Forge Home


Manages OpenLDAP and related security bindings


212 latest version

4.7 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 6.9.1 (latest)
  • 6.9.0
  • 6.7.0
  • 6.6.0
  • 6.5.0
  • 6.4.3
  • 6.4.2
  • 6.4.1
  • 6.4.0
  • 6.3.2
  • 6.3.1
  • 6.3.0
  • 6.2.1
  • 6.1.2
  • 6.1.1
  • 6.1.0
  • 6.0.4
  • 6.0.3
  • 6.0.2
released Oct 18th 2023
This version is compatible with:
  • Puppet Enterprise 2023.6.x, 2023.5.x, 2023.4.x, 2023.3.x, 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x
  • Puppet >= 7.0.0 < 9.0.0
  • , , , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'simp-simp_openldap', '6.9.1'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add simp-simp_openldap
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install simp-simp_openldap --version 6.9.1

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Tags: ldap, openldap, pki, simp


simp/simp_openldap — version 6.9.1 Oct 18th 2023

License CII Best Practices Puppet Forge Puppet Forge Downloads Build Status

This is a SIMP module

This module is a component of the System Integrity Management Platform, a compliance-management framework built on Puppet.

If you find any issues, they can be submitted to our JIRA.

Please read our Contribution Guide.

Table of Contents


This module provides a SIMP-oriented profile for configuring OpenLDAP server and client components.

See for API documentation.

This is a SIMP module

This module is a component of the System Integrity Management Platform, a compliance-management framework built on Puppet.

If you find any issues, they can be submitted to our JIRA.

Please read our Contribution Guide

This module is optimally designed for use within a larger SIMP ecosystem, but it can be used independently:

  • When included within the SIMP ecosystem, security compliance settings will be managed from the Puppet server.

  • If used independently, all SIMP-managed security subsystems are disabled by default and must be explicitly opted into by administrators. Please review the simp-simp_options module for details.


What simp_openldap affects

  • Installs LDAP client applications for interacting with an LDAP server
  • Installs and configures OpenLDAP for TLS-enabled communication using both legacy TLS and STARTTLS
  • Provides access control capabilities

NOTE: As a convenience, this module will configure /root/.ldaprc with global variables that facilitate LDAP client communication, only if the file does not already exist. This behavior prevents the module from modifying any custom configuration you have created, but also means the file will not be updated when you make module configuration changes that would result in different /root/.ldaprc content (e.g., enable/disable use of TLS, change the TLS certificate filenames, or change the root directory for TLS certificates). You must remove /root/.ldaprc and run puppet to pick up the changes.

Using simp_openldap

As a client

To use this module for an LDAP client system, just include the class:

include 'simp_openldap'

As a server

To use the module to configure an LDAP server, include the following:

include 'simp_openldap::server'

This will configure a server with TLS and STARTTLS enabled. It will also populate the directory with a basic LDAP schema suitable for UNIX-system logins.

To configure the password policy, you will also need to include the simp_openldap::slapo::ppolicy class PRIOR TO INITIAL CONFIGURATION. Once the LDAP server has been configured, it will not update any data inside of the LDAP server itself, only the surrounding configuration.

For additional information, please see the SIMP Documentation.

Advanced configuration

It is possible to configure most aspects of the OpenLDAP server through this module. However, this gets complex quickly. The SIMP Documentation has some examples. Additional examples can be found in the acceptance tests.


SIMP Puppet modules are generally intended for use on Red Hat Enterprise Linux and compatible distributions, such as CentOS. Please see the metadata.json file for the most up-to-date list of supported operating systems, Puppet versions, and module dependencies.


Please see the SIMP Contribution Guidelines.

Acceptance tests

This module includes Beaker acceptance tests using the SIMP Beaker Helpers. By default the tests use Vagrant with VirtualBox as a back-end; Vagrant and VirtualBox must both be installed to run these tests without modification. To execute the tests run the following:

bundle install
bundle exec rake beaker:suites

Please refer to the SIMP Beaker Helpers documentation for more information.

Some environment variables may be useful:

  • BEAKER_debug: show the commands being run on the STU and their output.
  • BEAKER_destroy=no: prevent the machine destruction after the tests finish so you can inspect the state.
  • BEAKER_provision=no: prevent the machine from being recreated. This can save a lot of time while you're writing the tests.
  • BEAKER_use_fixtures_dir_for_modules=yes: cause all module dependencies to be loaded from the spec/fixtures/modules directory, based on the contents of .fixtures.yml. The contents of this directory are usually populated by bundle exec rake spec_prep. This can be used to run acceptance tests to run on isolated networks.