LDAP passwd Enumerator for Puppet




9,627 latest version

1.9 quality score

Version information

  • 0.0.8 (latest)
  • 0.0.5
  • 0.0.3
  • 0.0.2
released Nov 18th 2012

Start using this module


new23d/lpep — version 0.0.8 Nov 18th 2012


LDAP passwd Enumerator for Puppet


Add users and groups from Active Directory to your Red Hat 6.x compatible systems


Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License


On Red Hat 6.x compatible systems:

(1) command: yum install pam_ldap (2) command: authconfig --enableldapauth --ldapserver="ldap://ad.example.com" --ldapbasedn="dc=example,dc=com" --updateall (3) in /etc/pam_ldap.conf, add the following lines towards the end

binddn cn=foo,ou=bar,dc=example,dc=com
bindpw fubar
pam_login_attribute sAMAccountName

In the lpep module:

(1) edit manifests/lpep.ini to configure ldap settings (2) ensure bin/lpep.py is executable (3) ensure manifests/lpep.pp , bin/lpep.db and bin/profiling.log are writable


(1) include the class lpep in your manifests to have the module query your ldap source and populate its database and manifest files; having done this, you can manually inspect bin/lpep.db using a tool like the sqlite manager extension for firefox, and manifests/lpep.pp for a manifest of users and groups

class {lpep: }

(2) include the class lpep::exec in your manifests to deploy the users and groups generated earlier onto targeted nodes

class {lpep::exec: }

Known Issues

(1) objects are tracked only by their username (or sAMAccountName) and not by SID, therefore if a username were to change, that would generate a new numeric uid (2) objects are not removed from the target system's local user database, but if the ldap authentication were to fail, the user won't be able to login anyway (3) limited to upto 1000 objects from active directory


(1) objects are stored in a local sqlite database, and the numeric uids and gids retained (2) coded originally for domino ldap, therefore the routines may not be ideal for active directory


CentOS Linux Integration with Active Directory