From 95e87fa9448d4806ba4fc5341ffbbf21e06ef092 Mon Sep 17 00:00:00 2001 From: Michael Scherer Date: Fri, 29 Oct 2010 01:05:58 +0000 Subject: - add ldap config file, with ldap restricted to localhost (until we set a firewall or stricter acl) --- modules/openldap/manifests/init.pp | 14 ++++++++++++ modules/openldap/templates/ldap.sysconfig | 37 +++++++++++++++++++++++++++++++ 2 files changed, 51 insertions(+) create mode 100644 modules/openldap/templates/ldap.sysconfig diff --git a/modules/openldap/manifests/init.pp b/modules/openldap/manifests/init.pp index b7332d88..4270a885 100644 --- a/modules/openldap/manifests/init.pp +++ b/modules/openldap/manifests/init.pp @@ -34,6 +34,16 @@ class openldap { notify => [Service['ldap']] } + file { '/etc/sysconfig/ldap': + ensure => present, + owner => root, + group => root, + mode => 644, + require => Package["openldap-servers"], + content => "", + notify => [Service['ldap']] + } + class master inherits base { file { '/etc/openldap/mandriva-dit-access.conf': content => template("openldap/mandriva-dit-access.conf"), @@ -42,5 +52,9 @@ class openldap { file { '/etc/openldap/slapd.conf': content => template("openldap/slapd.conf"), } + + file { '/etc/sysconfig/ldap': + content => template("openldap/ldap.sysconfig"), + } } } diff --git a/modules/openldap/templates/ldap.sysconfig b/modules/openldap/templates/ldap.sysconfig new file mode 100644 index 00000000..a5830732 --- /dev/null +++ b/modules/openldap/templates/ldap.sysconfig @@ -0,0 +1,37 @@ +# debug level for slapd +SLAPDSYSLOGLEVEL="0" +SLAPDSYSLOGLOCALUSER="local4" + +# SLAPD URL list +SLAPDURLLIST="ldap://127.0.0.1/ ldaps://127.0.0.1/" + +# Config file to use for slapd +#SLAPDCONF=/etc/openldap/slapd.conf + +# Which user to run as +#LDAPUSER=ldap +#LDAPGROUP=ldap + +# Should file permissions on database files be fixed at startup. Default is yes +# FIXPERMS=no + +# Whether database recovery should be run before starting slapd in start +# (not strictly be necessary in 2.3). Default is no +# AUTORECOVER=yes + +# At what intervals to run ldap-hot-db-backup from cron, which will +# do hot database backups for all bdb/hdb databases, and archive +# unnecessary transaction logs, one of hourly,daily,weekly,monthly,yearly +# Default is daily +# RUN_DB_BACKUP=daily + +# How many days to keep archived transaction logs for. This should be just +# greater than the backup interval on these files. Default is 7 +# KEEP_ARCHIVES_DAYS=7 + +# How many files slapd should be able to have open. By default, the process +# will inherit the default per-process limit (usually 1024), which may +# not be enough, so ulimit -n is run with the value in MAXFILES (which +# defaults to 1024 as well). 4096 is the maximum OpenLDAP will use without +# recompiling. +# MAXFILES=4096 -- cgit v1.2.1