Sorry for the late reply. Yes, you need to manage /etc/ldap.conf and probably /etc/ssl (or /etc/cacerts) depending on your setup. I do that a little differently at the moment (outside of puppet, though I really should be using puppet).
remotefile is a class that I snarfed from http://www.reductivelabs.com/trac/puppet/wiki/PuppetScalability Cheers, Ryan On Thu, Nov 20, 2008 at 2:37 AM, Kenneth Holter <[EMAIL PROTECTED]> wrote: > Thanks for the reply. > > As far as I can see you're only hosting the nsswitch file, but don't you > also need to host/manage the ldap.conf file and a one or two files in > /etc/pam.d? > > The "remotefile" resource type is new to me - is it available in puppet > v.0.24.4? > > > On 11/19/08, Ryan Dooley <[EMAIL PROTECTED]> wrote: >> >> Kenneth Holter wrote: >> > Hi. >> > >> > >> > I need to configure our puppet nodes as LDAP clients, and were wondering >> > if puppet has any build in support for this. >> >> Easy enough (if I understand correctly). We do this here with a >> 'ldap_client' module that looks something like this: >> >> class ldap_client { >> package { >> nss_ldap: >> schedule => daily, >> ensure => latest; >> openldap: >> schedule => daily, >> ensure => latest; >> openldap-clients: >> schedule => daily, >> ensure => latest; >> } >> >> remotefile { >> "/etc/nsswitch.conf": >> source => "ldap_client/etc/nsswitch.conf", >> mode => "644"; >> "/etc/ssl/cacerts/gd-class2-root.crt": >> source => "ldap_client/etc/ssl/cacerts/gd-class2-root.crt", >> mode => "644"; >> "/etc/ssl/cacerts/gd_cross_intermediate.crt": >> source => "ldap_client/etc/ssl/cacerts/gd_cross_intermediate.crt", >> mode => "644"; >> "/etc/ssl/cacerts/gd_intermediate.crt": >> source => "ldap_client/etc/ssl/cacerts/gd_intermediate.crt", >> mode => "644"; >> "/etc/ssl/cacerts/sf_issuing.crt": >> source => "ldap_client/etc/ssl/cacerts/sf_issuing.crt", >> mode => "644"; >> "/etc/ssl/cacerts/valicert_class2_root.crt": >> source => "ldap_client/etc/ssl/cacerts/valicert_class2_root.crt", >> mode => "644"; >> } >> >> file { >> "/etc/ssl/cacerts": >> ensure => directory, >> mode => 755, >> owner => root, >> group => root, >> before => Remotefile["/etc/ssl/cacerts/gd-class2-root.crt"]; >> "/etc/ssl/cacerts/219d9499": >> source => "/etc/ssl/cacerts/gd-class2-root.crt", >> require => Remotefile["/etc/ssl/cacerts/gd-class2-root.crt"]; >> "/etc/ssl/cacerts/97552d04": >> source => "/etc/ssl/cacerts/gd_intermediate.crt", >> require => Remotefile["/etc/ssl/cacerts/gd_intermediate.crt"]; >> "/etc/ssl/cacerts/b737b221": >> source => "/etc/ssl/cacerts/sf_issuing.crt", >> require => Remotefile["/etc/ssl/cacerts/sf_issuing.crt"]; >> "/etc/ssl/cacerts/bcdd5959": >> source => "/etc/ssl/cacerts/valicert_class2_root.crt", >> require => Remotefile["/etc/ssl/cacerts/valicert_class2_root.crt"]; >> >> } >> } >> >> Cheers, >> Ryan >> >> >> >> > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
