-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sukh,
To do this, I would recommend a cron job that populates a file on the Puppet server readable by the puppet user. I would then have a server function that uses the user name or uid to collect the appropriate value from the file. The main issue that I can see is that you're going to have to find some way to convert the LDAP password from whatever format it's in to SHA or MD5, depending on how you have your system set up. If you have that worked out, you're golden. See http://reductivelabs.com/trac/puppet/wiki/WritingYourOwnFunctions for information about writing functions. Personally, I would put your function in a module instead of the server's lib directory. You would then use something like: @user { "username": comment => "User Name", uid => "65555", password => get_ldap_password('user'), home => "/home/username", ensure => "present", gid => "65555", groups => ["groupname"], shell => "/bin/sh", managehome => true, require => [Group["groupname"]], membership => minimum; } Trevor On 01/09/2010 02:14 PM, Sukh Khehra wrote: > We're using local passwd/shadow files on all our linux hosts for > authentication and manage them by defining virtual resources like the > following and realizing them in the appropriate classes based on > authorization requirements. > > @user { > "username": > comment => "User Name", > uid => "65555", > password => '$9$5/PrhlML$AttWraRXLd0ASwCq.uIss1', > home => "/home/username", > ensure => "present", > gid => "65555", > groups => ["groupname"], > shell => "/bin/sh", > managehome => true, > require => [Group["groupname"]], > membership => minimum; > } > > Currently there is no way for me to directly tie puppet to ldap in our > environment (for various non technical reasons) but I would like to keep > the passwords synched with ldap. So I was thinking of writing a script > to query ldap and create perhaps a csv file containing username,password > hash, & shell values. > > My questions is can I have my puppet manifests, like the snippet above, > grab the values for password and shell from an external file? ... a file > that I create from ldap every night? I found > "http://nephilim.ml.org/~rip/puppet/extlookup.rb"; but also wanted to ask > the community here if that's the best way to go. Any ideas will be > appreciated. > > > > Regards, > Sukh > - -- Trevor Vaughan Vice President, Onyx Point, Inc. email: tvaug...@onyxpoint.com phone: 410-541-ONYX (6699) - -- This account not approved for unencrypted sensitive information -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAktI3RoACgkQyWMIJmxwHpQytACcCzZIjnsSdrXR9QEMnqFPFci8 tPcAn3731t7wOOhFCh22PagueL5DupHj =s2mb -----END PGP SIGNATURE-----
-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
