Sorry for the late reply.  Yes, you need to manage /etc/ldap.conf and
probably /etc/ssl (or /etc/cacerts) depending on your setup.  I do
that a little differently at the moment (outside of puppet, though I
really should be using puppet).

remotefile is a class that I snarfed from
http://www.reductivelabs.com/trac/puppet/wiki/PuppetScalability

Cheers,
Ryan

On Thu, Nov 20, 2008 at 2:37 AM, Kenneth Holter <[EMAIL PROTECTED]> wrote:
> Thanks for the reply.
>
> As far as I can see you're only hosting the nsswitch file, but don't you
> also need to host/manage the ldap.conf file and a one or two files in
> /etc/pam.d?
>
> The "remotefile" resource type is new to me - is it available in puppet
> v.0.24.4?
>
>
> On 11/19/08, Ryan Dooley <[EMAIL PROTECTED]> wrote:
>>
>> Kenneth Holter wrote:
>> > Hi.
>> >
>> >
>> > I need to configure our puppet nodes as LDAP clients, and were wondering
>> > if puppet has any build in support for this.
>>
>> Easy enough (if I understand correctly).  We do this here with a
>> 'ldap_client' module that looks something like this:
>>
>> class ldap_client {
>>   package {
>>     nss_ldap:
>>       schedule => daily,
>>       ensure   => latest;
>>     openldap:
>>       schedule => daily,
>>       ensure   => latest;
>>     openldap-clients:
>>       schedule => daily,
>>       ensure   => latest;
>>   }
>>
>>   remotefile {
>>     "/etc/nsswitch.conf":
>>       source => "ldap_client/etc/nsswitch.conf",
>>       mode   => "644";
>>     "/etc/ssl/cacerts/gd-class2-root.crt":
>>       source  => "ldap_client/etc/ssl/cacerts/gd-class2-root.crt",
>>       mode => "644";
>>     "/etc/ssl/cacerts/gd_cross_intermediate.crt":
>>       source => "ldap_client/etc/ssl/cacerts/gd_cross_intermediate.crt",
>>       mode => "644";
>>     "/etc/ssl/cacerts/gd_intermediate.crt":
>>       source => "ldap_client/etc/ssl/cacerts/gd_intermediate.crt",
>>       mode => "644";
>>     "/etc/ssl/cacerts/sf_issuing.crt":
>>       source => "ldap_client/etc/ssl/cacerts/sf_issuing.crt",
>>       mode => "644";
>>     "/etc/ssl/cacerts/valicert_class2_root.crt":
>>       source => "ldap_client/etc/ssl/cacerts/valicert_class2_root.crt",
>>       mode => "644";
>>   }
>>
>>   file {
>>     "/etc/ssl/cacerts":
>>       ensure => directory,
>>       mode   => 755,
>>       owner  => root,
>>       group  => root,
>>       before => Remotefile["/etc/ssl/cacerts/gd-class2-root.crt"];
>>    "/etc/ssl/cacerts/219d9499":
>>       source => "/etc/ssl/cacerts/gd-class2-root.crt",
>>       require => Remotefile["/etc/ssl/cacerts/gd-class2-root.crt"];
>>    "/etc/ssl/cacerts/97552d04":
>>       source => "/etc/ssl/cacerts/gd_intermediate.crt",
>>       require => Remotefile["/etc/ssl/cacerts/gd_intermediate.crt"];
>>    "/etc/ssl/cacerts/b737b221":
>>       source => "/etc/ssl/cacerts/sf_issuing.crt",
>>       require => Remotefile["/etc/ssl/cacerts/sf_issuing.crt"];
>>    "/etc/ssl/cacerts/bcdd5959":
>>       source => "/etc/ssl/cacerts/valicert_class2_root.crt",
>>       require => Remotefile["/etc/ssl/cacerts/valicert_class2_root.crt"];
>>
>>   }
>> }
>>
>> Cheers,
>> Ryan
>>
>>
>> >>
>

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to