[MediaWiki-commits] [Gerrit] openldap: Allow specifying an additional set of LDAP schemas - change (operations/puppet)

Muehlenhoff (Code Review) Fri, 30 Oct 2015 07:44:32 -0700

Muehlenhoff has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/250010


Change subject: openldap: Allow specifying an additional set of LDAP schemas
......................................................................

openldap: Allow specifying an additional set of LDAP schemas

Bug: T101299
Change-Id: I376e2d320fc555cb069c27f9b18d7cd4af6879ad
---
M modules/openldap/manifests/init.pp
A modules/openldap/templates/base-schema.erb
M modules/openldap/templates/slapd.erb
3 files changed, 49 insertions(+), 7 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/10/250010/1

diff --git a/modules/openldap/manifests/init.pp 
b/modules/openldap/manifests/init.pp
index 95fc7cc..c6d5c32 100644
--- a/modules/openldap/manifests/init.pp
+++ b/modules/openldap/manifests/init.pp
@@ -24,6 +24,8 @@
 #       Optional. TLS enable the server. The path to the certificate file
 #    $ca
 #       Optional. TLS enable the server. The path to the CA certificate file
+#    $extra_schemas
+#       Optional. Specify an ERB template file with additional LDAP schemas
 #
 # Actions:
 #       Install/configure slapd
@@ -46,6 +48,7 @@
     $certificate=undef,
     $key=undef,
     $ca=undef,
+    $extra_schemas=undef,
 ) {
 
     require_package('slapd', 'ldap-utils', 'python-ldap')
@@ -72,6 +75,37 @@
         group   => 'root',
         mode    => '0444',
         content => template('openldap/slapd.erb'),
+    }
+
+    if $extra_schemas {
+        file { '/etc/ldap/ldap-schema.conf' :
+            ensure  => present,
+            owner   => 'root',
+            group   => 'root',
+            mode    => '0444',
+            content => template('openldap/base-schema.erb', $extra_schemas),
+        }
+    } else {
+        file { '/etc/ldap/ldap-schema.conf' :
+            ensure  => present,
+            owner   => 'root',
+            group   => 'root',
+            mode    => '0444',
+            content => template('openldap/base-schema.erb'),
+        }
+    }
+    
+    file { '/etc/ldap/ldap-schema.conf' :
+        ensure  => present,
+        owner   => 'root',
+        group   => 'root',
+        mode    => '0444',
+
+        if $extra_schemas {
+            content => template('openldap/base-schema.erb', $extra_schemas),
+        } else {
+            content => template('openldap/base-schema.erb'),
+        }
     }
 
     file { '/etc/default/slapd' :
@@ -121,6 +155,7 @@
     File['/etc/ldap/slapd.conf'] ~> Service['slapd'] # We also notify
     File['/etc/default/slapd'] ~> Service['slapd'] # We also notify
     File[$datadir] -> Service['slapd']
+    File['/etc/ldap/ldap-schema.conf'] -> File['/etc/ldap/slapd.conf']
     Package['slapd'] -> File['/etc/ldap/schema/rfc2307bis.schema']
     Package['slapd'] -> File['/etc/ldap/schema/samba.schema']
     File['/etc/ldap/schema/rfc2307bis.schema'] -> Service['slapd']
diff --git a/modules/openldap/templates/base-schema.erb 
b/modules/openldap/templates/base-schema.erb
new file mode 100644
index 0000000..b22489e
--- /dev/null
+++ b/modules/openldap/templates/base-schema.erb
@@ -0,0 +1,13 @@
+#####################################################################
+### THIS FILE IS MANAGED BY PUPPET
+### puppet:///modules/openldap/templates/base-schema.erb
+#####################################################################
+
+# Schema and objectClass definitions
+include         /etc/ldap/schema/core.schema
+include         /etc/ldap/schema/cosine.schema
+include         /etc/ldap/schema/rfc2307bis.schema
+include         /etc/ldap/schema/inetorgperson.schema
+include         /etc/ldap/schema/dyngroup.schema
+include         /etc/ldap/schema/samba.schema
+include         /etc/ldap/schema/ppolicy.schema
diff --git a/modules/openldap/templates/slapd.erb 
b/modules/openldap/templates/slapd.erb
index 05e85f8..22b41aa 100644
--- a/modules/openldap/templates/slapd.erb
+++ b/modules/openldap/templates/slapd.erb
@@ -7,13 +7,7 @@
 #allow bind_v2
 
 # Schema and objectClass definitions
-include         /etc/ldap/schema/core.schema
-include         /etc/ldap/schema/cosine.schema
-include         /etc/ldap/schema/rfc2307bis.schema
-include         /etc/ldap/schema/inetorgperson.schema
-include         /etc/ldap/schema/dyngroup.schema
-include         /etc/ldap/schema/samba.schema
-include         /etc/ldap/schema/ppolicy.schema
+include         /etc/ldap/ldap-schema.conf
 
 # Where the pid file is put. The init.d script
 # will not stop the server if you change this.

-- 
To view, visit https://gerrit.wikimedia.org/r/250010
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I376e2d320fc555cb069c27f9b18d7cd4af6879ad
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Muehlenhoff <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] openldap: Allow specifying an additional set of LDAP schemas - change (operations/puppet)

Reply via email to