Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Branch: master
Fetching contributors…

Cannot retrieve contributors at this time

269 lines (233 sloc) 10.307 kB
{
"name": "openldap",
"description": "Configures a server to be an OpenLDAP master, replication slave or client for auth",
"long_description": "= DESCRIPTION:\n\nConfigures a server to be an OpenLDAP master, OpenLDAP replication slave, or OpenLDAP client.\n\n= REQUIREMENTS:\n\n== Platform:\n\nUbuntu 8.10 was primarily used in testing this cookbook. Other Ubuntu versions and Debian may work. CentOS and Red Hat are not fully supported, but we take patches.\n\n== Recipes:\n\n* openssh \n* nscd\n\n= ATTRIBUTES:\n\nBe aware of the attributes used by this cookbook and adjust the defaults for your environment where required, in attributes/openldap.rb.\n\n== Client node attributes\n\n* openldap[:basedn] - basedn \n* openldap[:server] - the LDAP server fully qualified domain name, default 'ldap'.node[:domain].\n\n== Server node attributes\n\n* openldap[:slapd_type] - master | slave\n* openldap[:slapd_rid] - unique integer ID, required if type is slave.\n* openldap[:slapd_master] - hostname of slapd master, attempts to search for slapd_type master.\n\n== Apache configuration attributes\n\nAttributes useful for Apache authentication with LDAP.\n\nCOOK-128 - set automatically based on openldap[:server] and openldap[:basedn] if those attributes are set. openldap[:auth_bindpw] remains nil by default as a default value is not easily predicted.\n\n* openldap[:auth_type] - determine whether binddn and bindpw are required (openldap no, ad yes)\n* openldap[:auth_url] - AuthLDAPURL\n* openldap[:auth_binddn] - AuthLDAPBindDN\n* openldap[:auth_bindpw] - AuthLDAPBindPassword\n\n= USAGE:\n\nEdit Rakefile variables for SSL certificate.\n\nOn client systems, \n\n include_recipe \"openldap::auth\"\n \nThis will get the required packages and configuration for client systems. This will be required on server systems as well, so this is a good candidate for inclusion in a site-cookbooks/base.\n\nOn server systems, set the server node attributes in the Chef node, or in a JSON attributes file. Include the openldap::server recipe:\n\n include_recipe \"openldap::server\"\n \nWhen initially installing a brand new LDAP master server on Ubuntu 8.10, the configuration directory may need to be removed and recreated before slapd will start successfully. Doing this programmatically may cause other issues, so fix the directory manually :-).\n\n $ sudo slaptest -F /etc/ldap/slapd.d\n str2entry: invalid value for attributeType objectClass #1 (syntax 1.3.6.1.4.1.1466.115.121.1.38)\n => ldif_enum_tree: failed to read entry for /etc/ldap/slapd.d/cn=config/olcDatabase={1}bdb.ldif\n slaptest: bad configuration directory!\n\nSimply remove the configuration, rerun chef-client. For some reason slapd isn't getting started even though the service resource is notified to start, so start it manually. \n\n $ sudo rm -rf /etc/ldap/slapd.d/ /etc/ldap/slapd.conf\n $ sudo chef-client\n $ sudo /etc/init.d/slapd start\n \n=== A note about certificates\n\nCertificates created by the Rakefile are self signed. If you have a purchased CA, that can be used. Be sure to update the certificate locations in the templates as required. We suggest copying this cookbook to the site-cookbooks for such modifications, so you can still pull from our master for updates, and then merge your changes in.\n \n== NEW DIRECTORY:\n\nIf installing for the first time, the initial directory needs to be created. Create an ldif file, and start populating the directory.\n \n== PASSWORDS:\n\nSet the password, openldap[:rootpw] for the rootdn in the node's attributes. This should be a password hash generated from slappasswd. The default slappasswd command on Ubuntu 8.10 and Mac OS X 10.5 will generate a SHA1 hash:\n\n $ slappasswd -s \"secretsauce\"\n {SSHA}6BjlvtSbVCL88li8IorkqMSofkLio58/\n \nSet this by default in the attributes file, or on the node's entry in the webui. \n \n== LICENSE & AUTHOR:\n\nAuthor:: Joshua Timberman (<joshua@opscode.com>)\nCopyright:: 2009, Opscode, Inc\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n",
"maintainer": "Opscode, Inc.",
"maintainer_email": "cookbooks@opscode.com",
"license": "Apache 2.0",
"platforms": {
"ubuntu": [
],
"debian": [
]
},
"dependencies": {
"openssh": [
],
"nscd": [
]
},
"recommendations": {
},
