forked from sous-chefs/openldap
-
Notifications
You must be signed in to change notification settings - Fork 0
/
metadata.rb
139 lines (114 loc) · 5.75 KB
/
metadata.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
name 'openldap'
maintainer 'Chef Software, Inc.'
maintainer_email 'cookbooks@chef.io'
license 'Apache 2.0'
description 'Configures a server to be an OpenLDAP master, replication slave or client for auth'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version '2.2.6'
recipe 'openldap', 'Empty, use one of the other recipes'
recipe 'openldap::auth', 'Set up openldap for user authentication'
recipe 'openldap::client', 'Install openldap client packages'
recipe 'openldap::server', 'Set up openldap to be a slapd server'
recipe 'openldap::slave', 'Uses search to set replication slave attributes'
recipe 'openldap::master', 'Use on nodes that should be a slapd master'
%w(ubuntu debian freebsd redhat centos amazon scientific oracle).each do |os|
supports os
end
depends 'openssl'
depends 'freebsd'
source_url 'https://github.com/chef-cookbooks/openldap' if respond_to?(:source_url)
issues_url 'https://github.com/chef-cookbooks/openldap/issues' if respond_to?(:issues_url)
attribute 'openldap/server_uri',
display_name: 'OpenLDAP Server URI',
description: 'The URI of the LDAP server.',
required: 'optional'
attribute 'openldap/basedn',
display_name: 'OpenLDAP Base DN',
description: 'The Base DN.',
required: 'optional',
default: 'dc=localdomain'
attribute 'openldap/cn',
display_name: 'OpenLDAP CN',
description: 'The CN.',
required: 'optional',
default: 'admin'
attribute 'openldap/server',
display_name: 'OpenLDAP Server',
description: "The LDAP server fully qualified domain name, default `'ldap'.node['domain']'.",
required: 'optional',
default: 'ldap.localdomain'
attribute 'openldap/port',
display_name: 'OpenLDAP Server Port',
description: 'The LDAP server port.',
required: 'optional',
default: '389'
attribute 'openldap/tls_checkpeer',
display_name: 'OpenLDAP TLS Check Peer',
description: "Specifies whether the client should verify the server's TLS certificate. Highly recommended to set tls_checkpeer to true for production uses in order to avoid man-in-the-middle attacks. Defaults to false for testing and backwards compatibility.",
required: 'optional'
attribute 'openldap/pam_password',
display_name: 'OpenLDAP PAM Password',
description: 'Specifies the password change protocol to use. Defaults to md5.',
default: 'md5',
required: 'optional'
attribute 'openldap/tls_enabled',
display_name: 'OpenLDAP TLS Enabled',
description: 'Specifies whether TLS will be used at all. Setting this to fals will result in your credentials being sent in clear-text.',
required: 'optional',
default: 'true'
attribute 'openldap/schemes',
display_name: 'OpenLDAP Schemes',
description: 'Array of ldap schema file names to load.',
required: 'optional',
type: 'array'
attribute 'openldap/modules',
display_name: 'OpenLDAP Modules',
description: 'Array of slapd modules names to load.',
required: 'optional',
type: 'array'
attribute 'openldap/database',
display_name: 'OpenLDAP Database',
description: 'Preferred database backend, defaults to HDB or MDB (for FreeBSD).',
required: 'optional',
default: 'HDB'
attribute 'openldap/manage_ssl',
display_name: 'OpenLDAP Manage SSL',
description: "Whether or not this cookbook manages your SSL certificates. If set to true, this cookbook will expect your SSL certificates to be in files/default/ssl and will configure slapd appropriately. If set to false, you will need to provide your SSL certificates prior to this recipe being run. Be sure to set openldap['ssl_cert'] and openldap['ssl_key'] appropriately.",
required: 'optional',
default: 'false'
attribute 'openldap/ssl_cert',
display_name: 'OpenLDAP SSL Certificate',
description: 'The full path to your SSL certificate.',
required: 'optional'
attribute 'openldap/ssl_key',
display_name: 'OpenLDAP SSL Key',
description: 'The full path to your SSL key.',
required: 'optional'
attribute 'openldap/ssl_cert_source_cookbook',
display_name: 'OpenLDAP SSL Certificate Source Cookbook',
description: 'The cookbook to find the ssl cert. Defaults to this cookbook.',
required: 'optional'
attribute 'openldap/ssl_cert_source_path',
display_name: 'OpenLDAP SSL Certificate Source Path',
description: 'The path in the cookbook to find the ssl cert file.',
required: 'optional'
attribute 'openldap/ssl_key_source_cookbook',
display_name: 'OpenLDAP SSL Key Source Cookbook',
description: 'The cookbook to find the ssl key. Defaults to this cookbook.',
required: 'optional'
attribute 'openldap/ssl_key_source_path',
display_name: 'OpenLDAP SSL Key Source Path',
description: 'The path in the cookbook to find the ssl key file.',
required: 'optional'
attribute 'openldap/cafile',
display_name: 'OpenLDAP CA File',
description: "Your certificate authority's certificate (or intermediate authorities), if needed.",
required: 'optional'
attribute 'openldap/rootpw',
display_name: 'OpenLDAP Root DN Password',
description: 'The root DN password',
required: 'required'
attribute 'openldap/nss_base',
display_name: 'nss_base config',
description: 'nss_base configuration for pam_ldap',
required: 'optional'