Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Compatibility with cn=config #13

Open
daks opened this issue Dec 13, 2017 · 5 comments
Open

Compatibility with cn=config #13

daks opened this issue Dec 13, 2017 · 5 comments

Comments

@daks
Copy link
Member

daks commented Dec 13, 2017

Hello,

Since OpenLDAP 2.3/2.4 there is a new method to configure openldap named cn=config https://www.openldap.org/doc/admin24/slapdconf2.html, and the old one based on slapd.conf seems to not be used anymore (at least on Debian with 2.4).

The code seems to manage the old-style configuration but I'm not sure about the new one: is the formula able to manage it?
@daks
Copy link
Member Author

daks commented Jan 3, 2018

it seems that https://github.com/abehling/openldap-formula has done this job, but I didn't have time to test it yet.

@sticky-note
Copy link
Member

@daks, How do you provision openldap actually ?

@daks
Copy link
Member Author

daks commented Feb 27, 2020

@sticky-note I did it manually

@daks daks mentioned this issue Feb 27, 2020
Merged
@daks daks mentioned this issue Nov 26, 2020
Merged
19 tasks
@ITJamie
Copy link

ITJamie commented Sep 8, 2021

+1 on needing the option to do new-style config

@sticky-note
Copy link
Member

@ITJamie It is actually possible to manage to convert from old-style config to new slapd.d style with slaptest.
The following states are working on production right now; every changement to openldap:config is correctly spread accross slapd.d new-style config on each state.apply
We didn´t have time to propose a PR yet, maybe you can adapt these bits and raise one.
It will be a pleasure to review you and we will really appreciate the initiative

{%- from 'openldap/map.jinja' import openldap %}

{%- set slapd_d = "/usr/local/etc/openldap/slapd.d/" %}

slapd_d_dir:
  file.directory:
    - name: {{ slapd_d }}
    - mode: '0755'
    - user: {{ openldap.user }}
    - group: {{ openldap.group }}
    - require:
      - pkg: {{ openldap.server_pkg }}

{# openldap-formula uses old style configuration, this cmd convert it to the new cn=config style #}
{# TODO: Contribute to openldap-formula #}
cn_config_generate:
  module.run:
    - file.find:
      - path: {{ slapd_d }}
      - iname: "*"
      - delete: "f"
    - onchanges:
      - file: {{ openldap.server_config }}
{%- for include_file in openldap.includes.keys() %}
      - file: {{ openldap.slapd_include_dir ~ '/' ~ include_file }}
{%- endfor %}
  cmd.run:
    - name: |  # -u switch doens't convert flat file to OLC
        /usr/local/sbin/slaptest -f {{ openldap.server_config }} -F {{ slapd_d }}
        echo "real retcode: $?" && exit 0
      {# It fails here, because no mdb yet, we assume it worked #}
    - runas: {{ openldap.user }}
    - require:
      - file: slapd_d_dir
    - onchanges:
      - module: cn_config_generate
    - watch_in:
      - service: {{ openldap.service }}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@daks @ITJamie @sticky-note