forked from ungleich-public/cdist
[new-type] __openldap_server: Add a "schema" optional parameter.
This commit is contained in:
parent
bee95efa43
commit
fd430eab62
4 changed files with 31 additions and 20 deletions
|
@ -74,6 +74,13 @@ module
|
|||
LDAP module to load. See `slapd.conf(5)`.
|
||||
Default value is OS-dependent, see manifest.
|
||||
|
||||
schema
|
||||
Name of LDAP schema to load. Must be the name without extension of a
|
||||
`.schema` file in slapd's schema directory (usually `/etc/slapd/schema` or
|
||||
`/usr/local/etc/openldap/schema`).
|
||||
Example value: `inetorgperson`
|
||||
The type user must ensure that the schema file is deployed.
|
||||
This defaults to a sensible subset, for details see the type definition.
|
||||
|
||||
BOOLEAN PARAMETERS
|
||||
------------------
|
||||
|
|
|
@ -6,6 +6,7 @@ manager_password_hash=$(cat "${__object}/parameter/manager-password-hash")
|
|||
serverid=$(cat "${__object}/parameter/serverid")
|
||||
suffix=$(cat "${__object}/parameter/suffix")
|
||||
slapd_modules=$(cat "${__object}/parameter/module" || true)
|
||||
schemas=$(cat "${__object}/parameter/schema")
|
||||
|
||||
|
||||
OS="$(cat "${__global}/explorer/os")"
|
||||
|
@ -14,8 +15,8 @@ OS="$(cat "${__global}/explorer/os")"
|
|||
# TODO: treat other OS better, defaulting to Debian-like
|
||||
case "${OS}" in
|
||||
freebsd)
|
||||
PKGS="openldap-server"
|
||||
ETC="/usr/local/etc"
|
||||
PKGS="openldap-server"
|
||||
ETC="/usr/local/etc"
|
||||
SLAPD_DIR="/usr/local/etc/openldap"
|
||||
SLAPD_DATA_DIR="/var/db/openldap-data"
|
||||
SLAPD_RUN_DIR="/var/run/openldap"
|
||||
|
@ -27,7 +28,7 @@ case "${OS}" in
|
|||
;;
|
||||
*)
|
||||
PKGS="slapd ldap-utils"
|
||||
ETC="/etc"
|
||||
ETC="/etc"
|
||||
SLAPD_DIR="/etc/ldap"
|
||||
SLAPD_DATA_DIR="/var/lib/ldap"
|
||||
SLAPD_RUN_DIR="/var/run/slapd"
|
||||
|
@ -39,7 +40,6 @@ case "${OS}" in
|
|||
esac
|
||||
|
||||
|
||||
|
||||
# Determine if __letsencrypt_cert is to be used and setup vars accordingly
|
||||
if [ -f "${__object}/parameter/tls-cert" ]; then
|
||||
tls_cert=$(cat "${__object}/parameter/tls-cert")
|
||||
|
@ -161,24 +161,15 @@ TLSCACertificateFile ${tls_ca}
|
|||
disallow bind_anon
|
||||
require bind
|
||||
security tls=1
|
||||
|
||||
include ${SLAPD_DIR}/schema/corba.schema
|
||||
include ${SLAPD_DIR}/schema/core.schema
|
||||
include ${SLAPD_DIR}/schema/cosine.schema
|
||||
include ${SLAPD_DIR}/schema/duaconf.schema
|
||||
include ${SLAPD_DIR}/schema/dyngroup.schema
|
||||
include ${SLAPD_DIR}/schema/inetorgperson.schema
|
||||
include ${SLAPD_DIR}/schema/java.schema
|
||||
include ${SLAPD_DIR}/schema/misc.schema
|
||||
include ${SLAPD_DIR}/schema/nis.schema
|
||||
include ${SLAPD_DIR}/schema/openldap.schema
|
||||
include ${SLAPD_DIR}/schema/ppolicy.schema
|
||||
include ${SLAPD_DIR}/schema/collective.schema
|
||||
|
||||
modulepath ${SLAPD_MODULE_PATH}
|
||||
EOF
|
||||
|
||||
# Add specified schemas
|
||||
for schema in ${schemas}; do
|
||||
echo "include ${SLAPD_DIR}/schema/${schema}.schema" >> "${ldapconf}"
|
||||
done
|
||||
|
||||
# Add specified modules
|
||||
echo "modulepath ${SLAPD_MODULE_PATH}" >> "${ldapconf}"
|
||||
for module in ${slapd_modules}; do
|
||||
echo "moduleload ${module}.la" >> "${ldapconf}"
|
||||
done
|
||||
|
|
12
cdist/conf/type/__openldap_server/parameter/default/schema
Normal file
12
cdist/conf/type/__openldap_server/parameter/default/schema
Normal file
|
@ -0,0 +1,12 @@
|
|||
corba
|
||||
core
|
||||
cosine
|
||||
duaconf
|
||||
dyngroup
|
||||
inetorgperson
|
||||
java
|
||||
misc
|
||||
nis
|
||||
openldap
|
||||
ppolicy
|
||||
collective
|
|
@ -1,4 +1,5 @@
|
|||
description
|
||||
syncrepl-credentials
|
||||
syncrepl-searchbase
|
||||
tls-cert
|
||||
tls-privkey
|
||||
tls-ca
|
||||
|
|
Loading…
Reference in a new issue