[Puppet Users] puppet and LDAP users

Sun, 01 Mar 2009 04:00:04 -0800 

I am trying to get puppet to manage my LDAP users but I don't appear
to be having much success. What I have in puppet.conf is this

[puppetmasterd]
        ldapserver=ldap.myorg.company.com
        ldapbase=dc=myorg,dc=org
        ldapuser=cn=admin,dc=myorg,dc=org
        ldappassword=mysecret
        ldapparentattr=dc=myorg,dc=org

I added the ldapparentattr in desperation and doubt if it's actually
required. Now I have a class which says

        user { "myuser":
                uid => 500,
                groups => myuser,
                gid => 500,
                ensure => present,
                comment => "some info",
                managehome => 'true',
                home => "/home/myuser",
                shell => "/bin/bash",
                require => [ Group["myuser"] ]
                }

and the message I get is this

[r...@here]# puppetd --test --noop --tags users
info: Loading fact drbd
info: Retrieving facts
info: Loading fact drbd
info: Caching catalog at /var/lib/puppet/localconfig.yaml
notice: Starting catalog run
err: Got an uncaught exception of type LDAP::ResultError: Invalid DN
syntax
notice: Finished catalog run in 4.01 seconds

I have tcpdump on port 389 running in another window and what I see is
that puppet seems to be trying to send commands to the LDAP server but
is missing the ldapbase info from everything - so it's sending things
like

uid=myuser,ou=People,

and missing dc=myorg,dc=org from it.

Does this look like I am missing anything critical or has anyone done
this before? I don't want to put my puppet nodes into LDAP but I do
have my linux authentication already running out of LDAP and ideally
am trying to get puppet to manage them for me.

Incidentally, in /usr/lib/ruby/site_ruby/1.8/puppet/provider/group/
ldap.rb ou=Groups appears to be hard coded but this is not where my
groups are defined in LDAP and the only way I could see to fix this
was to edit the file and hack it that way.

Running on Centos 5.2 with puppet-0.24.7-4.el5

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to