Forge Home


Installs and configures nslcd.


198 latest version

4.6 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 0.4.4 (latest)
  • 0.4.3
  • 0.4.2 (deleted)
  • 0.4.1
  • 0.4.0
  • 0.3.0
released Nov 23rd 2023
This version is compatible with:
  • Puppet Enterprise 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x
  • Puppet >= 5.4.0 < 7.0.0
  • , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'geekix-nslcd', '0.4.4'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add geekix-nslcd
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install geekix-nslcd --version 0.4.4

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.



geekix/nslcd — version 0.4.4 Nov 23rd 2023


Table of Contents

  1. Overview
  2. Dependencies
  3. Usage
  4. What the module affects
  5. Parameters
  6. Extend the configuration
  7. Limitations
  8. Development


This module installs and configured a local NSLCD daemon. NSLCD is used to provide LDAP authentication through PAM/NSS.


Stdlib -


The module includes a few sane defaults, so it should work out of the box.
Just fill in these parameters :

  • Example
    ldap_uris => ['ldap://','ldap://'],
    ldap_search_base => 'dc=company,dc=com'
  • The same in Hiera
  - 'ldap://'
  - 'ldap://'
nslcd::ldap_search_base: 'dc=company,dc=com'
  • Will give this in the config file
uri ldap:// ldap://
base dc=company,dc=com

What the module affects

  • nslcd package and service
  • /etc/nslcd.conf


Parameter Parameter type Default value Description
package_ensure Variant[Boolean,String] present Sets if the package should be present or absent.
package_name String Depends on the Linux distrib Name of the package to install. Set if your platform is not supported.
package_manage Boolean true Sets if the module should manage or not the package installation.
service_ensure Variant[Boolean,Enum['stopped','running']] running Sets if the service should be running or stopped.
service_enable Boolean true Sets if the service should be started on system boot.
service_name String nslcd Sets the name of the service. Set if your platform is not supported.
service_manage Boolean true Sets if the module should manage or not the service.
uid String nslcd Sets the user to start the daemon.
gid String Depends on the Linux distrib Sets the group to start the daemon.
config Stdlib::Unixpath /etc/nslcd.conf Sets the path of the config file.
config_user String root Sets the owner of the config file.
config_group String Depends on the Linux distrib Sets the group of the config file.
config_mode Stdlib::Filemode Depends on the Linux distrib Permission of the config file.
ldap_uris Array[String] ldap:/// Array of LDAP servers.
ldap_version Enum['2','3'] 3 Sets the LDAP version to use.
ldap_binddn String undef Sets the DN (distinguished name) to bind to the LDAP servers.
ldap_bindpw String undef Sets the password to bind to the LDAP servers. Only used if the parameter ldap_binddn is set.
ldap_search_base String undef Sets the base DN (distinguished name) to use as the search base.
ldap_group_base String undef Sets the base DN (distinguished name) to use as the group search base.
ldap_search_scope Enum['sub','subtree','one','onelevel','base'] subtree Sets the search scope depth.
config_options Hash {} Key/Value hash to extend the configuration.
ldap_filters Hash {} Sets the LDAP search filter for specific mapping.
ldap_maps Hash {} Allows for custom attributes to be looked up.
ldap_ssl Enum['on','off','start_tls'] off Whether to use SSL/TLS for the connexion to the LDAP servers.
ldap_tls_reqcert Enum['never','allow','try','demand','hard'] allow Sets what checks to perform on a server-supplied certificate.
ldap_tls_cacertfile String undef Sets the path of the PEM-format file containing certificates for the CA's that will be trusted.
bind_timelimit Integer undef Sets the time limit (in seconds) to setup a connexion with the LDAP server.
timelimit Integer undef Sets the time limit (in seconds) to wait for a response from the LDAP server.
idle_timelimit Integer undef Sets the period if inactivity (in seconds) after which the connection to the LDAP server will be closed.
reconnect_sleeptime Integer 1 Sets the number of seconds to sleep when connecting to all LDAP servers fails.
reconnect_retrytime Integer 10 Sets the time after which the LDAP server is considered to be permanently unavailable. Once this time is reached retries will be done only once per this time period.

Extend the configuration

The module exposes the most commonly used paramaters. However, to extend the configuration use the config_options parameter. It allows you to set any parameter not listed above.

  • Example configuration
      threads: '10'
  • The same config in Hiera
  threads: '10'
  • Will give this in the config file
threads 10


The module has been tested with :

  • Ubuntu 14.04 / 16.04 / 18.04 / 20.04
  • Debian 8 / 9 / 10 / 11
  • Puppet 4 / 5 / 6


If you want to improve this module, send us a pull request !