GitHub puppet-openldap
Manage OpenLDAP with Puppet

Repo Checks ( 19 of 26 successfull )
Metadata Valid
No translation
passed
Correct Puppet Version Range
Supported Puppet version range is %{PUPPET_SUPPORT_RANGE}
passed
With Puppet Version Range
Puppet version range is present in requirements in metadata.json
passed
With Operatingsystem Support
No translation
passed
Operatingsystems
No translation
passed
Supports Only Current Debian
No translation
passed
Supports Latest Debian
No translation
passed
Supports Only Current Ubuntu
No translation
passed
Supports Latest Ubuntu
No translation
failed
Supports Only Current Sles
No translation
passed
Supports Latest Sles
No translation
failed
Supports Only Current Opensuse
No translation
passed
Supports Latest Opensuse
No translation
failed
Supports Only Current Redhat
No translation
passed
Supports Latest Redhat
No translation
failed
Supports Only Current Centos
No translation
passed
Supports Latest Centos
No translation
failed
Supports Only Current Freebsd
No translation
passed
Supports Latest Freebsd
No translation
passed
In Modulesync Repo
Is listed as a module managed using modulesync_config
passed
Synced
Has a .msync.yml file
passed
Latest Modulesync
Has been synchronized with the latest tagged version of modulesync_config
failed
Has Modulesync
Is present in voxpupuli/modulesync_config/managed_modules.yml
passed
Released
Is in modulesync_config and in forge releases.
passed
Valid Sync File
If a (optional) sync file is present, it must not contain a `.travis.yml` entry.
passed
Reference Dot Md
The repository has a REFERENCE.md. It needs to be generated / puppet-strings documentation is missing.
failed

Open Pull Requests

Fix unsafe interpolations

We now have puppet-lint-checkunsafeinterpolations and it detect some
issues. Fix them.

Open PR in GitHub
Fix readonly handling
bug

Pull Request (PR) description

The database readonly properly expects a boolean, but the olc
provider doesn't take care to parse the existing value into a boolean,
thus leading to issues.

Simply applies the same logic applied to olcMirrorMode for
olcReadOnly.

This Pull Request (PR) fixes the following issues

n/a

Open PR in GitHub
Changing database access
backwards-incompatible

Pull Request (PR) description

In my opinion, it would be logical to grant access to the RootDN if it is set and not to the abstract admin.

This Pull Request (PR) fixes the following issues

Open PR in GitHub
modulesync 5.4.0
modulesync

modulesync 5.4.0

Open PR in GitHub
Allow spaces in targets of olcAccess statements

Pull Request (PR) description

Since it's entirely possible to have a distinguished name of style

o=My Cool Organization

even for the root of the database, we really need to respect the proper
handling of spacey arguments to olcAccess (with the relevant quotes
around them).

This Pull Request (PR) fixes the following issues

n/a

Open PR in GitHub
Allow for an outsider package on RHEL8+

In openldap::server::config, if redhat 8-or-newer, there's a systemd::dropin_file that makes a startup file so you can tune the user /usr/sbin/slapd runs as.

The problem is, there's a subtle assumption here that your binary is actually /usr/sbin/slapd. Ever since RHEL7.4, the openldap-servers has been deprecated, so some of us have pivoted over to using Symas' packages, which installs everything in /opt. That is, Puppet says to use /usr/sbin/slapd "because you're on RHEL8" (wrong), instead of "because you're using a RHEL-styled package". So this makes it more explicit why you're using this file, and takes it away when you use a different package.

"Why not just symlink slapd?" Tried, didn't work. systemd was not pleased by this.
"Why not just make the fully-pathed slapd executable be a parameter which defaults to /usr/sbin/slapd". Thought about it. But for the most part I'm thinking "this file adds unnecessary noise" so I went for the path of least surprise and removed it.

Open PR in GitHub
Don't delete temporary file before using it

<!--
Thank you for contributing to this project!

-->

Pull Request (PR) description

I encountered an LDAP error 80 (LDAP_OTHER) whilst adding SSL certificates:

class { 'openldap::server':
ssl_cert => '/etc/ssl/certs/foo.com.crt',
ssl_key => '/etc/ssl/private/foo.com.key',
ssl_ca => '/etc/ssl/certs/foo.com.ca-bundle',
}

This Pull Request (PR) fixes the following issues

Doesn't delete temporary files before they're used

Open PR in GitHub
Fix readonly database property

The database readonly property expects a boolean, but the olc provider doesn't take care to parse the existing value into a boolean, thus leading to issues.

Simply applies the same logic applied to olcMirrorMode for olcReadOnly.

Fixes #207
Fixes #358

Open PR in GitHub
Allow RHEL8+ to configure the slapd binary when needed

In openldap::server::config, if redhat 8-or-newer, there's a systemd::dropin_file that makes a startup file so you can tune the user /usr/sbin/slapd runs as.

The problem is, there's a subtle assumption here that your binary is actually /usr/sbin/slapd. Ever since RHEL7.4, the openldap-servers has been deprecated, so some of us have pivoted over to using Symas' packages, which installs everything in /opt. That is, Puppet says to use /usr/sbin/slapd "because you're on RHEL8" (wrong), instead of "because you're using a RHEL-styled package".

Supersedes #429 . 429 is a better fix by dropping the systemd hack file altogether when you use a non-RH package. As we roll towards RHEL9 and everyone is having to use non-RH packages, more folks will see that, but minimally this starts unblocking the path to get there.

Closes #429

Open PR in GitHub