Issue #2381 has been updated by Luke Kanies. Category set to node Status changed from Unreviewed to Accepted
I like the idea of more direct integration with such a widely deployed system, but I don't really have the time to go through these patches right now. Anyone else using AD and interested in this integration able to test this? ---------------------------------------- Feature #2381: Active Directory Integration http://projects.reductivelabs.com/issues/2381 Author: S H Status: Accepted Priority: Normal Assigned to: Category: node Target version: Complexity: Unknown Affected version: 0.24.8 Keywords: Using the LDAPNodes system with Active Directory requires extending the ADS schema. This is trivial, but managing extensions is pain in the ass. To make things work with Active Directory's native management tools I've moved to an External Nodes script. I've also added two plugins (all I've needed so far) to retrieve ADS info for my modules. It'd be great to see Active Directory as a native node-discovery method. I new to both Puppet and Ruby so I have not been able to do this myself, but hopefully the work I have done will spur on some ideas. I haven't documented these properly and my Ruby is pretty weak, but I wanted to get them out there regardless. SSL is silently ignored at the moment. In a nutshell, the ADSInt class wraps up ruby-ldap in a nice interface for the rest of the scripts. Searches take standard LDAP filters as arguments and, optionally, an array of attributes to be returned. By default, all attributes are returned. Like ruby-ldap, search can iterate through the results for you or return them in an array. Unlike ruby-ldap, it normalizes all hash keys to lowercase values. node_from_ads searches Active Directory for a member of puppetGroup (I chose "PuppetClients") and a name matching the first arugument. This means that your puppet nodes need to be created as ADS users with their fqdn as their names. When it finds the node, all its LDAP attributes are stuffed into the parameters hash, and its group membership is scanned for any groups in the form "puppetclient-_suffix_". _suffix_ is added to the list of classes and everything's dumped out in a proper YAML format. Linking classes to ADS Group membership lets you link Puppet configuration with ADS security policy. The functions are explained below, but note that they both require the variable "ads_conf" to be defined somewhere in your Puppet config. At the very least, I hope this will open discussion on potential ADS integration. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://reductivelabs.com/redmine/my/account --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en -~----------~----~----~----~------~----~------~--~---
