From ac3c651ee8b6e8febabc2afbcfe532788d3f2915 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Tarti=C3=A8re?= Date: Wed, 20 Oct 2021 08:59:10 -1000 Subject: [PATCH 1/5] Fix cn=config bootstrap on FreeBSD --- manifests/server/config.pp | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/manifests/server/config.pp b/manifests/server/config.pp index bcacb0b8..58a53a5a 100644 --- a/manifests/server/config.pp +++ b/manifests/server/config.pp @@ -114,9 +114,10 @@ # On FreeBSD we need to bootstrap slapd.d $ldif = file('openldap/cn-config.ldif') exec { 'bootstrap cn=config': - path => '/usr/local/sbin', - command => "echo '${ldif}' | slapadd -n 0 -F ${openldap::server::confdir}", - creates => "${openldap::server::confdir}/cn=config.ldif", + path => '/usr/local/sbin', + command => "echo '${ldif}' | slapadd -n 0 -F ${openldap::server::confdir}", + creates => "${openldap::server::confdir}/cn=config.ldif", + provider => 'shell', } } 'Suse': { From b97cb42b14d2502c7ae0ebf8c004104ec99969ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Tarti=C3=A8re?= Date: Thu, 21 Oct 2021 10:40:38 -1000 Subject: [PATCH 2/5] Fix FreeBSD default value for ldapi_ifs The previous default was invalid, so this is not a backward-incompatible change. --- data/common.yaml | 2 ++ data/os/FreeBSD.yaml | 2 ++ manifests/server.pp | 2 +- 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/data/common.yaml b/data/common.yaml index 3312ef16..84cdc48b 100644 --- a/data/common.yaml +++ b/data/common.yaml @@ -7,3 +7,5 @@ openldap::server::group: "ldap" openldap::server::owner: "ldap" openldap::server::service: "slapd" openldap::server::escape_ldapi_ifs: false +openldap::server::ldapi_ifs: + - "/" diff --git a/data/os/FreeBSD.yaml b/data/os/FreeBSD.yaml index 4764425c..745c71a4 100644 --- a/data/os/FreeBSD.yaml +++ b/data/os/FreeBSD.yaml @@ -5,3 +5,5 @@ openldap::server::confdir: "/usr/local/etc/openldap/slapd.d" openldap::server::conffile: "/usr/local/etc/openldap/slapd.conf" openldap::server::package: "openldap24-server" openldap::server::escape_ldapi_ifs: true +openldap::server::ldapi_ifs: + - "/var/run/openldap/ldapi" diff --git a/manifests/server.pp b/manifests/server.pp index 99c66d3c..1e467d80 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -7,6 +7,7 @@ String[1] $owner, String[1] $group, Boolean $escape_ldapi_ifs, + Array[String[1]] $ldapi_ifs, Optional[Boolean] $enable_chown = undef, Optional[Boolean] $service_hasstatus = undef, Boolean $enable = true, @@ -17,7 +18,6 @@ Hash $databases = {}, Array[String[1]] $ldap_ifs = ['/'], Array[String[1]] $ldaps_ifs = [], - Array[String[1]] $ldapi_ifs = ['/'], Optional[String] $slapd_params = undef, Optional[Stdlib::Port] $ldap_port = undef, Optional[Stdlib::IP::Address] $ldap_address = undef, From db7ce4524c54124e095be1c798e69f839c5c0fb1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Tarti=C3=A8re?= Date: Thu, 21 Oct 2021 10:48:29 -1000 Subject: [PATCH 3/5] Ensure slapd.d directory exist before populating it --- manifests/server/config.pp | 9 +++++++++ manifests/server/slapdconf.pp | 8 -------- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/manifests/server/config.pp b/manifests/server/config.pp index 58a53a5a..75735f57 100644 --- a/manifests/server/config.pp +++ b/manifests/server/config.pp @@ -34,6 +34,14 @@ } $slapd_ldap_urls = "${slapd_ldap_ifs} ${slapd_ldapi_ifs} ${slapd_ldaps_ifs}" + file { $openldap::server::confdir: + ensure => directory, + owner => $openldap::server::owner, + group => $openldap::server::group, + mode => '0750', + force => true, + } + case $facts['os']['family'] { 'Debian': { shellvar { 'slapd': @@ -118,6 +126,7 @@ command => "echo '${ldif}' | slapadd -n 0 -F ${openldap::server::confdir}", creates => "${openldap::server::confdir}/cn=config.ldif", provider => 'shell', + require => File[$openldap::server::confdir], } } 'Suse': { diff --git a/manifests/server/slapdconf.pp b/manifests/server/slapdconf.pp index 9662e3ae..87162d5f 100644 --- a/manifests/server/slapdconf.pp +++ b/manifests/server/slapdconf.pp @@ -2,14 +2,6 @@ class openldap::server::slapdconf { include openldap::server - file { $openldap::server::confdir: - ensure => directory, - owner => $openldap::server::owner, - group => $openldap::server::group, - mode => '0750', - force => true, - } - if $openldap::server::ssl_cert { if $openldap::server::ssl_key { openldap::server::globalconf { 'TLSCertificate': From 46e43ff0db124f1a35c34538074f5ae9eff4df5e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Tarti=C3=A8re?= Date: Thu, 21 Oct 2021 10:50:50 -1000 Subject: [PATCH 4/5] Bootstrap using correct user account --- manifests/server/config.pp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/manifests/server/config.pp b/manifests/server/config.pp index 75735f57..07e7fe48 100644 --- a/manifests/server/config.pp +++ b/manifests/server/config.pp @@ -126,6 +126,8 @@ command => "echo '${ldif}' | slapadd -n 0 -F ${openldap::server::confdir}", creates => "${openldap::server::confdir}/cn=config.ldif", provider => 'shell', + user => $openldap::server::owner, + group => $openldap::server::group, require => File[$openldap::server::confdir], } } From 27a0de4032a0558667ca817a7eed93d434066841 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Tarti=C3=A8re?= Date: Thu, 21 Oct 2021 16:13:03 -1000 Subject: [PATCH 5/5] Fix FreeBSD default database directory --- data/common.yaml | 1 + data/os/FreeBSD.yaml | 1 + manifests/server.pp | 1 + manifests/server/database.pp | 5 +---- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/data/common.yaml b/data/common.yaml index 84cdc48b..3ef0a3c3 100644 --- a/data/common.yaml +++ b/data/common.yaml @@ -9,3 +9,4 @@ openldap::server::service: "slapd" openldap::server::escape_ldapi_ifs: false openldap::server::ldapi_ifs: - "/" +openldap::server::default_directory: "/var/lib/ldap" diff --git a/data/os/FreeBSD.yaml b/data/os/FreeBSD.yaml index 745c71a4..c5ad86ac 100644 --- a/data/os/FreeBSD.yaml +++ b/data/os/FreeBSD.yaml @@ -7,3 +7,4 @@ openldap::server::package: "openldap24-server" openldap::server::escape_ldapi_ifs: true openldap::server::ldapi_ifs: - "/var/run/openldap/ldapi" +openldap::server::default_directory: "/var/db/openldap-data" diff --git a/manifests/server.pp b/manifests/server.pp index 1e467d80..bbcb66e3 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -8,6 +8,7 @@ String[1] $group, Boolean $escape_ldapi_ifs, Array[String[1]] $ldapi_ifs, + Stdlib::Absolutepath $default_directory, Optional[Boolean] $enable_chown = undef, Optional[Boolean] $service_hasstatus = undef, Boolean $enable = true, diff --git a/manifests/server/database.pp b/manifests/server/database.pp index 23488100..f07a4888 100644 --- a/manifests/server/database.pp +++ b/manifests/server/database.pp @@ -30,10 +30,7 @@ 'config' => undef, 'relay' => undef, 'ldap' => undef, - default => $directory ? { - undef => '/var/lib/ldap', - default => $directory, - }, + default => $directory.lest || { $openldap::server::default_directory }, } Class['openldap::server::service']