From 35fd70e43624b8c44d80f58b044f1b5be7c731ba Mon Sep 17 00:00:00 2001
From: Stanislav Voroniy <voroniys@users.noreply.github.com>
Date: Fri, 6 Feb 2015 19:02:57 +0100
Subject: [PATCH 1/2] Make LDAP section more configurable

---
 manifests/init.pp             | 4 ++++
 manifests/params.pp           | 2 ++
 templates/rabbitmq.config.erb | 7 ++++++-
 3 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/manifests/init.pp b/manifests/init.pp
index 1ac3f6d61..48f1a5090 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -44,9 +44,11 @@
   $ldap_auth                  = $rabbitmq::params::ldap_auth,
   $ldap_server                = $rabbitmq::params::ldap_server,
   $ldap_user_dn_pattern       = $rabbitmq::params::ldap_user_dn_pattern,
+  $ldap_other_bind            = $rabbitmq::params::ldap_other_bind,
   $ldap_use_ssl               = $rabbitmq::params::ldap_use_ssl,
   $ldap_port                  = $rabbitmq::params::ldap_port,
   $ldap_log                   = $rabbitmq::params::ldap_log,
+  $ldap_config_variables      = $rabbitmq::params::ldap_config_variables,
   $stomp_port                 = $rabbitmq::params::stomp_port,
   $version                    = $rabbitmq::params::version,
   $wipe_db_on_cookie_change   = $rabbitmq::params::wipe_db_on_cookie_change,
@@ -103,6 +105,8 @@
   validate_bool($ldap_auth)
   validate_string($ldap_server)
   validate_string($ldap_user_dn_pattern)
+  validate_string($ldap_other_bind)
+  validate_hash($ldap_config_variables)
   validate_bool($ldap_use_ssl)
   validate_re($ldap_port, '\d+')
   validate_bool($ldap_log)
diff --git a/manifests/params.pp b/manifests/params.pp
index 4e4ba3221..2280038c3 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -78,9 +78,11 @@
   $ldap_auth                  = false
   $ldap_server                = 'ldap'
   $ldap_user_dn_pattern       = 'cn=username,ou=People,dc=example,dc=com'
+  $ldap_other_bind            = 'anon'
   $ldap_use_ssl               = false
   $ldap_port                  = '389'
   $ldap_log                   = false
+  $ldap_config_variables      = {}
   $stomp_port                 = '6163'
   $wipe_db_on_cookie_change   = false
   $cluster_partition_handling = 'ignore'
diff --git a/templates/rabbitmq.config.erb b/templates/rabbitmq.config.erb
index 591a1cb17..008a0d4e6 100644
--- a/templates/rabbitmq.config.erb
+++ b/templates/rabbitmq.config.erb
@@ -71,11 +71,16 @@
 <%- if @ldap_auth -%>,
 % Configure the LDAP authentication plugin
   {rabbitmq_auth_backend_ldap, [
-    {other_bind, anon},
+    {other_bind, <%= @ldap_other_bind %>},
     {servers, ["<%= @ldap_server %>"]},
     {user_dn_pattern, "<%= @ldap_user_dn_pattern %>"},
     {use_ssl, <%= @ldap_use_ssl %>},
     {port, <%= @ldap_port %>},
+<% if @ldap_config_variables -%>
+<%- @ldap_config_variables.keys.sort.each do |key| -%>
+    {<%= key %>, <%= @ldap_config_variables[key] %>},
+<%- end -%>
+<%- end -%>
     {log, <%= @ldap_log %>}
   ]}
 <%- end -%>

From ed770283743d30a0a2a2d7d5b11d0e1758bf53a9 Mon Sep 17 00:00:00 2001
From: Colleen Murphy <colleen@puppetlabs.com>
Date: Sun, 22 Feb 2015 20:32:50 -0800
Subject: [PATCH 2/2] Add documentation and tests for new ldap params

---
 README.md                     |  8 ++++++++
 spec/classes/rabbitmq_spec.rb | 28 ++++++++++++++++------------
 2 files changed, 24 insertions(+), 12 deletions(-)

diff --git a/README.md b/README.md
index 258f9bf13..9b19a3adb 100644
--- a/README.md
+++ b/README.md
@@ -239,6 +239,14 @@ LDAP server to use for auth.
 
