Last active
August 29, 2015 14:07
-
-
Save fatmcgav/05c5f011c10f88d17f05 to your computer and use it in GitHub Desktop.
LDAP installation manifest
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$dn = 'dc=test,dc=com' | |
$rootpw = 'password' | |
# Install openldap server | |
class { 'ldap::server': | |
suffix => $dn, | |
log_level => '64', | |
rootdn => "cn=admin,${dn}", | |
rootpw => $rootpw | |
} | |
ldap_entry { $dn: | |
ensure => present, | |
attributes => { | |
'dc' => 'test.com', | |
'objectClass' => ['top','domain'] | |
}, | |
host => $remotepost::rps_ldap_host, | |
ssl => false, | |
port => 389, | |
base => $dn, | |
username => "cn=admin,${dn}", | |
password => $rootpw, | |
require => Class['ldap::server'] | |
} | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oct 20 10:38:22 localhost slapd[3303]: @(#) $OpenLDAP: slapd 2.4.39 (Jun 9 2014 23:23:12) $ | |
mockbuild@worker1.bsys.centos.org:/builddir/build/BUILD/openldap-2.4.39/openldap-2.4.39/servers/slapd | |
Oct 20 10:38:22 localhost slapd[3305]: slapd starting | |
Oct 20 10:38:42 localhost slapd[3305]: conn=1000 fd=11 ACCEPT from IP=[::1]:43231 (IP=[::]:389) | |
Oct 20 10:38:42 localhost slapd[3305]: conn=1000 op=0 BIND dn="cn=admin,dc=dt0388,dc=local" method=128 | |
Oct 20 10:38:42 localhost slapd[3305]: conn=1000 op=0 RESULT tag=97 err=49 text= | |
Oct 20 10:38:42 localhost slapd[3305]: conn=1000 fd=11 closed (connection lost) | |
Oct 20 10:38:42 localhost slapd[3305]: conn=1001 fd=11 ACCEPT from IP=[::1]:43232 (IP=[::]:389) | |
Oct 20 10:38:42 localhost slapd[3305]: conn=1001 op=0 BIND dn="cn=admin,dc=dt0388,dc=local" method=128 | |
Oct 20 10:38:42 localhost slapd[3305]: conn=1001 op=0 RESULT tag=97 err=49 text= | |
Oct 20 10:38:42 localhost slapd[3305]: conn=1001 fd=11 closed (connection lost) | |
Oct 20 10:38:42 localhost slapd[3305]: conn=1002 fd=11 ACCEPT from IP=[::1]:43233 (IP=[::]:389) | |
Oct 20 10:38:42 localhost slapd[3305]: conn=1002 op=0 BIND dn="cn=admin,dc=dt0388,dc=local" method=128 | |
Oct 20 10:38:42 localhost slapd[3305]: conn=1002 op=0 RESULT tag=97 err=49 text= | |
Oct 20 10:38:42 localhost slapd[3305]: conn=1002 fd=11 closed (connection lost) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Info: Applying configuration version '1413798126' | |
Debug: Prefetching gem resources for package | |
Debug: Executing '/bin/gem list --local' | |
Debug: Prefetching yum resources for package | |
Debug: Executing '/bin/rpm --version' | |
Debug: Executing '/bin/rpm -qa --nosignature --nodigest --qf '%{NAME} %|EPOCH?{%{EPOCH}}:{0}| %{VERSION} %{RELEASE} %{ARCH}\n'' | |
Debug: Executing '/bin/rpm -q openldap-servers --nosignature --nodigest --qf %{NAME} %|EPOCH?{%{EPOCH}}:{0}| %{VERSION} %{RELEASE} %{ARCH}\n' | |
