ensure => directory,
}
concat { $config_file:
order => 'numeric',
}
concat::fragment { 'phpLDAPadmin header':
order => 0,
source => "puppet:///modules/${module_name}/head.php",
}
concat::fragment { 'phpLDAPadmin trailer':
order => 99,
source => "puppet:///modules/${module_name}/tail.php",
}
concat::fragment { 'Base phpLDAPadmin configuration':
content => epp("${module_name}/config.php.epp"),
target => $config_file,
order => $base_config_order,
}
}
|