Enable LDAP in autofs

data/Debian.yaml

@@ -0,0 +1,2 @@
+---
+autofs::service_conf_path: '/etc/default/autofs'

data/common.yaml

@@ -10,3 +10,14 @@ autofs::auto_master_map: /etc/auto.master
 autofs::map_file_owner: root
 autofs::map_file_group: root
 autofs::reload_command: null
+autofs::manage_service_config: false
+autofs::manage_ldap_auth_conf: false
+autofs::service_use_misc_device: 'yes'
+autofs::service_options: ~
+autofs::service_conf_options: ~
+autofs::service_conf_path: '/etc/sysconfig/autofs'
+autofs::ldap_auth_conf_path: /etc/autofs_ldap_auth.conf
+autofs::ldap_auth_config:
+  usetls: 'no'
+  tlsrequired: 'no'
+  authrequired: 'no'

manifests/init.pp

@@ -90,10 +90,18 @@
   String $auto_master_map,
   String $map_file_owner,
   String $map_file_group,
+  Boolean $manage_service_config,
+  Boolean $manage_ldap_auth_conf,
+  Enum['no', 'yes'] $service_use_misc_device,
+  Optional[Stdlib::Absolutepath] $ldap_auth_conf_path,
+  Optional[Hash] $ldap_auth_config,
+  Optional[Stdlib::Absolutepath] $service_conf_path,
   Optional[Hash[String, Hash]] $mapfiles = undef,
   Optional[Hash[String, Hash]] $maps = undef,  # deprecated
   Optional[String] $package_source = undef,
   Optional[String] $reload_command = undef,
+  Optional[Array[String]] $service_options = undef,
+  Optional[Hash] $service_conf_options = undef,
 ) {
   contain 'autofs::package'
   unless $package_ensure == 'absent' {

manifests/service.pp

@@ -18,6 +18,37 @@
 #
 class autofs::service {
   assert_private('Service class is private, please use main class parameters.')
+
+  if $autofs::manage_service_config {
+    # Only manage the file if the path is set
+    if $autofs::service_conf_path {
+      file { 'autofs_service_config':
+        ensure  => 'file',
+        content => template('autofs/service_conf.erb'),
+        group   => $autofs::map_file_group,
+        mode    => '0644',
+        notify  => Service[$autofs::service_name],
+        owner   => $autofs::map_file_owner,
+        path    => $autofs::service_conf_path,
+      }
+    }
+  }
+
+  if $autofs::manage_ldap_auth_conf {
+    # Only manage the file if the path is set
+    if $autofs::ldap_auth_conf_path {
+      file { 'autofs_ldap_auth_config':
+        ensure  => 'file',
+        content => template('autofs/autofs_ldap_auth.conf.erb'),
+        group   => $autofs::map_file_group,
+        mode    => '0600',
+        notify  => Service[$autofs::service_name],
+        owner   => $autofs::map_file_owner,
+        path    => $autofs::ldap_auth_conf_path,
+      }
+    }
+  }
+
   service { $autofs::service_name:
     ensure     => $autofs::service_ensure,
     enable     => $autofs::service_enable,

spec/classes/autofs_spec.rb

@@ -34,6 +34,8 @@
         it { is_expected.to contain_service(service).that_requires("Package[#{package}]") }
         it { is_expected.to contain_service(service).with_ensure('running') }
         it { is_expected.to contain_service(service).with_enable(true) }
+        it { is_expected.not_to contain_file('autofs_service_config') }
+        it { is_expected.not_to contain_file('autofs_ldap_auth_config') }
       end
 
