ldap server
Overview
This resource allows you to register an LDAP server. Here is an example on how to use this:
ldap_server { 'my_ldap_server':
address => '192.168.59.10:215',
user_dn => 'cn=admin,dc=example,dc=org',
password => 'welcome1',
use_ssl => true,
verify_ssl => false,
}
The ldap_principal type uses this information to connect to the server.
Attributes
Attribute Name | Short Description |
---|---|
address | The url to connect to. |
base | The dc component of all queries done at the LDAP server. |
disable_corrective_change | Disable the modification of a resource when Puppet decides it is a corrective change. |
disable_corrective_ensure | Disable the creation or removal of a resource when Puppet decides is a corrective change. |
ensure | The basic property that the resource should be in. |
name | The name of the LDAP server. |
password | The password used to connect to the LDAP server. |
port | The port number the LDAP server can be connected on. |
provider | resource. |
transform | The transformation function that will be applied to specified attributes. |
use_ssl | Use an SSL connection to the LDAP server. |
user_dn | The user dn used to connect to the LDAP server and administer its content. |
verify_ssl | Verify the SSL connection. |
address
The url to connect to.
ldap_server {my_ldap_server: … address => ‘192.168.59.10’, … }
Back to overview of ldap_server
base
The dc component of all queries done at the LDAP server.
ldap_server {ldap_server: … base => ‘dc=example,dc=org’, … }
Back to overview of ldap_server
disable_corrective_change
Disable the modification of a resource when Puppet decides it is a corrective change.
(requires easy_type V2.11.0 or higher)
When using a Puppet Server, Puppet knows about adaptive and corrective changes. A corrective change is when Puppet notices that the resource has changed, but the catalog has not changed. This can occur for example, when a user, by accident or willingly, changed something on the system that Puppet is managing. The normal Puppet process then repairs this and puts the resource back in the state as defined in the catalog. This process is precisely what you want most of the time, but not always. This can sometimes also occur when a hardware or network error occurs. Then Puppet cannot correctly determine the current state of the system and thinks the resource is changed, while in fact, it is not. Letting Puppet recreate remove or change the resource in these cases, is NOT wat you want.
Using the disable_corrective_change
parameter, you can disable corrective changes on the current resource.
Here is an example of this:
crucial_resource {'be_carefull':
...
disable_corrective_change => true,
...
}
When a corrective ensure does happen on the resource Puppet will not modify the resource and signal an error:
Error: Corrective change present requested by catalog, but disabled by parameter disable_corrective_change
Error: /Stage[main]/Main/Crucial_resource[be_carefull]/parameter: change from '10' to '20' failed: Corrective change present requested by catalog, but disabled by parameter disable_corrective_change. (corrective)
Back to overview of ldap_server
disable_corrective_ensure
Disable the creation or removal of a resource when Puppet decides is a corrective change.
(requires easy_type V2.11.0 or higher)
When using a Puppet Server, Puppet knows about adaptive and corrective changes. A corrective change is when Puppet notices that the resource has changed, but the catalog has not changed. This can occur for example, when a user, by accident or willingly, changed something on the system that Puppet is managing. The normal Puppet process then repairs this and puts the resource back in the state as defined in the catalog. This process is precisely what you want most of the time, but not always. This can sometimes also occur when a hardware or network error occurs. Then Puppet cannot correctly determine the current state of the system and thinks the resource is changed, while in fact, it is not. Letting Puppet recreate remove or change the resource in these cases, is NOT wat you want.
Using the disable_corrective_ensure
parameter, you can disable corrective ensure present or ensure absent actions on the current resource.
Here is an example of this:
crucial_resource {'be_carefull':
ensure => 'present',
...
disable_corrective_ensure => true,
...
}
When a corrective ensure does happen on the resource Puppet will not create or remove the resource and signal an error:
Error: Corrective ensure present requested by catalog, but disabled by parameter disable_corrective_ensure.
Error: /Stage[main]/Main/Crucial_resource[be_carefull]/ensure: change from 'absent' to 'present' failed: Corrective ensure present requested by catalog, but disabled by parameter disable_corrective_ensure. (corrective)
Back to overview of ldap_server
ensure
The basic property that the resource should be in.
Valid values are present
, absent
.
Back to overview of ldap_server
name
The name of the LDAP server. This can be any name you wish to give it and is in no way related to the FQDN.
Back to overview of ldap_server
password
The password used to connect to the LDAP server.
ldap_server {ldap_server: … password => ‘very_secret’, … }
Back to overview of ldap_server
port
The port number the LDAP server can be connected on.
ldap_server {my_ldap_server: … port => 389, … }
Back to overview of ldap_server
provider
The specific backend to use for this ldap_server
resource. You will seldom need to specify this — Puppet will usually discover the appropriate provider for your platform.Available providers are:
- simple
- Manage LDAP server access through yaml file
Back to overview of ldap_server
transform
The transformation function that will be applied to specified attributes.
Here is an example.
ldap_server { 'docker:cn=gonzo,dc=example,dc=org':
...
replace_behaviour => ['userPassword','givenName'],
transform => {'userPassword' => 'hashed'},
}
In this definition, the value specified at the attribute ‘userPassword’, will first be presented to the Puppet function hashed_compare
and then compared with the value returned from the ldap server. The specified function will NOT be applied before sending the value to the LDAP server.
You can use this when the LDAP server requires unhashed passwords on applying, but returns the hashed password. Because Puppet only applies the transform function for comparisson, you can use regular password values in your manifest.
Back to overview of ldap_server
use_ssl
Use an SSL connection to the LDAP server.
Here is an example on how to use this.
ldap_server{my_ldap_server:
...
use_ssl => 'yes',
...
}
Valid values are yes
, no
.
Back to overview of ldap_server
user_dn
The user dn used to connect to the LDAP server and administer its content.
Here is an example on how to use this:
ldap_server {my_ldap_server:
...
user_dn => 'cn=admin,dc=example,dc=org',
...
}
Back to overview of ldap_server
verify_ssl
Verify the SSL connection. e.g. Check if it has a valid SSL key.
here is an example on how to use this:
ldap_server{my_ldap_server:
...
verify_ssl => 'yes',
...
}
Valid values are yes
, no
.