Skip to content
Browse files

Added ipa::server::user, ipa::server::config and newer diff engine.

This patch could probably be split into separate pieces but we're in
hack mode, so why bother? It does however add some important pieces.

* The ipa::server::config type lets you set config options. Available
options are listed in the code. Some of these aren't enabled yet because
they weren't needed at the moment. Have a look at the code to see.

* The ipa::server::user type lets you manage users in the same style
that you used for managing hosts or services. Many admins will want to
use this feature for including their "core" administrative users, and
set user_excludes so that the rest of the database can be managed
manually. See the example for some hints on getting started.
Be careful not to wipe your user database! Test with --noop first :)

* The difference engine was essentially rewritten from scratch.
The original version was quite simply, a hack. It soon became too
crufty, and with the need to add more types such as user, a clean engine
was needed. All difference checking now happens with individual
comparator functions. They support function decorators to make it easy
to wrangle the arg data and the ipa to see if they are really different.

Please test extensively, and let me know how you like this code. Thanks!

  • Loading branch information...
purpleidea committed Jul 9, 2013
1 parent 7b8a118 commit ba515e13968bf83902735cfb7be33556db6ae4ec
Showing with 1,318 additions and 132 deletions.
  1. +45 −0 examples/simple-usage3.pp
  2. +501 −128 files/
  3. +772 −4 manifests/init.pp
@@ -0,0 +1,45 @@
# here is an example of how to use user excludes and types:

# on the ipa server:
# NOTE: the 'admin' user is automatically excluded from being auto purged...
class { '::ipa::server':
shorewall => true,
user_excludes => [
"^test[0-9]{1,}\$", # test\d

# create an unmanaged user
ipa::server::user { 'james':
first => 'James',
last => 'Shubin',
modify => false,
watch => false,

# create a managed user
ipa::server::user { 'ntesla':
first => 'Nikola',
last => 'Tesla',
city => 'Shoreham',
state => 'New York',
postalcode => '11786',

# create a user using a full principal as the primary key
# NOTE: the principal itself can't be edited without a remove/add
ipa::server::user { 'aturing/admin@EXAMPLE.COM':
first => 'Alan',
last => 'Turning',
random => true, # set a password randomly
password_file => true, # store the password in plain text ! (bad)

# create a user by principal but without the instance set
ipa::server::user { 'arthur@EXAMPLE.COM':
first => 'Arthur',
last => 'Guyton',
jobtitle => 'Physiologist',
orgunit => 'Research',

0 comments on commit ba515e1

Please sign in to comment.
You can’t perform that action at this time.