Add LDAP support

3 files changed, 32 insertions, 0 deletions

diff --git a/modules/base_installation/templates/ldap/ldap.conf.erb b/modules/base_installation/templates/ldap/ldap.conf.erb
new file mode 100644
index 0000000..626a986
--- /dev/null
+++ b/modules/base_installation/templates/ldap/ldap.conf.erb
@@ -0,0 +1,3 @@
+uri        <%= @ldap_uri %>
+base       <%= @ldap_base %>
+tls_cacert <%= @ldap_cert_path %>
diff --git a/modules/base_installation/templates/puppet/host_ldap.info.erb b/modules/base_installation/templates/puppet/host_ldap.info.erb
new file mode 100644
index 0000000..a350c37
--- /dev/null
+++ b/modules/base_installation/templates/puppet/host_ldap.info.erb
@@ -0,0 +1,17 @@
+#### Please add this node to LDAP:
+ldapadd -D "cn=root,<%= @ldap_base %>" -W << 'EOF'
+dn: <%= @ldap_dn %>
+cn: <%= @ldap_cn %>
+objectclass: device
+objectclass: top
+objectclass: simpleSecurityObject
+objectclass: puppetClient
+userpassword: {SSHA}<%= Base64.encode64(Digest::SHA1.digest(@ldap_password+@ssha_ldap_seed)+@ssha_ldap_seed).chomp! %>
+EOF
+#### Or modify an existing entry:
+ldapmodify -D "cn=root,<%= @ldap_base %>" -W << 'EOF'
+dn: <%= @ldap_dn %>
+changetype: modify
+replace: userPassword
+userpassword: {SSHA}<%= Base64.encode64(Digest::SHA1.digest(@ldap_password+@ssha_ldap_seed)+@ssha_ldap_seed).chomp! %>
+EOF
diff --git a/modules/base_installation/templates/puppet/puppet.conf.erb b/modules/base_installation/templates/puppet/puppet.conf.erb
new file mode 100644
index 0000000..99d9fc3
--- /dev/null
+++ b/modules/base_installation/templates/puppet/puppet.conf.erb
@@ -0,0 +1,12 @@
+[main]
+ssldir = <%= @puppet_ssl_path %>
+
+node_terminus = ldap
+ldapserver = <%= @ldap_server %>
+ldaptls = true
+ldapbase = <%= @ldap_base %>
+ldapuser = <%= @ldap_dn %>
+ldappassword = <%= @ldap_password %>
+ldapclassattrs = puppetClass
+ldapparentattr = parentNode
+ldapstackedattrs = puppetVar