- deploy ldap with puppet on valstar

1 files changed, 95 insertions, 0 deletions

diff --git a/modules/openldap/templates/slapd.conf b/modules/openldap/templates/slapd.conf
new file mode 100644
index 00000000..44226cee
--- /dev/null
+++ b/modules/openldap/templates/slapd.conf
@@ -0,0 +1,95 @@
+# slapd.conf template
+include	/usr/share/openldap/schema/core.schema
+include	/usr/share/openldap/schema/cosine.schema
+include	/usr/share/openldap/schema/corba.schema 
+include	/usr/share/openldap/schema/inetorgperson.schema
+include	/usr/share/openldap/schema/java.schema 
+include	/usr/share/openldap/schema/krb5-kdc.schema
+#include /usr/share/openldap/schema/kerberosobject.schema
+include	/usr/share/openldap/schema/misc.schema
+include	/usr/share/openldap/schema/nis.schema
+include	/usr/share/openldap/schema/openldap.schema 
+include /usr/share/openldap/schema/autofs.schema
+include /usr/share/openldap/schema/samba.schema
+include /usr/share/openldap/schema/kolab.schema
+include /usr/share/openldap/schema/evolutionperson.schema
+include /usr/share/openldap/schema/calendar.schema
+include /usr/share/openldap/schema/sudo.schema
+include /usr/share/openldap/schema/dnszone.schema
+include /usr/share/openldap/schema/dhcp.schema
+include /usr/share/openldap/schema/dyngroup.schema
+include /usr/share/openldap/schema/ppolicy.schema
+
+#include	/etc/openldap/schema/local.schema
+
+pidfile		/var/run/ldap/slapd.pid
+argsfile	/var/run/ldap/slapd.args
+
+modulepath	/usr/lib/openldap
+moduleload	back_monitor.la
+moduleload	syncprov.la
+moduleload	ppolicy.la
+#moduleload	refint.la
+
+TLSCertificateFile      /etc/ssl/openldap/ldap.pem
+TLSCertificateKeyFile   /etc/ssl/openldap/ldap.pem
+TLSCACertificateFile    /etc/ssl/openldap/ldap.pem
+
+loglevel 256
+
+database	bdb
+suffix		"dc=mageia,dc=org"
+directory	/var/lib/ldap
+rootdn		"cn=manager,dc=mageia,dc=org"
+
+checkpoint 256 5
+# 32Mbytes, can hold about 10k posixAccount entries
+dbconfig set_cachesize 0 33554432 1
+dbconfig set_lg_bsize 2097152
+cachesize 1000
+idlcachesize 3000
+
+index	objectClass					eq
+index	uidNumber,gidNumber,memberuid,member		eq
+index	uid						eq,subinitial
+index	cn,mail,surname,givenname			eq,subinitial
+index	sambaSID					eq,sub
+index	sambaDomainName,displayName,sambaGroupType	eq
+index	sambaSIDList					eq
+index	krb5PrincipalName				eq
+index	uniqueMember					pres,eq
+index	zoneName,relativeDomainName			eq
+index	sudouser					eq,sub
+index	entryCSN,entryUUID				eq
+index	dhcpHWAddress,dhcpClassData			eq
+
+overlay syncprov
+syncprov-checkpoint 100 10
+syncprov-sessionlog 100
+
+overlay ppolicy
+ppolicy_default "cn=default,ou=Password Policies,dc=mageia,dc=org"
+ppolicy_hash_cleartext yes
+ppolicy_use_lockout yes
+
+
+# uncomment if you want to automatically update group
+# memberships when an user is removed from the tree
+# Also uncomment the refint.la moduleload above
+#overlay refint
+#refint_attributes member
+#refint_nothing "uid=LDAP Admin,ou=System Accounts,dc=example,dc=com"
+
+authz-regexp "gidNumber=0\\\+uidNumber=0,cn=peercred,cn=external,cn=auth"
+	"uid=Account Admin,ou=System Accounts,dc=mageia,dc=org"
+authz-regexp ^uid=([^,]+),cn=[^,]+,cn=auth$ uid=$1,ou=People,dc=mageia,dc=org
+
+include /etc/openldap/mandriva-dit-access.conf
+
+
+database monitor
+access to dn.subtree="cn=Monitor"
+	by group.exact="cn=LDAP Monitors,ou=System Groups,dc=mageia,dc=org" read
+	by group.exact="cn=LDAP Admins,ou=System Groups,dc=mageia,dc=org" read
+	by * none
+