cookbook 'openldap', '= 5.0.1'
openldap
(51) Versions
5.0.1
-
-
6.1.5
-
6.1.4
-
6.1.3
-
6.1.2
-
6.1.1
-
6.1.0
-
6.0.13
-
6.0.12
-
6.0.11
-
6.0.10
-
6.0.9
-
6.0.8
-
6.0.7
-
6.0.6
-
6.0.5
-
6.0.4
-
6.0.3
-
6.0.2
-
6.0.1
-
6.0.0
-
5.0.1
-
5.0.0
-
4.3.0
-
4.2.0
-
4.1.0
-
4.0.0
-
3.1.2
-
3.1.1
-
3.1.0
-
3.0.3
-
3.0.2
-
3.0.1
-
3.0.0
-
2.2.0
-
2.1.0
-
2.0.0
-
1.12.13
-
1.12.12
-
1.12.10
-
1.12.8
-
1.12.6
-
1.12.4
-
1.12.2
-
0.12.0
-
0.11.4
-
0.11.2
-
0.11.0
-
0.10.0
-
0.9.3
-
0.9.2
-
0.7.0
Follow53
- 6.1.5
- 6.1.4
- 6.1.3
- 6.1.2
- 6.1.1
- 6.1.0
- 6.0.13
- 6.0.12
- 6.0.11
- 6.0.10
- 6.0.9
- 6.0.8
- 6.0.7
- 6.0.6
- 6.0.5
- 6.0.4
- 6.0.3
- 6.0.2
- 6.0.1
- 6.0.0
- 5.0.1
- 5.0.0
- 4.3.0
- 4.2.0
- 4.1.0
- 4.0.0
- 3.1.2
- 3.1.1
- 3.1.0
- 3.0.3
- 3.0.2
- 3.0.1
- 3.0.0
- 2.2.0
- 2.1.0
- 2.0.0
- 1.12.13
- 1.12.12
- 1.12.10
- 1.12.8
- 1.12.6
- 1.12.4
- 1.12.2
- 0.12.0
- 0.11.4
- 0.11.2
- 0.11.0
- 0.10.0
- 0.9.3
- 0.9.2
- 0.7.0
Installs and configures OpenLDAP (slapd) an open source implementation of LDAP.
cookbook 'openldap', '= 5.0.1', :supermarket
knife supermarket install openldap
knife supermarket download openldap
openldap Cookbook
Configures a server to be an OpenLDAP provider or replication consumer. Also includes a recipe to install the client libs, but not to setup actual LDAP auth as there are several ways to do this. We recommend looking at the sssd_ldap cookbook.
Maintainers
This cookbook is maintained by the Sous Chefs. The Sous Chefs are a community of Chef cookbook maintainers working together to maintain important cookbooks. If you’d like to know more please visit sous-chefs.org or come chat with us on the Chef Community Slack in #sous-chefs.
Requirements
Platforms
- Ubuntu
- Debian
- FreeBSD
- RHEL/CentOS >= 7.0 NOTE: RHEL 8 removed support for openldap. We provide support via a repository provided by the OSUOSL.
- Fedora
- openSUSE Leap
Chef
- Chef 12.15+
Cookbooks
- dpkg_autostart
Attributes
This is not an exhaustive list of attributes as most are directly comparable to their OpenLDAP equivalents.
Required
openldap['rootpw']
This should be a password hash generated from slappasswd. The default slappasswd command will generate a salted SHA1 hash:
$ slappasswd -s "secretsauce"
{SSHA}6BjlvtSbVCL88li8IorkqMSofkLio58/
Set this via a node/role/env attribute or in a wrapper cookbook with an encrypted data_bag. OpenLDAP will fail to start if this is not set.
Install/Upgrade
-
openldap['package_install_action']
- The action to be taken for all packages in the recipes. Defaults to :install, but can also be set to :upgrade to upgrade all packages referenced in the recipes.
