Name: openldap
Owner: Chef Community Cookbooks
Description: Development repository for openldap Chef Cookbook
Created: 2012-03-14 18:35:53.0
Updated: 2017-07-14 04:22:47.0
Pushed: 2017-09-01 06:35:58.0
Homepage: https://supermarket.chef.io/cookbooks/openldap
Size: 304
Language: HTML
GitHub Committers
User | Most Recent Commit | # Commits |
---|
Other Committers
User | Most Recent Commit | # Commits |
---|
Configures a server to be an OpenLDAP master or replication slave. Also includes a recipe to install the client libs, but not to setup actual LDAP auth as there are several ways to do this. We recommend looking at our sssd_ldap cookbook
This is not an exhaustive list of attributes as most are directly comparable to their OpenLDAP equivalents.
openldap['rootpw']
This should be a password hash generated from slappasswd. The default slappasswd command will generate a salted SHA1 hash:
appasswd -s "secretsauce"
A}6BjlvtSbVCL88li8IorkqMSofkLio58/
Set this via a node/role/env attribute or in a wrapper cookbook with an encrypted data_bag. OpenLDAP will fail to start if this is not set.
openldap['package_install_action']
- The action to be taken for all packages in the recipes. Defaults to :install, but can also be set to :upgrade to upgrade all packages referenced in the recipes.openldap['schemas']
- Array of ldap schema file names to loadopenldap['modules']
- Array of slapd modules names to loadIf openldap['ldaps_enabled']
or openldap['tls_enabled']
are set, then openldap['tls_cert']
and openldap['tls_key']
must also be set and the files must exist prior to execution. Depending on the certificates, openldap['tls_cafile']
may also need to be set. See the test cookbook for an example.
openldap['ldaps_enabled']
- listen on LDAPS (636) true | false (default)openldap['tls_enabled']
- true | false (default)openldap['tls_cert']
- full path to your SSL certificateopenldap['tls_key']
- full path to your SSL keyopenldap['tls_cafile']
- full path to your CA certificate (or intermediate authorities), if needed.openldap['tls_ciphersuite']
- OpenSSL cipher suite specification to use, defaults to none (use system default)Attributes related to replication (syncrepl). Only used if a provider or consumer.
openldap['slapd_type']
- 'provider' | 'consumer'
, default is nil
openldap['slapd_provider']
- hostname of slapd provideropenldap['slapd_replpw']
- replication passwordopenldap['slapd_rid']
- unique integer ID, required if type is consumeropenldap['syncrepl_interval']
- interval for the sync. Defaults to 1 dayopenldap['syncrepl_type']
- defaults to 'refreshAndPersist'openldap['syncrepl_filter']
- search filter to use in the replicationopenldap['syncrepl_use_tls']
- yes | no (default)
openldap['syncrepl_cn']
- the CN (only) of the user to use as binddn as consumerInstall and configure OpenLDAP (slapd).
This cookbook is maintained by Chef's Community Cookbook Engineering team. Our goal is to improve cookbook quality and to aid the community in contributing to cookbooks. To learn more about our team, process, and design goals see our team documentation. To learn more about contributing to cookbooks like this see our contributing documentation, or if you have general questions about this cookbook come chat with us in #cookbok-engineering on the Chef Community Slack
Copyright: 2008-2017, Chef Software, Inc.
nsed under the Apache License, Version 2.0 (the "License");
may not use this file except in compliance with the License.
may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
ss required by applicable law or agreed to in writing, software
ributed under the License is distributed on an "AS IS" BASIS,
OUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
the License for the specific language governing permissions and
tations under the License.