Debug: Executing '/bin/rpm -q openldap-servers --nosignature --nodigest --qf %{NAME} %|EPOCH?{%{EPOCH}}:{0}| %{VERSION} %{RELEASE} %{ARCH}\n --whatprovides' | |
Debug: Package[ldap-server](provider=yum): Ensuring => present | |
Debug: Executing '/bin/yum -d 0 -e 0 -y install openldap-servers' | |
Debug: Executing '/bin/rpm -q openldap-servers --nosignature --nodigest --qf %{NAME} %|EPOCH?{%{EPOCH}}:{0}| %{VERSION} %{RELEASE} %{ARCH}\n' | |
Notice: /Stage[main]/Ldap::Server::Install/Package[ldap-server]/ensure: created | |
Debug: /Stage[main]/Ldap::Server::Install/Package[ldap-server]: The container Class[Ldap::Server::Install] will propagate my refresh event | |
Debug: Class[Ldap::Server::Install]: The container Stage[main] will propagate my refresh event | |
Notice: /Stage[main]/Ldap::Server::Config/File[/etc/openldap/slapd.conf]/ensure: defined content as '{md5}a6910a5dc2ce4907e158f9a4b7cf75db' | |
Debug: /Stage[main]/Ldap::Server::Config/File[/etc/openldap/slapd.conf]: The container Class[Ldap::Server::Config] will propagate my refresh event | |
Notice: /Stage[main]/Ldap::Server::Config/File[/var/lib/ldap/DB_CONFIG]/ensure: defined content as '{md5}beda95188df9a96e44525d502d6ec4df' | |
Debug: /Stage[main]/Ldap::Server::Config/File[/var/lib/ldap/DB_CONFIG]: The container Class[Ldap::Server::Config] will propagate my refresh event | |
Debug: Class[Ldap::Server::Config]: The container Stage[main] will propagate my refresh event | |
Info: Class[Ldap::Server::Config]: Scheduling refresh of Class[Ldap::Server::Service] | |
Info: Class[Ldap::Server::Service]: Scheduling refresh of Service[ldap-server] | |
Debug: Executing '/bin/systemctl is-active slapd' | |
Debug: Executing '/bin/systemctl is-enabled slapd' | |
Debug: Executing '/bin/systemctl start slapd' | |
Debug: Executing '/bin/systemctl is-enabled slapd' | |
Debug: Executing '/bin/systemctl enable slapd' | |
Notice: /Stage[main]/Ldap::Server::Service/Service[ldap-server]/ensure: ensure changed 'stopped' to 'running' | |
Debug: /Stage[main]/Ldap::Server::Service/Service[ldap-server]: The container Class[Ldap::Server::Service] will propagate my refresh event | |
Info: /Stage[main]/Ldap::Server::Service/Service[ldap-server]: Unscheduling refresh on Service[ldap-server] | |
Debug: Class[Ldap::Server::Service]: The container Stage[main] will propagate my refresh event | |
Debug: Connecting to LDAP server ldaps://localhost:389 | |
Debug: LDAP Search: {:base=>"dc=dt0388,dc=local", :attributes=>["dc", "objectClass"]} | |
Error: /Stage[main]/Main/Ldap_entry[dc=dt0388,dc=local]: Could not evaluate: LDAP Error 49: Invalid Credentials. Check server log for more info. | |
Debug: Finishing transaction 23211600 | |