 User DN pattern for LDAP auth.
 
+####`ldap_other_bind`
+
+How to bind to the LDAP server. Defaults to 'anon'.
+
+####`ldap_config_variables`
+
+Hash of other LDAP config variables.
+
 ####`ldap_use_ssl`
 
 Boolean, set to true to use SSL for the LDAP server.
diff --git a/spec/classes/rabbitmq_spec.rb b/spec/classes/rabbitmq_spec.rb
index 8429c98c4..1740e5309 100644
--- a/spec/classes/rabbitmq_spec.rb
+++ b/spec/classes/rabbitmq_spec.rb
@@ -404,13 +404,15 @@
 
       describe 'configuring ldap authentication' do
         let :params do
-          { :config_stomp         => true,
-            :ldap_auth            => true,
-            :ldap_server          => 'ldap.example.com',
-            :ldap_user_dn_pattern => 'ou=users,dc=example,dc=com',
-            :ldap_use_ssl         => false,
-            :ldap_port            => '389',
-            :ldap_log             => true
+          { :config_stomp          => true,
+            :ldap_auth             => true,
+            :ldap_server           => 'ldap.example.com',
+            :ldap_user_dn_pattern  => 'ou=users,dc=example,dc=com',
+            :ldap_other_bind       => 'as_user',
+            :ldap_use_ssl          => false,
+            :ldap_port             => '389',
+            :ldap_log              => true,
+            :ldap_config_variables => { 'foo' => 'bar' }
           }
         end
 
@@ -419,10 +421,10 @@
         it 'should contain ldap parameters' do
           verify_contents(subject, 'rabbitmq.config',
                           ['[', '  {rabbit, [', '    {auth_backends, [rabbit_auth_backend_internal, rabbit_auth_backend_ldap]},', '  ]}',
-                            '  {rabbitmq_auth_backend_ldap, [', '    {other_bind, anon},',
+                            '  {rabbitmq_auth_backend_ldap, [', '    {other_bind, as_user},',
                             '    {servers, ["ldap.example.com"]},',
                             '    {user_dn_pattern, "ou=users,dc=example,dc=com"},', '    {use_ssl, false},',
-                            '    {port, 389},', '    {log, true}'])
+                            '    {port, 389},', '    {foo, bar},', '    {log, true}'])
         end
       end
 
@@ -432,9 +434,11 @@
             :ldap_auth            => true,
             :ldap_server          => 'ldap.example.com',
             :ldap_user_dn_pattern => 'ou=users,dc=example,dc=com',
+            :ldap_other_bind      => 'as_user',
             :ldap_use_ssl         => false,
             :ldap_port            => '389',
-            :ldap_log             => true
+            :ldap_log             => true,
+            :ldap_config_variables => { 'foo' => 'bar' }
           }
         end
 
@@ -443,10 +447,10 @@
         it 'should contain ldap parameters' do
           verify_contents(subject, 'rabbitmq.config',
                           ['[', '  {rabbit, [', '    {auth_backends, [rabbit_auth_backend_internal, rabbit_auth_backend_ldap]},', '  ]}',
-                            '  {rabbitmq_auth_backend_ldap, [', '    {other_bind, anon},',
+                            '  {rabbitmq_auth_backend_ldap, [', '    {other_bind, as_user},',
                             '    {servers, ["ldap.example.com"]},',
                             '    {user_dn_pattern, "ou=users,dc=example,dc=com"},', '    {use_ssl, false},',
-                            '    {port, 389},', '    {log, true}'])
+                            '    {port, 389},', '    {foo, bar},', '    {log, true}'])
         end
       end