forked from ungleich-public/cdist
[new-type] __openldap_server: Add a "schema" optional parameter.
This commit is contained in:
parent
bee95efa43
commit
fd430eab62
4 changed files with 31 additions and 20 deletions
|
@ -74,6 +74,13 @@ module
|
||||||
LDAP module to load. See `slapd.conf(5)`.
|
LDAP module to load. See `slapd.conf(5)`.
|
||||||
Default value is OS-dependent, see manifest.
|
Default value is OS-dependent, see manifest.
|
||||||
|
|
||||||
|
schema
|
||||||
|
Name of LDAP schema to load. Must be the name without extension of a
|
||||||
|
`.schema` file in slapd's schema directory (usually `/etc/slapd/schema` or
|
||||||
|
`/usr/local/etc/openldap/schema`).
|
||||||
|
Example value: `inetorgperson`
|
||||||
|
The type user must ensure that the schema file is deployed.
|
||||||
|
This defaults to a sensible subset, for details see the type definition.
|
||||||
|
|
||||||
BOOLEAN PARAMETERS
|
BOOLEAN PARAMETERS
|
||||||
------------------
|
------------------
|
||||||
|
|
|
@ -6,6 +6,7 @@ manager_password_hash=$(cat "${__object}/parameter/manager-password-hash")
|
||||||
serverid=$(cat "${__object}/parameter/serverid")
|
serverid=$(cat "${__object}/parameter/serverid")
|
||||||
suffix=$(cat "${__object}/parameter/suffix")
|
suffix=$(cat "${__object}/parameter/suffix")
|
||||||
slapd_modules=$(cat "${__object}/parameter/module" || true)
|
slapd_modules=$(cat "${__object}/parameter/module" || true)
|
||||||
|
schemas=$(cat "${__object}/parameter/schema")
|
||||||
|
|
||||||
|
|
||||||
OS="$(cat "${__global}/explorer/os")"
|
OS="$(cat "${__global}/explorer/os")"
|
||||||
|
@ -14,8 +15,8 @@ OS="$(cat "${__global}/explorer/os")"
|
||||||
# TODO: treat other OS better, defaulting to Debian-like
|
# TODO: treat other OS better, defaulting to Debian-like
|
||||||
case "${OS}" in
|
case "${OS}" in
|
||||||
freebsd)
|
freebsd)
|
||||||
PKGS="openldap-server"
|
PKGS="openldap-server"
|
||||||
ETC="/usr/local/etc"
|
ETC="/usr/local/etc"
|
||||||
SLAPD_DIR="/usr/local/etc/openldap"
|
SLAPD_DIR="/usr/local/etc/openldap"
|
||||||
SLAPD_DATA_DIR="/var/db/openldap-data"
|
SLAPD_DATA_DIR="/var/db/openldap-data"
|
||||||
SLAPD_RUN_DIR="/var/run/openldap"
|
SLAPD_RUN_DIR="/var/run/openldap"
|
||||||
|
@ -27,7 +28,7 @@ case "${OS}" in
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
PKGS="slapd ldap-utils"
|
PKGS="slapd ldap-utils"
|
||||||
ETC="/etc"
|
ETC="/etc"
|
||||||
SLAPD_DIR="/etc/ldap"
|
SLAPD_DIR="/etc/ldap"
|
||||||
SLAPD_DATA_DIR="/var/lib/ldap"
|
SLAPD_DATA_DIR="/var/lib/ldap"
|
||||||
SLAPD_RUN_DIR="/var/run/slapd"
|
SLAPD_RUN_DIR="/var/run/slapd"
|
||||||
|
@ -39,7 +40,6 @@ case "${OS}" in
|
||||||
esac
|
esac
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# Determine if __letsencrypt_cert is to be used and setup vars accordingly
|
# Determine if __letsencrypt_cert is to be used and setup vars accordingly
|
||||||
if [ -f "${__object}/parameter/tls-cert" ]; then
|
if [ -f "${__object}/parameter/tls-cert" ]; then
|
||||||
tls_cert=$(cat "${__object}/parameter/tls-cert")
|
tls_cert=$(cat "${__object}/parameter/tls-cert")
|
||||||
|
@ -161,24 +161,15 @@ TLSCACertificateFile ${tls_ca}
|
||||||
disallow bind_anon
|
disallow bind_anon
|
||||||
require bind
|
require bind
|
||||||
security tls=1
|
security tls=1
|
||||||
|
|
||||||
include ${SLAPD_DIR}/schema/corba.schema
|
|
||||||
include ${SLAPD_DIR}/schema/core.schema
|
|
||||||
include ${SLAPD_DIR}/schema/cosine.schema
|
|
||||||
include ${SLAPD_DIR}/schema/duaconf.schema
|
|
||||||
include ${SLAPD_DIR}/schema/dyngroup.schema
|
|
||||||
include ${SLAPD_DIR}/schema/inetorgperson.schema
|
|
||||||
include ${SLAPD_DIR}/schema/java.schema
|
|
||||||
include ${SLAPD_DIR}/schema/misc.schema
|
|
||||||
include ${SLAPD_DIR}/schema/nis.schema
|
|
||||||
include ${SLAPD_DIR}/schema/openldap.schema
|
|
||||||
include ${SLAPD_DIR}/schema/ppolicy.schema
|
|
||||||
include ${SLAPD_DIR}/schema/collective.schema
|
|
||||||
|
|
||||||
modulepath ${SLAPD_MODULE_PATH}
|
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
|
# Add specified schemas
|
||||||
|
for schema in ${schemas}; do
|
||||||
|
echo "include ${SLAPD_DIR}/schema/${schema}.schema" >> "${ldapconf}"
|
||||||
|
done
|
||||||
|
|
||||||
# Add specified modules
|
# Add specified modules
|
||||||
|
echo "modulepath ${SLAPD_MODULE_PATH}" >> "${ldapconf}"
|
||||||
for module in ${slapd_modules}; do
|
for module in ${slapd_modules}; do
|
||||||
echo "moduleload ${module}.la" >> "${ldapconf}"
|
echo "moduleload ${module}.la" >> "${ldapconf}"
|
||||||
done
|
done
|
||||||
|
|
12
cdist/conf/type/__openldap_server/parameter/default/schema
Normal file
12
cdist/conf/type/__openldap_server/parameter/default/schema
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
corba
|
||||||
|
core
|
||||||
|
cosine
|
||||||
|
duaconf
|
||||||
|
dyngroup
|
||||||
|
inetorgperson
|
||||||
|
java
|
||||||
|
misc
|
||||||
|
nis
|
||||||
|
openldap
|
||||||
|
ppolicy
|
||||||
|
collective
|
|
@ -1,4 +1,5 @@
|
||||||
description
|
|
||||||
syncrepl-credentials
|
syncrepl-credentials
|
||||||
syncrepl-searchbase
|
syncrepl-searchbase
|
||||||
tls-cert
|
tls-cert
|
||||||
|
tls-privkey
|
||||||
|
tls-ca
|
||||||
|
|
Loading…
Reference in a new issue