masson
Version:
Module execution engine for cluster deployments.
81 lines (71 loc) • 2.32 kB
Markdown
# OpenLDAP ACL
export default header: 'OpenLDAP Server HA', handler: ({options}) ->
db = switch options.backend
when 'mdb' then 'olcDatabase={3}mdb'
when 'hdb' then 'olcDatabase={2}hdb'
return unless Object.keys(options.server_ids).length > 1
header: 'Module Install'
unless_exec: """
ldapsearch -Y EXTERNAL -H ldapi:/// -b "cn=config" | \
grep -E "^olcModulePath: /usr/lib64/openldap"
"""
cmd: """
ldapadd -Y EXTERNAL -H ldapi:/// <<-EOF
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulePath: /usr/lib64/openldap
olcModuleLoad: syncprov.la
EOF
"""
header: 'Module Activation'
unless_exec: """
ldapsearch -Y EXTERNAL -H ldapi:/// -b "cn=config" | \
grep -E "^olcOverlay:.*syncprov"
"""
cmd: """
ldapadd -Y EXTERNAL -H ldapi:/// <<-EOF
dn: olcOverlay=syncprov,#{db},cn=config
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
olcSpSessionLog: 100
EOF
"""
# TODO: create replication user instead of root_dn
serverId = "#{options.server_ids[options.fqdn]}"
header: 'Registration'
unless_exec: """
ldapsearch -Y EXTERNAL -H ldapi:/// -b "cn=config" \
| grep -E "^olcSyncrepl:.*rid="
"""
cmd: """
ldapmodify -Y EXTERNAL -H ldapi:/// <<-EOF
dn: cn=config
changetype: modify
replace: olcServerID
olcServerID: #{serverId}
dn: #{db},cn=config
changetype: modify
add: olcSyncRepl
olcSyncRepl: rid=#{pad 3, serverId, '0'}
provider=#{options.remote_provider}
bindmethod=simple
binddn="#{options.root_dn}"
credentials=#{options.root_password}
searchbase="#{options.suffix}"
scope=sub
schemachecking=on
type=refreshAndPersist
retry="30 5 300 3"
interval=00:00:05:00
-
add: olcMirrorMode
olcMirrorMode: TRUE
EOF
"""
## Dependencies
pad = require 'pad'