Forge Home

simp_ds389

Profile module for SIMP DS389 server

777 downloads

493 latest version

3.6 quality score

Version information

  • 0.1.1 (latest)
  • 0.1.0
released Aug 19th 2021
This version is compatible with:
  • Puppet Enterprise 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x
  • Puppet >= 6.22.1 < 8.0.0
  • , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'simp-simp_ds389', '0.1.1'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add simp-simp_ds389
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install simp-simp_ds389 --version 0.1.1

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

simp/simp_ds389 — version 0.1.1 Aug 19th 2021

License CII Best Practices Puppet Forge Puppet Forge Downloads Build Status

Table of Contents

  1. Description
  2. Setup - The basics of getting started with simp_ds389
  3. Usage - Configuration options and additional functionality
  4. Reference - An under-the-hood peek at what the module is doing and how
  5. Limitations - OS compatibility, etc.
  6. Development - Guide for contributing to the module

Description

This is a profile module used by SIMP to configure 389ds LDAP instances for use within the SIMP ecosystem.

Currently it contains the following instances:

  • accounts - Configures a TLS-enabled accounts LDAP instance that will be used to hold user accounts and groups and works with other SIMP modules.

This is a SIMP module

This module is a component of the System Integrity Management Platform, a compliance-management framework built on Puppet.

If you find any issues, submit them to our bug tracker.

This module is optimally designed for use within a larger SIMP ecosystem, but it can be used independently:

  • When included within the SIMP ecosystem, security compliance settings will be managed from the Puppet server.
  • If used independently, all SIMP-managed security subsystems are disabled by default and must be explicitly opted into by administrators. Please review the parameters in simp/simp_options for details.

Setup

The 389ds instances in this module are configured to work within a SIMP eco system.

Each instance can be used separately. See the individual instance for instructions on configuring it.

Accounts Instance

Description

The accounts instance, simp_ds389::instance::accounts, will set up a 389ds LDAP instance to be used for user authentication.

  • It installs an configures a 389ds instance with TLS-enabled communication.

    • It can be configured for either TLS and STARTTLS.
  • It configures a default password policy the is compliant with most standards.

  • It configures a bind user.

  • It configures 2 groups:

    • 'user' - group for general users
    • 'administrators' - group to allow administrator access to systems.
  • It configures the firewall to allow access to the LDAP instance.

Usage

To set up a 389ds server to use for user authentication with in a SIMP ecosystem simply include this module.

include 'simp_ds389::instance::accounts'

If the root DN and bind DN password parameters are not explicitly set, they will be automatically generated using simplib::passgen.

Reference

Please refer to the inline documentation within each source file, or to REFERENCE.md for generated reference material.

You may also be interested in the documentation for the simp/ds389 module, which is what this module uses to install 389ds and create 389ds instances.

Limitations

The 389ds management console GUI is not configured. You can install it manually if it is needed.

At this time replication is not configured automatically.

SIMP Puppet modules are generally intended for use on Red Hat Enterprise Linux and compatible distributions, such as CentOS. Please see the metadata.json file for the most up-to-date list of supported operating systems, Puppet versions, and module dependencies.

Development

Please read our Contribution Guide.

Acceptance tests

This module includes Beaker acceptance tests using the SIMP Beaker Helpers. By default the tests use Vagrant with VirtualBox as a back-end; Vagrant and VirtualBox must both be installed to run these tests without modification. To execute the tests run the following:

bundle install
bundle exec rake beaker:suites[default]

Some environment variables may be useful:

BEAKER_debug=true
BEAKER_provision=no
BEAKER_destroy=no
BEAKER_use_fixtures_dir_for_modules=yes
  • BEAKER_debug: show the commands being run on the STU and their output.
  • BEAKER_destroy=no: prevent the machine destruction after the tests finish so you can inspect the state.
  • BEAKER_provision=no: prevent the machine from being recreated. This can save a lot of time while you're writing the tests.
  • BEAKER_use_fixtures_dir_for_modules=yes: cause all module dependencies to be loaded from the spec/fixtures/modules directory, based on the contents of .fixtures.yml. The contents of this directory are usually populated by bundle exec rake spec_prep. This can be used to run acceptance tests to run on isolated networks.

Please refer to the SIMP Beaker Helpers documentation for more information.