General configuration
-
openldap['schemas']
- Array of ldap schema file names to load -
openldap['modules']
- Array of slapd modules names to load - `openldap['indexes]' - Array of indexes to use
-
openldap['admin_cn']
- Admin CN nameadministrators (default)
-
openldap['user_attrs']
- User access attributesuserPassword,shadowLastChange (default)
TLS/SSL
If openldap['ldaps_enabled']
or openldap['tls_enabled']
are set, then openldap['tls_cert']
and openldap['tls_key']
must also be set and the files must exist prior to execution. Depending on the certificates, openldap['tls_cafile']
may also need to be set. See the test cookbook for an example.
-
openldap['ldaps_enabled']
- listen on LDAPS (636) true | false (default) -
openldap['tls_enabled']
- true | false (default) -
openldap['tls_cert']
- full path to your SSL certificate -
openldap['tls_key']
- full path to your SSL key -
openldap['tls_cafile']
- full path to your CA certificate (or intermediate authorities), if needed. -
openldap['tls_ciphersuite']
- OpenSSL cipher suite specification to use, defaults to none (use system default)
Replication
Attributes related to replication (syncrepl). Only used if a provider or consumer.
-
openldap['slapd_type']
-'provider' | 'consumer'
, default isnil
-
openldap['slapd_provider']
- hostname of slapd provider -
openldap['slapd_replpw']
- replication password -
openldap['slapd_rid']
- unique integer ID, required if type is consumer -
openldap['syncrepl_uri']
-ldap (default) | ldaps
-
openldap['syncrepl_port']
-'389 (default) | 636'
-
openldap['syncrepl_cn']
- the CN (only) of the user to use as binddn as consumer
The following syncrepl values are set by default, others can be added by setting the appropriate key value
pair in the openldap['syncrepl_*_config]
(See the OpenLDAP Adminstrator Guide):
-
openldap']['syncrepl_provider_config']['overlay']
- defaults to 'syncprov' -
openldap']['syncrepl_provider_config']['syncprov-checkpoint']
- defaults to '100 10' -
openldap']['syncrepl_provider_config']['syncprov-sessionlog']
- defaults to '100' -
openldap['syncrepl_consumer_config']['type']
- defaults to 'refreshAndPersist' -
openldap['syncrepl_consumer_config']['interval']
- interval for the sync. Defaults to 1 day -
openldap['syncrepl_consumer_config']['searchbase']
- calculated in recipe -
openldap['syncrepl_consumer_config']['filter']
- search filter to use in the replication -
openldap['syncrepl_consumer_config']['scope']
- defaults to 'sub' -
openldap['syncrepl_consumer_config']['schemachecking']
- defaults to 'off' -
openldap['syncrepl_consumer_config']['bindmethod']
- defaults to 'simple' -
openldap['syncrepl_consumer_config']['binddn']
- calculated in recipe -
openldap['syncrepl_consumer_config']['starttls']
-yes | no (default)
-
openldap['syncrepl_consumer_config']['credentials']
- defaults toopenldap['slapd_replpw']
Recipes
default
Install and configure OpenLDAP (slapd).
Resources
Contributors
This project exists thanks to all the people who contribute.
Backers
Thank you to all our backers!
Sponsors
Support this project by becoming a sponsor. Your logo will show up here with a link to your website.
openldap Cookbook CHANGELOG
This file is used to list changes made in each version of the openldap cookbook.
The format is based on Keep a Changelog,
and this project adheres to Semantic Versioning.
