LDAP passwd Enumerator for Puppet
Add users and groups from Active Directory to your Red Hat 6.x compatible systems
Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License
On Red Hat 6.x compatible systems:
(1) command: yum install pam_ldap
(2) command: authconfig --enableldapauth --ldapserver="ldap://ad.example.com" --ldapbasedn="dc=example,dc=com" --updateall
(3) in /etc/pam_ldap.conf, add the following lines towards the end
binddn cn=foo,ou=bar,dc=example,dc=com bindpw fubar pam_login_attribute sAMAccountName
In the lpep module:
(1) edit manifests/lpep.ini to configure ldap settings
(2) ensure bin/lpep.py is executable
(3) ensure manifests/lpep.pp , bin/lpep.db and bin/profiling.log are writable
(1) include the class lpep in your manifests to have the module query your ldap source and populate its database and manifest files; having done this, you can manually inspect bin/lpep.db using a tool like the sqlite manager extension for firefox, and manifests/lpep.pp for a manifest of users and groups
class {lpep: }
(2) include the class lpep::exec in your manifests to deploy the users and groups generated earlier onto targeted nodes
class {lpep::exec: }
(1) objects are tracked only by their username (or sAMAccountName) and not by SID, therefore if a username were to change, that would generate a new numeric uid
(2) objects are not removed from the target system's local user database, but if the ldap authentication were to fail, the user won't be able to login anyway
(3) limited to upto 1000 objects from active directory
(1) objects are stored in a local sqlite database, and the numeric uids and gids retained
(2) coded originally for domino ldap, therefore the routines may not be ideal for active directory
CentOS Linux Integration with Active Directory