Another good link for what you are asking for:
http://reductivelabs.com/trac/puppet/wiki/Recipes/LDAPClientNSSwitch

On Sat, Nov 22, 2008 at 8:06 PM, Ryan Dooley <[EMAIL PROTECTED]> wrote:
> Sorry for the late reply.  Yes, you need to manage /etc/ldap.conf and
> probably /etc/ssl (or /etc/cacerts) depending on your setup.  I do
> that a little differently at the moment (outside of puppet, though I
> really should be using puppet).
>
> remotefile is a class that I snarfed from
> http://www.reductivelabs.com/trac/puppet/wiki/PuppetScalability
>
> Cheers,
> Ryan
>
> On Thu, Nov 20, 2008 at 2:37 AM, Kenneth Holter <[EMAIL PROTECTED]> wrote:
>> Thanks for the reply.
>>
>> As far as I can see you're only hosting the nsswitch file, but don't you
>> also need to host/manage the ldap.conf file and a one or two files in
>> /etc/pam.d?
>>
>> The "remotefile" resource type is new to me - is it available in puppet
>> v.0.24.4?
>>
>>
>> On 11/19/08, Ryan Dooley <[EMAIL PROTECTED]> wrote:
>>>
>>> Kenneth Holter wrote:
>>> > Hi.
>>> >
>>> >
>>> > I need to configure our puppet nodes as LDAP clients, and were wondering
>>> > if puppet has any build in support for this.
>>>
>>> Easy enough (if I understand correctly).  We do this here with a
>>> 'ldap_client' module that looks something like this:
>>>
>>> class ldap_client {
>>>   package {
>>>     nss_ldap:
>>>       schedule => daily,
>>>       ensure   => latest;
>>>     openldap:
>>>       schedule => daily,
>>>       ensure   => latest;
>>>     openldap-clients:
>>>       schedule => daily,
>>>       ensure   => latest;
>>>   }
>>>
>>>   remotefile {
>>>     "/etc/nsswitch.conf":
>>>       source => "ldap_client/etc/nsswitch.conf",
>>>       mode   => "644";
>>>     "/etc/ssl/cacerts/gd-class2-root.crt":
>>>       source  => "ldap_client/etc/ssl/cacerts/gd-class2-root.crt",
>>>       mode => "644";
>>>     "/etc/ssl/cacerts/gd_cross_intermediate.crt":
>>>       source => "ldap_client/etc/ssl/cacerts/gd_cross_intermediate.crt",
>>>       mode => "644";
>>>     "/etc/ssl/cacerts/gd_intermediate.crt":
>>>       source => "ldap_client/etc/ssl/cacerts/gd_intermediate.crt",
>>>       mode => "644";
>>>     "/etc/ssl/cacerts/sf_issuing.crt":
>>>       source => "ldap_client/etc/ssl/cacerts/sf_issuing.crt",
>>>       mode => "644";
>>>     "/etc/ssl/cacerts/valicert_class2_root.crt":
>>>       source => "ldap_client/etc/ssl/cacerts/valicert_class2_root.crt",
>>>       mode => "644";
>>>   }
>>>
>>>   file {
>>>     "/etc/ssl/cacerts":
>>>       ensure => directory,
>>>       mode   => 755,
>>>       owner  => root,
>>>       group  => root,
>>>       before => Remotefile["/etc/ssl/cacerts/gd-class2-root.crt"];
>>>    "/etc/ssl/cacerts/219d9499":
>>>       source => "/etc/ssl/cacerts/gd-class2-root.crt",
>>>       require => Remotefile["/etc/ssl/cacerts/gd-class2-root.crt"];
>>>    "/etc/ssl/cacerts/97552d04":
>>>       source => "/etc/ssl/cacerts/gd_intermediate.crt",
>>>       require => Remotefile["/etc/ssl/cacerts/gd_intermediate.crt"];
>>>    "/etc/ssl/cacerts/b737b221":
>>>       source => "/etc/ssl/cacerts/sf_issuing.crt",
>>>       require => Remotefile["/etc/ssl/cacerts/sf_issuing.crt"];
>>>    "/etc/ssl/cacerts/bcdd5959":
>>>       source => "/etc/ssl/cacerts/valicert_class2_root.crt",
>>>       require => Remotefile["/etc/ssl/cacerts/valicert_class2_root.crt"];
>>>
>>>   }
>>> }
>>>
>>> Cheers,
>>> Ryan
>>>
>>>
>>> >>>
>>
>

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to