       context 'disable package' do
@@ -111,6 +113,81 @@
           is_expected.to compile.and_raise_error(%r{parameter 'mounts' expects a Hash value})
         end
       end
+
+      context 'with $manage_service_config enabled' do
+        let(:params) { { manage_service_config: true } }
+
+        it { is_expected.to compile.with_all_deps }
+
+        it {
+          is_expected.to contain_file('autofs_service_config').with_content(%r{USE_MISC_DEVICE="yes"})
+        }
+      end
+
+      context 'with $manage_service_config enabled with options' do
+        let(:params) {
+          { manage_service_config: true,
+            service_conf_options: {
+              LDAP_URI: 'ldap://ldap.example.org',
+              SEARCH_BASE: 'dc=example,dc=org',
+              MAP_OBJECT_CLASS: 'automountMap',
+              ENTRY_OBJECT_CLASS: 'automount',
+              MAP_ATTRIBUTE: 'ou',
+              ENTRY_ATTRIBUTE: 'cn',
+              VALUE_ATTRIBUTE: 'automountInformation',
+            }
+          }
+        }
+
+        it { is_expected.to compile.with_all_deps }
+
+        it {
+          is_expected.to contain_file('autofs_service_config')
+            .with_content(%r{LDAP_URI=ldap:\/\/ldap\.example\.org})
+            .with_content(%r{SEARCH_BASE=dc=example,dc=org})
+            .with_content(%r{MAP_OBJECT_CLASS=automountMap})
+            .with_content(%r{ENTRY_OBJECT_CLASS=automount})
+            .with_content(%r{MAP_ATTRIBUTE=ou})
+            .with_content(%r{ENTRY_ATTRIBUTE=cn})
+            .with_content(%r{VALUE_ATTRIBUTE=automountInformation})
+        }
+      end
+
+      context 'with $manage_ldap_auth_conf enabled' do
+        let(:params) { { manage_ldap_auth_conf: true } }
+
+        it { is_expected.to compile.with_all_deps }
+
+        it {
+          is_expected.to contain_file('autofs_ldap_auth_config')
+            .with_content(%r{authrequired="no"})
+            .with_content(%r{tlsrequired="no"})
+            .with_content(%r{usetls="no"})
+        }
+      end
+
+      context 'with $manage_ldap_auth_conf enabled with options' do
+        let(:params) {
+          {
+            manage_ldap_auth_conf: true,
+            ldap_auth_config: {
+              usetls: 'yes',
+              tlsrequired: 'yes',
+              authrequired: 'yes',
+            }
+          }
+        }
+
+        it { is_expected.to compile.with_all_deps }
+
+        it {
+          is_expected.to contain_file('autofs_ldap_auth_config')
+            .with_content(%r{authrequired="yes"})
+            .with_content(%r{tlsrequired="yes"})
+            .with_content(%r{usetls="yes"})
+        }
+      end
+
     end
   end
 end

templates/autofs_ldap_auth.conf.erb

@@ -0,0 +1,19 @@
+<?xml version="1.0" ?>
+<!--
+This files contains a single entry with multiple attributes tied to it.
+See autofs_ldap_auth.conf(5) for more information.
+###############################################################
+#                                                             #
+# THIS FILE IS MANAGED BY PUPPET. ANY CHANGES MADE TO THIS    #
+#   FILE WILL BE REVERTED BACK ON THE NEXT PUPPET RUN.        #
+#                                                             #
+###############################################################
+-->
+
+<autofs_ldap_sasl_conf
+<% if scope['autofs::ldap_auth_config'] and scope['autofs::ldap_auth_config'].is_a?(Hash) -%>
+<% scope['autofs::ldap_auth_config'].sort.map do |key, value| -%>
+  <%= key %>="<%= value %>"
+<% end -%>
+<% end -%>
+/>

templates/service_conf.erb

@@ -0,0 +1,30 @@
+#
+###############################################################
+#                                                             #
+# THIS FILE IS MANAGED BY PUPPET. ANY CHANGES MADE TO THIS    #
+#   FILE WILL BE REVERTED BACK ON THE NEXT PUPPET RUN.        #
+#                                                             #
+###############################################################
+#
+# Init system options
+#
+# If the kernel supports using the autofs miscellanous device
+# and you wish to use it you must set this configuration option
+# to "yes" otherwise it will not be used.
+#
+USE_MISC_DEVICE="<%= scope['autofs::service_use_misc_device'] %>"
+#
+# Use OPTIONS to add automount(8) command line options that
+# will be used when the daemon is started.
+#
+<% if scope['autofs::service_options'] and scope['autofs::service_options'].is_a?(Array) -%>
+OPTIONS="<% scope['autofs::service_options'].each do |opt| %><%= opt %> <% end -%>"
+<% else -%>
+#OPTIONS=""
+<% end -%>
+#
+<% if scope['autofs::service_conf_options'] and scope['autofs::service_conf_options'].is_a?(Hash) -%>
+<% scope['autofs::service_conf_options'].sort.map do |key, value| -%>
+<%= key %>=<%= value %>
+<% end -%>
+<% end -%>