Browse Source

Add slapd state to configure LDAP servers.

  slapd.confs are store within the private repo :)

Signed-off-by: Maximilian Wilhelm <max@sdn.clinic>
Maximilian Wilhelm 1 year ago
parent
commit
ebaf2828e5
2 changed files with 80 additions and 0 deletions
  1. 30 0
      slapd/init.sls
  2. 50 0
      slapd/slapd.default

+ 30 - 0
slapd/init.sls

@@ -0,0 +1,30 @@
+#
+# LDAP server configuration
+#
+
+slapd:
+  pkg.installed:
+    - name: slapd
+  service.running:
+    - restart: True
+
+ldap-utils:
+  pkg.installed
+
+# Remove slapd.d config directory
+/etc/ldap/slapd.d:
+  file.absent
+
+# Install proper slapd.conf
+/etc/ldap/slapd.conf:
+  file.managed:
+    - source: salt://slapd/slapd.conf.H_{{ grains.id }}
+    - watch_in:
+      - service: slapd
+
+# Listen on ldaps!
+/etc/default/slapd:
+  file.managed:
+    - source: salt://slapd/slapd.default
+    - watch_in:
+      - service: slapd

+ 50 - 0
slapd/slapd.default

@@ -0,0 +1,50 @@
+#
+# /etc/default/slapd (Salt managed)
+#
+
+# Default location of the slapd.conf file or slapd.d cn=config directory. If
+# empty, use the compiled-in default (/etc/ldap/slapd.d with a fallback to
+# /etc/ldap/slapd.conf).
+SLAPD_CONF=
+
+# System account to run the slapd server under. If empty the server
+# will run as root.
+SLAPD_USER="openldap"
+
+# System group to run the slapd server under. If empty the server will
+# run in the primary group of its user.
+SLAPD_GROUP="openldap"
+
+# Path to the pid file of the slapd server. If not set the init.d script
+# will try to figure it out from $SLAPD_CONF (/etc/ldap/slapd.conf by
+# default)
+SLAPD_PIDFILE=
+
+# slapd normally serves ldap only on all TCP-ports 389. slapd can also
+# service requests on TCP-port 636 (ldaps) and requests via unix
+# sockets.
+# Example usage:
+# SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:/// ldapi:///"
+#SLAPD_SERVICES="ldap:/// ldapi:///"
+SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:/// ldapi:///"
+
+# If SLAPD_NO_START is set, the init script will not start or restart
+# slapd (but stop will still work).  Uncomment this if you are
+# starting slapd via some other means or if you don't want slapd normally
+# started at boot.
+#SLAPD_NO_START=1
+
+# If SLAPD_SENTINEL_FILE is set to path to a file and that file exists,
+# the init script will not start or restart slapd (but stop will still
+# work).  Use this for temporarily disabling startup of slapd (when doing
+# maintenance, for example, or through a configuration management system)
+# when you don't want to edit a configuration file.
+SLAPD_SENTINEL_FILE=/etc/ldap/noslapd
+
+# For Kerberos authentication (via SASL), slapd by default uses the system
+# keytab file (/etc/krb5.keytab).  To use a different keytab file,
+# uncomment this line and change the path.
+#export KRB5_KTNAME=/etc/krb5.keytab
+
+# Additional options to pass to slapd
+SLAPD_OPTIONS=""