valentinbud/OpenLDAP Pillar

## OpenLDAP Pillar
openldap-server:
{% if grains['os'] == 'Debian' %}
  package:
    name: slapd
    version: 2.4.23-7.3
  service: slapd
{% endif %}

  cn:
    config:
      olcLogLevel: 0

      module:
        back_hdb:
          dn: "cn=module{0}"
          objectClass: olcModuleList
          cn: "module{0}"
          olcModulePath: "/usr/lib/ldap"
          olcModuleLoad: "{0}back_hdb"
          structuralObjectClass: olcModuleList

      schema:
        dn: "cn=schema"
        objectClass: olcSchemaConfig
        cn: schema
        structuralObjectClass: olcSchemaConfig

      olcBackend:
        hdb:
          dn: olcBackend="{0}hdb"
          objectClass: olcBackendConfig
          olcBackend: "{0}hdb"
          structuralObjectClass: olcBackendConfig

      olcDatabase:
        config:
          dn: olcDatabase="{0}config"
          objectClass: olcDatabaseConfig
          olcDatabase: "{0}config"
          olcRootDN: "cn=admin,cn=config"
          olcRootPW: "{SSHA}xxxxxx"
          structuralObjectClass: olcDatabaseConfig
          olcAccess:
            - "{0}to * dn.exact=cn=admin,cn=config manage by * break"

        frontend:
          dn: "olcDatabase={-1}frontend"
          objectClass: olcDatabaseConfig
          objectClass: olcFrontendConfig
          olcDatabase: "{-1}frontend"
          olcAccess:
            - "{0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break"
            - "{1}to dn.exact="" by * read"
            - "{2}to dn.base="cn=Subschema" by * read"
          olcSizeLimit: 500
          structuralObjectClass: olcDatabaseConfig

        hdb:
          dn: "olcDatabase={1}hdb"
          objectClass: olcDatabaseConfig
          objectClass: olcHdbConfig
          olcDatabase: "{1}hdb"
          olcDbDirectory: "/var/lib/ldap"
          olcSuffix: "dc=example,dc=net"
          olcLastMod: TRUE
          olcRootDN: "cn=admin,dc=example,dc=net"
          olcRootPW: "{SSHA}xxx"
          olcDbCheckpoint: "512 30"
          olcDbConfig:
            - "{0}set_cachesize 0 2097152 0"
            - "{1}set_lk_max_objects 1500"
            - "{2}set_lk_max_locks 1500"
            - "{3}set_lk_max_lockers 1500"
          structuralObjectClass: olcHdbConfig
          olcDbIndex:
            - objectClass,uid,memberUid,uniqueMember eq
          olcAccess:
            - "{0}to attrs=userPassword,shadowLastChange by self write by anonymous auth by dn="cn=admin,dc=example,dc=net" write by * none"
            - "{1}to dn.base="" by * read"
            - "{2}to * by self write by dn="cn=admin,dc=example,dc=net" write by * read"
	openldap-server:
	{% if grains['os'] == 'Debian' %}
	package:
	name: slapd
	version: 2.4.23-7.3
	service: slapd
	{% endif %}

	cn:
	config:
	olcLogLevel: 0

	module:
	back_hdb:
	dn: "cn=module{0}"
	objectClass: olcModuleList
	cn: "module{0}"
	olcModulePath: "/usr/lib/ldap"
	olcModuleLoad: "{0}back_hdb"
	structuralObjectClass: olcModuleList

	schema:
	dn: "cn=schema"
	objectClass: olcSchemaConfig
	cn: schema
	structuralObjectClass: olcSchemaConfig

	olcBackend:
	hdb:
	dn: olcBackend="{0}hdb"
	objectClass: olcBackendConfig
	olcBackend: "{0}hdb"
	structuralObjectClass: olcBackendConfig

	olcDatabase:
	config:
	dn: olcDatabase="{0}config"
	objectClass: olcDatabaseConfig
	olcDatabase: "{0}config"
	olcRootDN: "cn=admin,cn=config"
	olcRootPW: "{SSHA}xxxxxx"
	structuralObjectClass: olcDatabaseConfig
	olcAccess:
	- "{0}to * dn.exact=cn=admin,cn=config manage by * break"

	frontend:
	dn: "olcDatabase={-1}frontend"
	objectClass: olcDatabaseConfig
	objectClass: olcFrontendConfig
	olcDatabase: "{-1}frontend"
	olcAccess:
	- "{0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break"
	- "{1}to dn.exact="" by * read"
	- "{2}to dn.base="cn=Subschema" by * read"
	olcSizeLimit: 500
	structuralObjectClass: olcDatabaseConfig

	hdb:
	dn: "olcDatabase={1}hdb"
	objectClass: olcDatabaseConfig
	objectClass: olcHdbConfig
	olcDatabase: "{1}hdb"
	olcDbDirectory: "/var/lib/ldap"
	olcSuffix: "dc=example,dc=net"
	olcLastMod: TRUE
	olcRootDN: "cn=admin,dc=example,dc=net"
	olcRootPW: "{SSHA}xxx"
	olcDbCheckpoint: "512 30"
	olcDbConfig:
	- "{0}set_cachesize 0 2097152 0"
	- "{1}set_lk_max_objects 1500"
	- "{2}set_lk_max_locks 1500"
	- "{3}set_lk_max_lockers 1500"
	structuralObjectClass: olcHdbConfig
	olcDbIndex:
	- objectClass,uid,memberUid,uniqueMember eq
	olcAccess:
	- "{0}to attrs=userPassword,shadowLastChange by self write by anonymous auth by dn="cn=admin,dc=example,dc=net" write by * none"
	- "{1}to dn.base="" by * read"
	- "{2}to * by self write by dn="cn=admin,dc=example,dc=net" write by * read"