Another good link for what you are asking for: http://reductivelabs.com/trac/puppet/wiki/Recipes/LDAPClientNSSwitch
On Sat, Nov 22, 2008 at 8:06 PM, Ryan Dooley <[EMAIL PROTECTED]> wrote: > Sorry for the late reply. Yes, you need to manage /etc/ldap.conf and > probably /etc/ssl (or /etc/cacerts) depending on your setup. I do > that a little differently at the moment (outside of puppet, though I > really should be using puppet). > > remotefile is a class that I snarfed from > http://www.reductivelabs.com/trac/puppet/wiki/PuppetScalability > > Cheers, > Ryan > > On Thu, Nov 20, 2008 at 2:37 AM, Kenneth Holter <[EMAIL PROTECTED]> wrote: >> Thanks for the reply. >> >> As far as I can see you're only hosting the nsswitch file, but don't you >> also need to host/manage the ldap.conf file and a one or two files in >> /etc/pam.d? >> >> The "remotefile" resource type is new to me - is it available in puppet >> v.0.24.4? >> >> >> On 11/19/08, Ryan Dooley <[EMAIL PROTECTED]> wrote: >>> >>> Kenneth Holter wrote: >>> > Hi. >>> > >>> > >>> > I need to configure our puppet nodes as LDAP clients, and were wondering >>> > if puppet has any build in support for this. >>> >>> Easy enough (if I understand correctly). We do this here with a >>> 'ldap_client' module that looks something like this: >>> >>> class ldap_client { >>> package { >>> nss_ldap: >>> schedule => daily, >>> ensure => latest; >>> openldap: >>> schedule => daily, >>> ensure => latest; >>> openldap-clients: >>> schedule => daily, >>> ensure => latest; >>> } >>> >>> remotefile { >>> "/etc/nsswitch.conf": >>> source => "ldap_client/etc/nsswitch.conf", >>> mode => "644"; >>> "/etc/ssl/cacerts/gd-class2-root.crt": >>> source => "ldap_client/etc/ssl/cacerts/gd-class2-root.crt", >>> mode => "644"; >>> "/etc/ssl/cacerts/gd_cross_intermediate.crt": >>> source => "ldap_client/etc/ssl/cacerts/gd_cross_intermediate.crt", >>> mode => "644"; >>> "/etc/ssl/cacerts/gd_intermediate.crt": >>> source => "ldap_client/etc/ssl/cacerts/gd_intermediate.crt", >>> mode => "644"; >>> "/etc/ssl/cacerts/sf_issuing.crt": >>> source => "ldap_client/etc/ssl/cacerts/sf_issuing.crt", >>> mode => "644"; >>> "/etc/ssl/cacerts/valicert_class2_root.crt": >>> source => "ldap_client/etc/ssl/cacerts/valicert_class2_root.crt", >>> mode => "644"; >>> } >>> >>> file { >>> "/etc/ssl/cacerts": >>> ensure => directory, >>> mode => 755, >>> owner => root, >>> group => root, >>> before => Remotefile["/etc/ssl/cacerts/gd-class2-root.crt"]; >>> "/etc/ssl/cacerts/219d9499": >>> source => "/etc/ssl/cacerts/gd-class2-root.crt", >>> require => Remotefile["/etc/ssl/cacerts/gd-class2-root.crt"]; >>> "/etc/ssl/cacerts/97552d04": >>> source => "/etc/ssl/cacerts/gd_intermediate.crt", >>> require => Remotefile["/etc/ssl/cacerts/gd_intermediate.crt"]; >>> "/etc/ssl/cacerts/b737b221": >>> source => "/etc/ssl/cacerts/sf_issuing.crt", >>> require => Remotefile["/etc/ssl/cacerts/sf_issuing.crt"]; >>> "/etc/ssl/cacerts/bcdd5959": >>> source => "/etc/ssl/cacerts/valicert_class2_root.crt", >>> require => Remotefile["/etc/ssl/cacerts/valicert_class2_root.crt"]; >>> >>> } >>> } >>> >>> Cheers, >>> Ryan >>> >>> >>> >>> >> > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