Debug: Storing state | |
Debug: Stored state in 0.01 seconds | |
Notice: Finished catalog run in 30.47 seconds | |
Debug: Using settings: adding file resource 'rrddir': 'File[/var/lib/puppet/rrd]{:path=>"/var/lib/puppet/rrd", :mode=>"750", :owner=>"puppet", :group=>"puppet", :ensure=>:directory, :loglevel=>:debug, :links=>:follow, :backup=>false}' | |
Debug: Finishing transaction 30028580 | |
Debug: Received report to process from localhost.dt0388.local | |
Debug: Processing report from localhost.dt0388.local with processor Puppet::Reports::Store |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
5444dcdf /etc/openldap/slapd.d: line 1: warning: cannot assess the validity of the ACL scope within backend naming context | |
5444dcdf ldif_read_file: read entry file: "/etc/openldap/slapd.d/cn=config/olcDatabase={2}hdb.ldif" | |
5444dcdf => str2entry: "# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. | |
# CRC32 683ad11a | |
dn: olcDatabase={2}hdb | |
objectClass: olcDatabaseConfig | |
objectClass: olcHdbConfig | |
olcDatabase: {2}hdb | |
olcDbDirectory: /var/lib/ldap | |
olcSuffix: dc=my-domain,dc=com | |
olcRootDN: cn=Manager,dc=my-domain,dc=com | |
olcDbIndex: objectClass eq,pres | |
olcDbIndex: ou,cn,mail,surname,givenname eq,pres,sub | |
structuralObjectClass: olcHdbConfig | |
entryUUID: 2c0006f6-ec89-1033-8ae1-1130d44f6efe | |
creatorsName: cn=config | |
createTimestamp: 20141020094238Z | |
entryCSN: 20141020094238.011736Z#000000#000#000000 | |
modifiersName: cn=config | |
modifyTimestamp: 20141020094238Z | |
" | |
5444dcdf >>> dnPrettyNormal: <olcDatabase={2}hdb> | |
=> ldap_bv2dn(olcDatabase={2}hdb,0) | |
<= ldap_bv2dn(olcDatabase={2}hdb)=0 | |
=> ldap_dn2bv(272) | |
<= ldap_dn2bv(olcDatabase={2}hdb)=0 | |
=> ldap_dn2bv(272) | |
<= ldap_dn2bv(olcDatabase={2}hdb)=0 | |
5444dcdf <<< dnPrettyNormal: <olcDatabase={2}hdb>, <olcDatabase={2}hdb> | |
5444dcdf >>> dnNormalize: <dc=my-domain,dc=com> | |
=> ldap_bv2dn(dc=my-domain,dc=com,0) | |
<= ldap_bv2dn(dc=my-domain,dc=com)=0 | |
=> ldap_dn2bv(272) | |
<= ldap_dn2bv(dc=my-domain,dc=com)=0 | |
5444dcdf <<< dnNormalize: <dc=my-domain,dc=com> | |
5444dcdf >>> dnNormalize: <cn=Manager,dc=my-domain,dc=com> | |
=> ldap_bv2dn(cn=Manager,dc=my-domain,dc=com,0) | |
<= ldap_bv2dn(cn=Manager,dc=my-domain,dc=com)=0 | |
=> ldap_dn2bv(272) | |
<= ldap_dn2bv(cn=manager,dc=my-domain,dc=com)=0 | |
5444dcdf <<< dnNormalize: <cn=manager,dc=my-domain,dc=com> | |
5444dcdf >>> dnNormalize: <cn=config> | |
=> ldap_bv2dn(cn=config,0) | |
<= ldap_bv2dn(cn=config)=0 | |
=> ldap_dn2bv(272) | |
<= ldap_dn2bv(cn=config)=0 | |
5444dcdf <<< dnNormalize: <cn=config> | |
5444dcdf >>> dnNormalize: <cn=config> | |
=> ldap_bv2dn(cn=config,0) | |
