port389

Manages the port 389 Directory Server

Module Stats

10,765 downloads

10,765 latest version

3.5 quality score

Support the Puppet Community by contributing to this module

You are welcome to contribute to this module by suggesting new features, currency updates, or fixes. Every contribution is valuable to help ensure that the module remains compatible with the latest Puppet versions and continues to meet community needs. Complete the following steps:

Review the module’s contribution guidelines and any licenses. Ensure that your planned contribution aligns with the author’s standards and any legal requirements.
Fork the repository on GitHub, make changes on a branch of your fork, and submit a pull request. The pull request must clearly document your proposed change.

For questions about updating the module, contact the module’s author.

Version information

released Mar 6th 2014

Start using this module

Installation method

Add this module to your Puppetfile:

mod 'jhoblitt-port389', '0.1.0'

Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add jhoblitt-port389

Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install jhoblitt-port389 --version 0.1.0

Tags: redhat, rhel, directory, server, fedora, ldap, centos, scientific, port, port389, 389, ds

Documentation

jhoblitt/port389 — version 0.1.0 Mar 6th 2014

Puppet port389 Module

Overview
Description
Usage
- Example
- Classes
- Types
- Functions
Limitations
- Tested Platforms
Versioning
Support
See Also

Overview

Manages the port 389 Directory Server

Description

This is a module for the management of the 389 Directory Server aka 389 DS aka port 389 aka Fedora Directory Server aka Red Hat Directory Server. It aims to cover most common initial provisioning needs but replication is not yet support.

Usage

As the typical installation of 389 DS is done with the setup-ds-admin.pl script, this module attemps to provide an API that's highly analogus to the keys in the .inf that may optionally be passed to the configuration script for so called unattneded installs.

##Example

# java is needed if you want to use the 389-console, otherwise - no needed for installation
include java

# augeasproviders must be in a working state to enable server tuning
include augeas

class { 'port389':
  enable_tuning              => true,
  admin_domain               => 'example.org',
  config_directory_admin_pwd => 'password',
  server_admin_pwd           => 'password',
  root_dn_pwd                => 'password',
  enable_ssl                 => true,
  enable_server_admin_ssl    => false,
  ssl_cert                   => '/tmp/example.org.pem',
  ssl_key                    => '/tmp/example.org.key',
  ssl_ca_certs               => {
    'AlphaSSL CA'        => '/tmp/alphassl_intermediate.pem',
    'GlobalSign Root CA' => '/tmp/globalsign_root.pem',
  },
  require                    => Class['augeas'],
}

port389::instance { 'ldap1':
  schema_file => '/tmp/mycustomschema.ldif',
}

##Classes

# defaults
class { 'port389':
  ensure                     => 'present',
  package_ensure             => 'httpd',
  package_name               => [
    '389-admin',
    '389-admin-console',
    '389-admin-console-doc',
    '389-adminutil',
    '389-adminutil-devel',
    '389-console',
    '389-ds',
    '389-ds-base',
    '389-ds-base-devel',
    '389-ds-base-libs',
    '389-ds-console',
    '389-ds-console-doc',
  ],
  enable_tuning              => false,
  user                       => 'nobody',
  group                      => 'nobody',
  admin_domain               => $::domain,
  config_directory_admin_id  => 'admin',
  config_directory_admin_pwd => 'password',
  config_directory_ldap_url  => "ldap://${::fqdn}:389/o=NetscapeRoot",
  full_machine_name          => $::fqdn,
  server_admin_port          => '9830',
  server_admin_id            => 'admin',
  server_admin_pwd           => 'password',
  server_ipaddress           => '0.0.0.0',
  root_dn                    => 'cn=Directory Manager',
  root_dn_pwd                => 'password',
  server_port                => '389',
  setup_dir                  => '/var/lib/dirsrv/setup',
  enable_ssl                 => false,
  enable_server_admin_ssl    => false,
  ssl_server_port            => '636',
  ssl_cert                   => undef,
  ssl_key                    => undef,
  ssl_ca_certs               => {},
}

ensure

String defaults to present

Must be one of present, absent, latest, purged. Provides typical package ensurable semantics with the exception of the purge value which will attempt to delete all 389 associated data and configuration from your system.
package_ensure

String|Array defaults to httpd

A list of packages to ensure the existance of with the ensure_packages() function from stdlib. This is neeeded because the 389 admin server packages from EL do not have a dependency on apache.
package_name

Array defaults to [ '389-admin', ... ]

The list of packages to manage as providing 389 ds.
enable_tuning

Bool defaults to false

Enables/disable automatically tuning the system per the Red Hat Directory Server 9.0 Performance Tuning Guide section on Optimizing System Performance.
user

String defaults to nobody

The role user account that owns the DS files and the slapd daemons are run as.
group

String defaults to nobody

The role group.

The following parameters directly control values in the .inf file passed to setup-ds-admin.pl to create directory service instances. CamelCase .inf keys are represented as lowercase parameters names with _s between words. Eg. AdminDomain is transliterated to the admin_domain parameter.

