From f2fc3f8018963620e3d9772ce5544aace82ecb22 Mon Sep 17 00:00:00 2001 From: Michael Scherer Date: Sun, 29 May 2011 12:09:32 +0000 Subject: add a slave class to create a 2nd ldap --- modules/openldap/manifests/init.pp | 25 +++++++++++++++++++++++++ modules/openldap/templates/slapd.syncrepl.conf | 11 +++++++++++ 2 files changed, 36 insertions(+) create mode 100644 modules/openldap/templates/slapd.syncrepl.conf diff --git a/modules/openldap/manifests/init.pp b/modules/openldap/manifests/init.pp index 3d55cb5f..f8acb85f 100644 --- a/modules/openldap/manifests/init.pp +++ b/modules/openldap/manifests/init.pp @@ -77,4 +77,29 @@ class openldap { content => template("openldap/ldap.sysconfig"), } } + + # TODO create the user for sync in ldap + # syntaxic sugar + define slave_instance($rid) { + class { openldap::slave: + rid => $rid, + } + } + + class slave($rid) inherits common { + $sync_password = extlookup("ldap_syncuser-$hostname",'x'); + + # same access rights as master + file { '/etc/openldap/mandriva-dit-access.conf': + content => template("openldap/mandriva-dit-access.conf"), + } + + file { '/etc/openldap/slapd.conf': + content => template("openldap/slapd.conf",'openldap/slapd.syncrepl.conf'), + } + + file { '/etc/sysconfig/ldap': + content => template("openldap/ldap.sysconfig"), + } + } } diff --git a/modules/openldap/templates/slapd.syncrepl.conf b/modules/openldap/templates/slapd.syncrepl.conf new file mode 100644 index 00000000..6f5a69cb --- /dev/null +++ b/modules/openldap/templates/slapd.syncrepl.conf @@ -0,0 +1,11 @@ +syncrepl rid=<%= rid %> + provider=ldaps://ldap-master.<%= domain %>:636 + type=refreshAndPersist + searchbase="<%= dc_domain %>" + schemachecking=off + bindmethod=simple + binddn="cn=syncuser-<%= hostname%>,<%= dc_domain %>" + credentials=<%= sync_password %> + +updateref= ldaps://ldap-master.<%= domain %>:636 + -- cgit v1.2.1