"suggestions": {
},
"conflicting": {
},
"providing": {
},
"replacing": {
},
"attributes": {
"openldap/basedn": {
"display_name": "OpenLDAP BaseDN",
"description": "BaseDN for the LDAP directory",
"default": "dc=domain,dc=com",
"choice": [
],
"calculated": false,
"type": "string",
"required": "optional",
"recipes": [
]
},
"openldap/server": {
"display_name": "OpenLDAP Server",
"description": "LDAP Server, used for URIs",
"default": "ldap.domain",
"choice": [
],
"calculated": false,
"type": "string",
"required": "optional",
"recipes": [
]
},
"openldap/rootpw": {
"display_name": "OpenLDAP Root Password",
"description": "Password for 'admin' root user, should be a SHA hash that OpenLDAP supports",
"default": "nil",
"choice": [
],
"calculated": false,
"type": "string",
"required": "optional",
"recipes": [
]
},
"openldap/dir": {
"display_name": "OpenLDAP Dir",
"description": "Main configuration directory for OpenLDAP",
"default": "/etc/ldap",
"choice": [
],
"calculated": false,
"type": "string",
"required": "optional",
"recipes": [
]
},
"openldap/run_dir": {
"display_name": "OpenLDAP Run Directory",
"description": "Run directory for LDAP server processes",
"default": "/var/run/slapd",
"choice": [
],
"calculated": false,
"type": "string",
"required": "optional",
"recipes": [
]
},
"openldap/module_dir": {
"display_name": "OpenLDAP Module Directory",
"description": "Location for OpenLDAP add-on modules",
"default": "/usr/lib/ldap",
"choice": [
],
"calculated": false,
"type": "string",
"required": "optional",
"recipes": [
]
},
"openldap/ssl_dir": {
"display_name": "OpenLDAP SSL Directory",
"description": "Location for LDAP SSL certificates",
"default": "openldap_dir/ssl",
"choice": [
],
"calculated": false,
"type": "string",
"required": "optional",
"recipes": [
]
},
"openldap/cafile": {
"display_name": "OpenLDAP CA File",
"description": "Location for CA certificate",
"default": "openldap_dir_ssl/ca.crt",
"choice": [
],
"calculated": false,
"type": "string",
"required": "optional",
"recipes": [
]
},
"openldap/slapd_type": {
"display_name": "OpenLDAP Slapd Type",
"description": "Whether the server is a master or slave",
"default": "nil",
"choice": [
],
"calculated": false,
"type": "string",
"required": "optional",
"recipes": [
]
},
"openldap/slapd_master": {
"display_name": "OpenLDP Slapd Master",
"description": "Search nodes for attribute slapd_type master, for slaves",
"default": "nil",
"choice": [
],
"calculated": false,
"type": "string",
"required": "optional",
"recipes": [
]
},
"openldap/slapd_replpw": {
"display_name": "OpenLDAP Slapd Replication Password",
"description": "Password for slaves to replicate from master",
"default": "nil",
"choice": [
],
"calculated": false,
"type": "string",
"required": "optional",
"recipes": [
]
},
"openldap/slapd_rid": {
"display_name": "OpenLDAP Slapd Replication ID",
"description": "Slave's ID, must be unique",
"default": "102",
"choice": [
],
"calculated": false,
"type": "string",
"required": "optional",
"recipes": [
]
},
"openldap/auth_type": {
"display_name": "OpenLDAP Auth Type",
"description": "Used in Apache configs, AuthBasicProvider",
"default": "openldap",
"choice": [
],
"calculated": false,
"type": "string",
"required": "optional",
"recipes": [
]
},
"openldap/auth_binddn": {
"display_name": "OpenLDAP Auth BindDN",
"description": "Used in auth_url and Apache configs, AuthBindDN",
"default": "ou=people,openldap_basedn",
"choice": [
],
"calculated": false,
"type": "string",
"required": "optional",
"recipes": [
]
},
"openldap/auth_bindpw": {
"display_name": "OpenLDAP Auth Bind Password",
"description": "Used in Apache configs, AuthBindPassword",
"default": "nil",
"choice": [
],
"calculated": false,
"type": "string",
"required": "optional",
"recipes": [
]
},
"openldap/auth_url": {
"display_name": "OpenLDAP Auth URL",
"description": "Used in Apache configs, AuthLDAPURL",
"default": "ldap://openldap_server/openldap_auth_binddn?uid?sub?(objectClass=*)",
"choice": [
],
"calculated": false,
"type": "string",
"required": "optional",
"recipes": [
]
}
},
"groupings": {
},
"recipes": {
"openldap": "Empty, use one of the other recipes",
"openldap::auth": "Set up openldap for user authentication",
"openldap::client": "Install openldap client packages",
"openldap::server": "Set up openldap to be a slapd server"
},
"version": "0.9.3"
}
Jump to Line
Something went wrong with that request. Please try again.