See the Red Hat Directory Server 9.0 Installation Guide's section on Silent Setup for a listing of all .inf file keys.

 * `admin_domain`
 * `config_directory_admin_id`
 * `config_directory_admin_pwd`
 * `config_directory_ldap_url`
 * `full_machine_name`
 * `server_admin_port`
 * `server_admin_id`
 * `server_admin_pwd`
 * `server_ipaddress`
 * `root_dn`
 * `root_dn_pwd`
 * `server_port`

setup_dir

String/aboslute path defaults to /var/lib/dirsrv/setup

The path used by the module for it's internal state files.
enable_ssl

Bool defaults to false

Enables/disables setup of SSL/TLS connections to the directory server.

If set, these paramters are manadatory:
```
 * `ssl_server_port`
 * `ssl_cert`
 * `ssl_key`
 * `ssl_ca_certs`
```
enable_server_admin_ssl

Bool defaults to false

XXX This feature appears to be broken, either in terms of the setup done by this module or in the current release of 389 DS server itselfs and/or the interaction with it's dependency.

Enables/disables the usage of SSL/TLS connections between the admin server and the directory instances.

If set, these paramters are manadatory:
```
 * `enable_ssl`
 * `ssl_server_port`
 * `ssl_cert`
 * `ssl_key`
 * `ssl_ca_certs`
```

The following parameters are ignored unless enable_ssl or enable_server_admin_ssl is true.

ssl_server_port

String defaults to 636

Sets the port used for LDAPS connections.
ssl_cert

String/aboslute path defaults to undef

Path to the .pem format certificate to use for SSL/TLS connections.
ssl_key

String/aboslute path defaults to undef

Path to the .pem format key to use for SSL/TLS connections.
ssl_ca_certs

Hash defaults to {}

Nickname / absolute path pairs to any chained certificate authority (CA) certs that may be needed.
```
{
  'AlphaSSL CA'        => '/tmp/alphassl_intermediate.pem',
  'GlobalSign Root CA' => '/tmp/globalsign_root.pem',
}
```

##Types

#defaults
port389::instance { <title>:
  $admin_domain               = $::port389::admin_domain,
  $config_directory_admin_id  = $::port389::config_directory_admin_id,
  $config_directory_admin_pwd = $::port389::config_directory_admin_pwd,
  $config_directory_ldap_url  = $::port389::config_directory_ldap_url,
  $root_dn                    = $::port389::root_dn,
  $root_dn_pwd                = $::port389::root_dn_pwd,
  $server_port                = $::port389::server_port,
  $schema_file                = undef,
  $suffix                     = port389_domain2dn($::port389::admin_domain),
  $enable_ssl                 = $::port389::enable_ssl,
  $ssl_server_port            = $::port389::ssl_server_port,
  $ssl_cert                   = $::port389::ssl_cert,
  $ssl_key                    = $::port389::ssl_key,
  $ssl_ca_certs               = $::port389::ssl_ca_certs,
}

See the Red Hat Directory Server 9.0 Installation Guide's section on Silent Setup for a listing of all .inf file keys.

 * `admin_domain`
 * `config_directory_admin_id`
 * `config_directory_admin_pwd`
 * `config_directory_ldap_url`
 * `root_dn`
 * `root_dn_pwd`
 * `server_port`
 * `schema_file`
 * `suffix`

schema_file

String|Array defaults to 'undef'

Note that this paramter may except an array of absolute paths to schema files to be used when creating a new ldap instance.
enable_ssl

Bool defaults to false

Enables/disables setup of SSL/TLS connections to the directory server.

If set, these paramters are manadatory:
```
 * `ssl_server_port`
 * `ssl_cert`
 * `ssl_key`
 * `ssl_ca_certs`
```
ssl_server_port

String defaults to 636

Sets the port used for LDAPS connections.
ssl_cert

String/aboslute path defaults to undef

Path to the .pem format certificate to use for SSL/TLS connections.
ssl_key

String/aboslute path defaults to undef

Path to the .pem format key to use for SSL/TLS connections.
ssl_ca_certs

Hash defaults to {}

Nickname / absolute path pairs to any chained certificate authority (CA) certs that may be needed.
```
{
  'AlphaSSL CA'        => '/tmp/alphassl_intermediate.pem',
  'GlobalSign Root CA' => '/tmp/globalsign_root.pem',
}
```

Functions

###port389_domain2dn

Converts a DNS style domain string into a string suitable for use as a LDAP DN by constructing 'dc=' elements for each domain component.

Example:

foo.example.org

Would become:

dc=foo,dc=example,dc=org

Limitations

Tested Platforms

Versioning

This module is versioned according to the Semantic Versioning 2.0.0 specification.

Support

Please log tickets and issues at github

Copyright (C) 2014 Joshua Hoblitt <jhoblitt@cpan.org>

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

   http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

Modules

Discover

Contribute

Puppet

Premium features

Downloads

Resources

About Forge

Getting Started