Forge Home

okta_ldap_agent

OKTA LDAP Agent for Linux

4,734 downloads

4,734 latest version

2.8 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 4.0.1 (latest)
released Jul 11th 2017
This version is compatible with:
  • , , , , Archlinux, FreeBSD

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'pjane-okta_ldap_agent', '4.0.1'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add pjane-okta_ldap_agent
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install pjane-okta_ldap_agent --version 4.0.1

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download
Tags: ldap, sso, okta

Documentation

pjane/okta_ldap_agent — version 4.0.1 Jul 11th 2017

README

-- This module contains everything needed to install, configure & start Okta LDAP Agent 05.03.10 service in Linux

Files

├── README.md
├── files
├── manifests
│   └── init.pp
└── templates
    ├── InstallOktaLDAPAgent.erb
        └── OktaLDAPAgent.erb

What's is OktaLDAPAgent?

Okta connects any person with any application on any device. It's an enterprise-grade, identity management service, built for the cloud, but compatible with many on-premises applications. With Okta, IT can manage any employee's access to any application or device. Okta runs in the cloud, on a secure, reliable, extensively audited platform, which integrates deeply with on-premises applications, directories, and identity management systems.

More info:

  • [https://support.okta.com/help/Documentation/Knowledge_Article/What-is-Okta]
  • [https://support.okta.com/help/Documentation/Knowledge_Article/87604166-LDAP-Agent-Deployment-Guide#InstallationSummary]

But, how it works?

screenshot

Using the module

    1. Just add this moodule to any role your desired machines sould match. 
    2. Edit manifests/init.pp in order to put the correct values into the variables.

Dependencies

/bin/bash
/bin/sh
ld-linux-x86-64.so.2()(64bit)
ld-linux-x86-64.so.2(GLIBC_2.3)(64bit)
libGL.so.1()(64bit)
libX11.so.6()(64bit)
libXext.so.6()(64bit)
libXi.so.6()(64bit)
libXrender.so.1()(64bit)
libXtst.so.6()(64bit)
libXxf86vm.so.1()(64bit)
libasound.so.2()(64bit)
libasound.so.2(ALSA_0.9)(64bit)
libasound.so.2(ALSA_0.9.0rc4)(64bit)
libatk-1.0.so.0()(64bit) *
libc.so.6(GLIBC_2.11)(64bit)
libcairo.so.2()(64bit)
libdl.so.2()(64bit)
libdl.so.2(GLIBC_2.2.5)(64bit)
libfontconfig.so.1()(64bit)
libfreetype.so.6()(64bit)
libgcc_s.so.1()(64bit)
libgcc_s.so.1(GCC_3.0)(64bit)
libgcc_s.so.1(GCC_3.3)(64bit)
libgcc_s.so.1(GCC_4.2.0)(64bit)
libgdk-x11-2.0.so.0()(64bit) * 
libgdk_pixbuf-2.0.so.0()(64bit) * 
libgio-2.0.so.0()(64bit)
libglib-2.0.so.0()(64bit)
libgmodule-2.0.so.0()(64bit)
libgobject-2.0.so.0()(64bit)
libgthread-2.0.so.0()(64bit)
libgtk-x11-2.0.so.0()(64bit)
libm.so.6()(64bit)
libm.so.6(GLIBC_2.2.5)(64bit)
libnsl.so.1()(64bit)
libpango-1.0.so.0()(64bit)
libpangocairo-1.0.so.0()(64bit)
libpangoft2-1.0.so.0()(64bit)
libpthread.so.0()(64bit)
libpthread.so.0(GLIBC_2.2.5)(64bit)
libpthread.so.0(GLIBC_2.3.2)(64bit)
libpthread.so.0(GLIBC_2.3.3)(64bit)
librt.so.1()(64bit)
libstdc++.so.6()(64bit)
libstdc++.so.6(CXXABI_1.3)(64bit)
libstdc++.so.6(GLIBCXX_3.4)(64bit)
libstdc++.so.6(GLIBCXX_3.4.11)(64bit)
libstdc++.so.6(GLIBCXX_3.4.9)(64bit)
libxml2.so.2()(64bit)
libxml2.so.2(LIBXML2_2.4.30)(64bit)
libxml2.so.2(LIBXML2_2.6.0)(64bit)
libxml2.so.2(LIBXML2_2.6.6)(64bit)
libxslt.so.1()(64bit)
libxslt.so.1(LIBXML2_1.0.11)(64bit)
libxslt.so.1(LIBXML2_1.0.22)(64bit)
libxslt.so.1(LIBXML2_1.0.24)(64bit)
libxslt.so.1(LIBXML2_1.1.9)(64bit)

All this dependences of course have more dependences like libpng14, and so on but dependences marked with "*" are the problematic ones with Amazon Linux. (At the bottom of this documentation you will find more info about tested & supported Linux distributions)

Install & configure information

The puppet profile will install & configure an already previously registered node agent in Okta. For the moment there's no way to automate this process, so with a node agent registered we just install & configure with puppet the RPM and put the necessary cfg files with it's proper registration keys and tokens. Just keep reading to understand how the registration process works.

  • Post-Configuration or node registration after install the agent it's a little bit tricky:

    1. Install package & configure ( puppet should do it )

    2. To register a new node in Okta:

      2.1. After the pkg has been installed you must execute:

      /opt/Okta/OktaLDAPAgent/scripts/configure_agent.sh
      

      Which is going to ask you for LDAP server configuration like, hostname/IP, admin access credentials, port, SSL, and so on.

      2.2. After that the script launches the agent and prompt you to visit an URL like this:

      https://whatever.okta.com/oauth2/auth?code=7hypd8ow
      

      Although the official documentation says that you must visit this link from the computer where you are installing the agent it's not true. You can do it from everywhere. Just copy and paste the link in a browser tab and login to Okta with your admin account. and follow the instructions on the screen.

      NOTE: This access URL/Token is only valid during a certain period of time ( minutes/hours I think )

    3. After that your node agent is configured and registered in Okta and ready to query our LDAP server(s).

And this is what we do with puppet: 

1. Install & configure the package
2. Put the previously generated config files into: 

```
/opt/Okta/OktaLDAPAgent/conf
``` 
    3. Start the service

Additional notes

Tested on:

  • Debian: OK
  • Ubuntu: OK
  • Centos 7: OK
  • RH: OK
  • Amazon Linux: KO (Reason: Dependency Hell)
  • Launch time avg: 8,7 min. (after instance launch)

Troubleshooting

If you have some problems or misconfiguration issues, take a look to the log files at:

tail -f /opt/Okta/OktaLDAPAgent/conf/*.log