We now have puppet-lint-checkunsafeinterpolations and it detect some
issues. Fix them.
Pull Request (PR) description
The database readonly properly expects a boolean, but the olc
provider doesn't take care to parse the existing value into a boolean,
thus leading to issues.
Simply applies the same logic applied to olcMirrorMode for
olcReadOnly.
This Pull Request (PR) fixes the following issues
n/a
Pull Request (PR) description
In my opinion, it would be logical to grant access to the RootDN if it is set and not to the abstract admin.
This Pull Request (PR) fixes the following issues
Pull Request (PR) description
Since it's entirely possible to have a distinguished name of style
o=My Cool Organization
even for the root of the database, we really need to respect the proper
handling of spacey arguments to olcAccess (with the relevant quotes
around them).
This Pull Request (PR) fixes the following issues
n/a
In openldap::server::config, if redhat 8-or-newer, there's a systemd::dropin_file that makes a startup file so you can tune the user /usr/sbin/slapd runs as.
The problem is, there's a subtle assumption here that your binary is actually /usr/sbin/slapd. Ever since RHEL7.4, the openldap-servers has been deprecated, so some of us have pivoted over to using Symas' packages, which installs everything in /opt. That is, Puppet says to use /usr/sbin/slapd "because you're on RHEL8" (wrong), instead of "because you're using a RHEL-styled package". So this makes it more explicit why you're using this file, and takes it away when you use a different package.
"Why not just symlink slapd?" Tried, didn't work. systemd was not pleased by this.
"Why not just make the fully-pathed slapd executable be a parameter which defaults to /usr/sbin/slapd". Thought about it. But for the most part I'm thinking "this file adds unnecessary noise" so I went for the path of least surprise and removed it.
<!--
Thank you for contributing to this project!
-->
Pull Request (PR) description
I encountered an LDAP error 80 (LDAP_OTHER) whilst adding SSL certificates:
class { 'openldap::server':
ssl_cert => '/etc/ssl/certs/foo.com.crt',
ssl_key => '/etc/ssl/private/foo.com.key',
ssl_ca => '/etc/ssl/certs/foo.com.ca-bundle',
}
This Pull Request (PR) fixes the following issues
Doesn't delete temporary files before they're used
The database readonly property expects a boolean, but the olc provider doesn't take care to parse the existing value into a boolean, thus leading to issues.
Simply applies the same logic applied to olcMirrorMode for olcReadOnly.
Fixes #207
Fixes #358
In openldap::server::config, if redhat 8-or-newer, there's a systemd::dropin_file that makes a startup file so you can tune the user /usr/sbin/slapd runs as.
The problem is, there's a subtle assumption here that your binary is actually /usr/sbin/slapd. Ever since RHEL7.4, the openldap-servers has been deprecated, so some of us have pivoted over to using Symas' packages, which installs everything in /opt. That is, Puppet says to use /usr/sbin/slapd "because you're on RHEL8" (wrong), instead of "because you're using a RHEL-styled package".
Supersedes #429 . 429 is a better fix by dropping the systemd hack file altogether when you use a non-RH package. As we roll towards RHEL9 and everyone is having to use non-RH packages, more folks will see that, but minimally this starts unblocking the path to get there.
Closes #429
