hiera-ldap copied to clipboard
LDAP backend for hiera
hiera-ldap backend
This module allows hiera to look up entries in LDAP. It will return an array of every matching entry, with that entry represented as a hash of attribute => value. For multivalued attributes, they exist as multiattribute => [attrib1, attrib2, attrib3].
This module can be placed in your puppet module path and will be pluginsync'd to the master.
Ldap example:
dn: uid=nibz,ou=People,dc=catnip
loginShell: /usr/bin/zsh
objectClass: top
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: podPerson
uid: nibz
uidNumber: 1861
gidNumber: 300
homeDirectory: /u/nibz
gecos: Spencer O Krum
cn: Spencer O Krum
sn: Krum
givenName: Spencer
mail: [email protected]
Configuration examples
No encryption
:base: ou=People,dc=cat,dc=pdx,dc=edu
:host: ldap.cat.pdx.edu
:port: 636
:method: :simple
:username: uid=network,ou=Netgroup,dc=cat,dc=pdx,dc=edu
:password: PASSWORD
More advanced, pointing to encryption keys
:base: ou=People,dc=cat,dc=pdx,dc=edu
:host: ldap.cat.pdx.edu
:port: 636
:method: :simple_tls
:ca_file: /etc/puppetlabs/puppet/hieradata/ldapcerts/cool_key.pem
:method: :simple
:username: uid=network,ou=Netgroup,dc=cat,dc=pdx,dc=edu
:password: PASSWORD
Puppet example
# get info from ldap and put into a hash
$rooter_info = hiera("uid=${username}")
if $rooter_info == undef {
fail ("Hiera/LDAP look up on ${username} failed. Aborting.")
# use the hashdata to fill out user paramaters
# as of now, the ldap/hiera backend downcases ldap attributes
user { $username:
ensure => present,
gid => 'root',
uid => $rooter_info['uidnumber'],
home => $rooter_info['homedirectory'],
managehome => true,
shell => $rooter_info['loginshell'],
comment => $rooter_info['gecos'],
- It wraps the pramaters to Net::LDAP.new so anything you can do there you can do here
The key being looked up is actually processsed just like rfc4515 so you can use advanced ldap searches:
- Hunter Haugen http://github.com/hunner
- Spencer Krum http://github.com/nibalizer
- Sage Imel http://github.com/nightfly
- Fabio Rauber http://github.com/fabiorauber