Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Puppet module that install a complete suite of directory services and configures clients
Branch: master

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.


Authentication and authorizaton are typically not well managed.  At many
companies, employees will have numerous passwords (and possibly usernames)
that are all needed on a daily basis to do their jobs.  The results in a slew
of bad practices such as:

* Writing down passwords.
* Sharing passwords.
* Never changing passwords.
* Not fully removing access for an employee who leaves the company.

Having a centralized authentication and authorization point makes all of these
things less likely to occur.  Unfortunately, the amount of time and effort
required to set this all up means that many companies don't do it or utilzed
and expensive solution such as Active Directory.

SuiteDS is a puppet module that aims to make setting up directory services as
simple as possible.  Once complete, it will do all of the following:

* Install and configure OpenLDAP with the needed schemas to play nicely with
  different operating systems.  If you specify multiple hosts in the 'server'
  array, it will configure them to do n-way multimaster replication.  The
  memberof overlay is also used to allow us to easily restrict access based
  on group membership.

* Install and configure kerberos utilizing openldap to store it's data.  This
  allows kerberos to be truely HA as all needed data is replicated to all of
  the other servers.

* Install and configure FreeRADIUS to allow integration with wireless access
  points and other networking devices that need it without maintaining a
  separate user data base.

* Install and configure all the software necessary to make linux boxes play
  nicely with these services.

* Provide configuration information to Mac OS X clients to make configuring
  them extremely easy.

Until recently, I've been focusing on makeing this all work under ubuntu.
However, I've just recently discoverd that to support PEAP authentication via
radius, I must store the NTLM hashes in the directory along side the existing
password hash.  There is an overlay for slapd to automatically keep these both
in sync, but ubuntu has decided that they would rather go to the effort of
removing this bit from their packages.  So now I am shifting my focus to Debian
and will add support for rpm based distros later.
Something went wrong with that request. Please try again.