5.0.1 - 2021-06-01
5.0.0 - 2020-12-14
- Improve customization of server with additional attributes
- Add
default['openldap']['admin_cn']
for customizing the admin CN - Add
default['openldap']['indexes']
for customizing the indexes configured - Add
default['openldap']['user_attrs']
for customizing the user access attributes - Cleanup template formatting
- Set
sensitive true
forslapd.conf
template - Fix EL8 systemd unit for slapd daemon
- Move platform attributes and resource methods to library helpers
- Add
install_client
andinstall_server
properties toopenldap_install
resource - Improve ChefSpec tests
- Automatically rebuild slapd.d configuration when slapd.conf is updated
- Documentation for
openldap_install
resource
4.3.0 - 2020-11-23
- Add RHEL/CentOS 8 support
4.2.0 (2020-11-04)
Changed
- Sous Chefs Adoption
- Update Changelog to Sous Chefs
- Update to use Sous Chefs GH workflow
- Update test-kitchen to Sous Chefs
- Update README to sous-chefs
- Update metadata.rb to Sous Chefs
Fixed
- resolved cookstyle error: spec/unit/recipes/default_spec.rb:42:18 warning:
ChefDeprecations/DeprecatedChefSpecPlatform
- resolved cookstyle error: spec/unit/recipes/default_spec.rb:59:18 warning:
ChefDeprecations/DeprecatedChefSpecPlatform
- ChefSpec fixes
- Yamllint fixes
- MDL fixes
- Add proper support for Amazon Linux
- Fix CentOS dokken suite testing
- Restart slapd if the default file is updated
- Enable modulepath for centos
- Fix tls for Amazon Linux
- Fix testing on FreeBSD
Added
- Additional InSpec tests
Removed
- Remove EL6 testing and support
4.1.0 (2020-02-25)
- Use platform helpers where we can - @tas50
- Remove legacy metadata that isn't used - @tas50
- Testing updates and modernization - @tas50
- Add Github actions testing of style/unit - @tas50
- Require Chef 12.15+ - @tas50
- Update platforms we test on and fix ChefSpec deprecation warnings - @tas50
4.0.0 (2018-07-18)
- added support in syncrepl for ldaps and config options. This is a breaking change as it changes several of the attributes used to setup syncrepl. If you previously used the syncrepl functionality in this cookbook be sure to check the current attributes to see where changes are necessary before applying this new version of the cookbook.
- Update ChefSpecs to the latest platform releases
3.1.2 (2017-07-27)
- fixed slapd.conf file syntax
- parameterize dbconfig settings
3.1.1 (2017-06-14)
- remove extra by, invalid syntax that breaks non-admin read
3.1.0 (2017-05-30)
- Remove class_eval usage and require Chef 12.7+
v3.0.3 (2017-04-04)
- Break rhelish 6 and 7 sysconfig templates out separately #89 (cheeseplus)
- Fixing CentOS and Amazon Linux support #88 (jpooler)
v3.0.2 (2017-03-27)
- Change
/var/cache/local/preseeding
resource configuration to be mode '0755'
v3.0.1 (2017-03-27)
- Update metadata to improve search query on supermarket for ldap.
- Standardize license string in metadata.
v3.0.0 (2017-03-16)
This version has several major breaking changes that you will need to be aware of.
- cn=config via slapd.d never worked and thus the 'support' has been removed - it may return but it will be a new feature
- All auth logic has been removed from this cookbook. This cookbook now only configures the server side of openldap. We highly recommend configuring LDAP auth using our sssd_ldap cookbook, which functions much better than the previous PAM config.
- A config hash have been added to add arbitrary files to the ldap.config and slapd.config files. This eliminates much of the need for forking this cookbook to meet your environment's needs. See the readme for detailed information on how these hashes are converted to ldap configs.
- Many attributes are no longer present or have had name/value changes
- There is now only one recipe and it is
default
- Properly supporting all platforms listed as supported
- Adoption of
provider
andconsumer
terminology
Other Changes
- Documented the current process for managing certs
- Remove old Ubuntu initial run steps from the Readme
- Ship with more sane logging levels
- Don't manage ssl out of the box.
- Remove a duplicate ERB that wasn't called anywhere
- Rearrange the attributes file to make more sense
- Updates to the provider setup with syncrepl to make it actually work
- Add new attributes to provide better control of replication
- Add unit and lint testing in Travis CI
- Add basic convergence Chefspec
- TLS config fixes, use uri over host+port, include client_config_hash in both config files
- Add new supermarket metadata
- Add chef_version metadata
- Resolve all cookstyle warnings
- Add maintainers files
- Fix recipe is expecting an attribute named "system_user", but attributes are configured to provide "system_acct".