<= ldap_bv2dn(cn=config)=0 | |
=> ldap_dn2bv(272) | |
<= ldap_dn2bv(cn=config)=0 | |
5444dcdf <<< dnNormalize: <cn=config> | |
5444dcdf <= str2entry(olcDatabase={2}hdb) -> 0x7fa481b6bde8 | |
5444dcdf => test_filter | |
5444dcdf PRESENT | |
5444dcdf => access_allowed: search access to "olcDatabase={2}hdb,cn=config" "objectClass" requested | |
5444dcdf <= root access granted | |
5444dcdf => access_allowed: search access granted by manage(=mwrscxd) | |
5444dcdf <= test_filter 6 | |
5444dcdf >>> dnPrettyNormal: <dc=my-domain,dc=com> | |
=> ldap_bv2dn(dc=my-domain,dc=com,0) | |
<= ldap_bv2dn(dc=my-domain,dc=com)=0 | |
=> ldap_dn2bv(272) | |
<= ldap_dn2bv(dc=my-domain,dc=com)=0 | |
=> ldap_dn2bv(272) | |
<= ldap_dn2bv(dc=my-domain,dc=com)=0 | |
5444dcdf <<< dnPrettyNormal: <dc=my-domain,dc=com>, <dc=my-domain,dc=com> | |
5444dcdf >>> dnPrettyNormal: <cn=Manager,dc=my-domain,dc=com> | |
=> ldap_bv2dn(cn=Manager,dc=my-domain,dc=com,0) | |
<= ldap_bv2dn(cn=Manager,dc=my-domain,dc=com)=0 | |
=> ldap_dn2bv(272) | |
<= ldap_dn2bv(cn=Manager,dc=my-domain,dc=com)=0 | |
=> ldap_dn2bv(272) | |
<= ldap_dn2bv(cn=manager,dc=my-domain,dc=com)=0 | |
5444dcdf <<< dnPrettyNormal: <cn=Manager,dc=my-domain,dc=com>, <cn=manager,dc=my-domain,dc=com> | |
5444dcdf hdb_db_init: Initializing HDB database | |
5444dcdf >>> dnPrettyNormal: <dc=my-domain,dc=com> | |
=> ldap_bv2dn(dc=my-domain,dc=com,0) | |
<= ldap_bv2dn(dc=my-domain,dc=com)=0 | |
=> ldap_dn2bv(272) | |
<= ldap_dn2bv(dc=my-domain,dc=com)=0 | |
=> ldap_dn2bv(272) | |
<= ldap_dn2bv(dc=my-domain,dc=com)=0 | |
5444dcdf <<< dnPrettyNormal: <dc=my-domain,dc=com>, <dc=my-domain,dc=com> | |
5444dcdf >>> dnPrettyNormal: <cn=Manager,dc=my-domain,dc=com> | |
=> ldap_bv2dn(cn=Manager,dc=my-domain,dc=com,0) | |
<= ldap_bv2dn(cn=Manager,dc=my-domain,dc=com)=0 | |
=> ldap_dn2bv(272) | |
<= ldap_dn2bv(cn=Manager,dc=my-domain,dc=com)=0 | |
=> ldap_dn2bv(272) | |
<= ldap_dn2bv(cn=manager,dc=my-domain,dc=com)=0 | |
5444dcdf <<< dnPrettyNormal: <cn=Manager,dc=my-domain,dc=com>, <cn=manager,dc=my-domain,dc=com> | |
5444dcdf index objectClass 0x0006 | |
5444dcdf index ou 0x0716 | |
5444dcdf index cn 0x0716 | |
5444dcdf index mail 0x0716 | |
5444dcdf index sn 0x0716 | |
5444dcdf index givenName 0x0716 | |
5444dcdf send_ldap_result: conn=-1 op=0 p=0 | |
5444dcdf send_ldap_result: err=0 matched="" text="" | |
5444dcdf >>> dnNormalize: <cn=Subschema> | |
=> ldap_bv2dn(cn=Subschema,0) | |
<= ldap_bv2dn(cn=Subschema)=0 | |
=> ldap_dn2bv(272) | |
<= ldap_dn2bv(cn=subschema)=0 | |
5444dcdf <<< dnNormalize: <cn=subschema> | |
... | |
5444dcdf backend_startup_one: starting "dc=my-domain,dc=com" | |
5444dcdf hdb_db_open: "dc=my-domain,dc=com" | |