- Add TLSCipherSuite to slapd.conf
- Remove node name from all configs
- Log a warning error if someone tries to use the default recipe since it doesn't do anything
v2.2.0 (2015-04-16)
- Added support for FreeBSD
- Improved support for RHEL platforms
- Removed the attributes from the metadata.rb file since they were outdated
v2.1.0 (2015-03-10)
- Resolve the one and only Food Critic warning
- Remove legacy LDAP Apache2 attributes that aren't used in this cookbook or in the Apache2 cookbook
- Add an attribute for schemas to enable in the slapd config
- Add an attribute for the modules to load in the slapd config
- Make the cn used an attribute
v2.0.0 (2015-03-06)
- Added URI to the client config so clients can communicate with the LDAP server
- Change all package resource actions from upgrade -> install and introduce and attribute if you want to change it back. Upgrading openldap when a new package comes out is not a desired action on production systems.
- Update the "Generated by Chef for xyz" comment blocks in the config templates to be consistent. This will result in config changes / service restarts due to notification
- Install the most recent version of the Berkeley DB utils package. This adds support for Trusty and RHEL, but will result in a newer version of the bd-util package being installed on Precise systems.
- Added new attributes to set the cookbook and source path for the SSL keys and certs. This reduces the need to fork / modify this cookbook
- Added a new attribute for controlling the log level of the server
- Make the ldap client package an attribute with support for RHEL
- Fix the search logic in the slave recipe to not fail
- Converted the cookbook to platform_family to better support Ubuntu. This means the cookbook will no longer work on Chef versions prior to 0.10.10
- Updated Gemfile with up to date dependency versions
- Updated Contributing doc to match the current process
- Added a chefignore file to prevent ds_store files from ending up in /usr/local/bin
- Switched all modes to strings to preserve the leading 0
- Added a rubocop.yml file and resolved the majority of rubocop complaints
- Updated platforms in the kitchen.yml file
v1.12.13 (2015-02-18)
- reverting OpenSSL module namespace change
v1.12.12 (2015-02-17)
- Updating to work with latest openssl cookbook
v1.12.10 (2014-04-09)
- [COOK-4239] - Service enable/start resource moved to end
- [COOK-4239] - Fix sslfiles + ubuntu fix
v1.12.8 (2014-01-03)
Merged nildomain branch
v1.12.6 (2014-01-03)
adding checks for node['domain'].nil? in attributes
v1.12.4
- [COOK-3772] - nscd clears don't work
- [COOK-411] - Openldap authentication should validate server certificate
v1.12.2
Improvement
- COOK-3699 - OpenLDAP Cookbooks - add extra options
u tv0.12.0
New Feature
- COOK-3561 - Support out of band SSL certificates in openldap::server
Bug
- COOK-3548 - Fix an issue where preseeding may fail if directory does not exist
- COOK-3543 - Do not try to set up as a slave
-
COOK-3351 - Fix a typo in
ldap-ldap.conf.erb
template
v0.11.4
Bug
- COOK-3348 - Fix typo in default attributes
v0.11.2
Bug
- [COOK-2496]: openldap: rootpw is badly set in attributes file
- [COOK-2970]: openldap cookbook has foodcritic failures
v0.11.0
- [COOK-1588] - general cleanup/improvements
- [COOK-1985] - attributes file has a search method
v0.10.0
- [COOK-307] - create directory with attribute
v0.9.4
- Initial/Current release
Collaborator Number Metric
5.0.1 passed this metric
Contributing File Metric
5.0.1 passed this metric
Foodcritic Metric
5.0.1 failed this metric
FC009: Resource attribute not recognised: openldap/resources/install.rb:49
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
No Binaries Metric
5.0.1 passed this metric
Testing File Metric
5.0.1 passed this metric
Version Tag Metric
5.0.1 passed this metric
5.0.1 passed this metric
5.0.1 passed this metric
Foodcritic Metric
5.0.1 failed this metric
FC009: Resource attribute not recognised: openldap/resources/install.rb:49
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
No Binaries Metric
5.0.1 passed this metric
Testing File Metric
5.0.1 passed this metric
Version Tag Metric
5.0.1 passed this metric
5.0.1 failed this metric
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
5.0.1 passed this metric
Testing File Metric
5.0.1 passed this metric
Version Tag Metric
5.0.1 passed this metric
5.0.1 passed this metric
5.0.1 passed this metric