5444dcdf hdb_db_open: database "dc=my-domain,dc=com": dbenv_open(/var/lib/ldap). | |
5444dcdf slapd starting | |
... | |
5444dcf8 daemon: activity on 1 descriptor | |
5444dcf8 daemon: activity on:5444dcf8 | |
5444dcf8 slap_listener_activate(7): | |
5444dcf8 daemon: epoll: listen=7 busy | |
5444dcf8 daemon: epoll: listen=8 active_threads=0 tvp=NULL | |
5444dcf8 >>> slap_listener(ldap:///) | |
5444dcf8 daemon: listen=7, new connection on 15 | |
5444dcf8 daemon: added 15r (active) listener=(nil) | |
5444dcf8 conn=1000 fd=15 ACCEPT from IP=192.168.250.250:33542 (IP=0.0.0.0:389) | |
5444dcf8 daemon: activity on 2 descriptors | |
5444dcf8 daemon: activity on:5444dcf8 15r5444dcf8 | |
5444dcf8 daemon: read active on 15 | |
5444dcf8 daemon: epoll: listen=7 active_threads=0 tvp=NULL | |
5444dcf8 daemon: epoll: listen=8 active_threads=0 tvp=NULL | |
5444dcf8 connection_get(15) | |
5444dcf8 connection_get(15): got connid=1000 | |
5444dcf8 connection_read(15): checking for input on id=1000 | |
ber_get_next | |
ldap_read: want=8, got=8 | |
0000: 30 2f 02 01 01 60 2a 02 0/...`*. | |
ldap_read: want=41, got=41 | |
0000: 01 03 04 1b 63 6e 3d 61 64 6d 69 6e 2c 64 63 3d ....cn=admin,dc= | |
0010: 64 74 30 33 38 38 2c 64 63 3d 6c 6f 63 61 6c 80 dt0388,dc=local. | |
0020: 08 70 61 73 73 77 6f 72 64 .password | |
ber_get_next: tag 0x30 len 47 contents: | |
ber_dump: buf=0x7fa458000a90 ptr=0x7fa458000a90 end=0x7fa458000abf len=47 | |
0000: 02 01 01 60 2a 02 01 03 04 1b 63 6e 3d 61 64 6d ...`*.....cn=adm | |
0010: 69 6e 2c 64 63 3d 64 74 30 33 38 38 2c 64 63 3d in,dc=dt0388,dc= | |
0020: 6c 6f 63 61 6c 80 08 70 61 73 73 77 6f 72 64 local..password | |
5444dcf8 op tag 0x60, time 1413799160 | |
ber_get_next | |
ldap_read: want=8 error=Resource temporarily unavailable | |
5444dcf8 conn=1000 op=0 do_bind | |
ber_scanf fmt ({imt) ber: | |
ber_dump: buf=0x7fa458000a90 ptr=0x7fa458000a93 end=0x7fa458000abf len=44 | |
0000: 60 2a 02 01 03 04 1b 63 6e 3d 61 64 6d 69 6e 2c `*.....cn=admin, | |
0010: 64 63 3d 64 74 30 33 38 38 2c 64 63 3d 6c 6f 63 dc=dt0388,dc=loc | |
0020: 61 6c 80 08 70 61 73 73 77 6f 72 64 al..password | |
ber_scanf fmt (m}) ber: | |
ber_dump: buf=0x7fa458000a90 ptr=0x7fa458000ab5 end=0x7fa458000abf len=10 | |
0000: 00 08 70 61 73 73 77 6f 72 64 ..password | |
5444dcf8 >>> dnPrettyNormal: <cn=admin,dc=dt0388,dc=local> | |
=> ldap_bv2dn(cn=admin,dc=dt0388,dc=local,0) | |
<= ldap_bv2dn(cn=admin,dc=dt0388,dc=local)=0 | |
=> ldap_dn2bv(272) | |
<= ldap_dn2bv(cn=admin,dc=dt0388,dc=local)=0 | |
=> ldap_dn2bv(272) | |
<= ldap_dn2bv(cn=admin,dc=dt0388,dc=local)=0 | |
5444dcf8 <<< dnPrettyNormal: <cn=admin,dc=dt0388,dc=local>, <cn=admin,dc=dt0388,dc=local> | |
5444dcf8 conn=1000 op=0 BIND dn="cn=admin,dc=dt0388,dc=local" method=128 | |
5444dcf8 do_bind: version=3 dn="cn=admin,dc=dt0388,dc=local" method=128 | |
5444dcf8 send_ldap_result: conn=1000 op=0 p=3 | |
5444dcf8 send_ldap_result: err=49 matched="" text="" | |
5444dcf8 send_ldap_response: msgid=1 tag=97 err=49 | |
ber_flush2: 14 bytes to sd 15 | |
0000: 30 0c 02 01 01 61 07 0a 01 31 04 00 04 00 0....a...1.... | |
ldap_write: want=14, written=14 | |
0000: 30 0c 02 01 01 61 07 0a 01 31 04 00 04 00 0....a...1.... | |
5444dcf8 conn=1000 op=0 RESULT tag=97 err=49 text= | |
5444dcf8 daemon: activity on 1 descriptor | |
5444dcf8 daemon: activity on:5444dcf8 | |
5444dcf8 daemon: epoll: listen=7 active_threads=0 tvp=NULL | |
5444dcf8 daemon: epoll: listen=8 active_threads=0 tvp=NULL | |
5444dcf8 daemon: activity on 1 descriptor | |
5444dcf8 daemon: activity on:5444dcf8 15r5444dcf8 | |
5444dcf8 daemon: read active on 15 | |
5444dcf8 daemon: epoll: listen=7 active_threads=0 tvp=NULL | |
5444dcf8 daemon: epoll: listen=8 active_threads=0 tvp=NULL | |
5444dcf8 connection_get(15) | |
5444dcf8 connection_get(15): got connid=1000 | |
5444dcf8 connection_read(15): checking for input on id=1000 | |
ber_get_next | |
ldap_read: want=8, got=0 | |
5444dcf8 ber_get_next on fd 15 failed errno=0 (Success) | |
5444dcf8 connection_read(15): input error=-2 id=1000, closing. | |
5444dcf8 connection_closing: readying conn=1000 sd=15 for close | |
5444dcf8 connection_close: conn=1000 sd=15 | |
5444dcf8 daemon: activity on 1 descriptor | |
5444dcf8 daemon: activity on:5444dcf8 daemon: removing 15 | |
5444dcf8 | |
5444dcf8 conn=1000 fd=15 closed (connection lost) | |
5444dcf8 daemon: epoll: listen=7 active_threads=0 tvp=NULL | |
5444dcf8 daemon: epoll: listen=8 active_threads=0 tvp=NULL |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Server Configuration | |
pidfile /var/run/openldap/slapd.pid | |
argsfile /var/run/openldap/slapd.args | |
loglevel none | |
# Allow LDAPv2 | |
allow bind_v2 | |
# Schemas | |
include /etc/openldap/schema/core.schema | |
include /etc/openldap/schema/cosine.schema | |
include /etc/openldap/schema/nis.schema | |
include /etc/openldap/schema/inetorgperson.schema | |
# Modules | |
moduleload back_bdb | |
# Database definition | |
database bdb | |
directory /var/lib/ldap | |
suffix "dc=dt0388,dc=local" | |
rootdn "cn=admin,dc=dt0388,dc=local" | |
rootpw "password" | |
# Overlays | |
# Indexes | |
index objectclass eq | |
index entryCSN eq | |
index entryUUID eq | |
index uidNumber eq | |
index gidNumber eq | |
index cn pres,sub,eq | |
index sn pres,sub,eq | |
index uid pres,sub,eq | |
index displayName pres,sub,eq | |
# Database parameters | |
cachesize 10000 | |
checkpoint 128 15 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment