Managing users with ldap provider
17 views
Skip to first unread message
Angel L. Mateo
Jun 17, 2015, 7:43:59 AM6/17/15
to puppet...@googlegroups.com
Hello,
I would like one of my puppet agent creating some users in a ldap
directory instead of traditional /etc/passwd.
According to documentation for the user type, there is a ldap provider,
which requires ldapbase, ldapuser and ldappasswd options in puppet.conf.
So I have configured these options in my puppet.conf:
[main]
logdir = /var/log/puppet
rundir = /var/run/puppet
ssldir = $vardir/ssl
...
ldapbase = <base of my users in ldap>
ldappassword = <password to use>
ldapserver = <fqdn of my ldap server>
ldapuser = <user to connect to ldap>
after this, I have created a simple manifiest to create an test user:
# ldap_user.pp
user { 'amateo_adm2':
ensure => 'present',
uid => 4002,
gid => 'telematadm',
comment => 'Angel L. Mateo',
shell => '/bin/bash',
password => <password>,
provider => 'ldap',
}
Then I try to create the user with "sudo puppet apply ldap_user.pp"
When I run this, I get the error:
amateo_adm@canis30:~$ sudo puppet apply ldap_user.pp
Notice: Compiled catalog for canis30.um.es in environment production in
0.15 seconds
Error: Could not set 'present' on ensure: No such object at
9:/home/amateo_adm/ldap_user.pp
Error: Could not set 'present' on ensure: No such object at
9:/home/amateo_adm/ldap_user.pp
Wrapped exception:
No such object
Error: /Stage[main]/Main/User[amateo_adm2]/ensure: change from absent to
present failed: Could not set 'present' on ensure: No such object at
9:/home/amateo_adm/ldap_user.pp
Notice: Finished catalog run in 0.73 seconds
In the ldap server I could searches for that user (and it groups) like:
Jun 17 13:28:02 canis30 slapd[10776]: conn=1012 op=0 BIND dn="<user
configured in puppet.conf>" method=128
Jun 17 13:28:02 canis30 slapd[10776]: conn=1012 op=0 BIND dn="<user
configured in puppet.conf>" mech=SIMPLE ssf=0
Jun 17 13:28:02 canis30 slapd[10776]: conn=1012 op=0 RESULT tag=97 err=0
text=
Jun 17 13:28:02 canis30 slapd[10776]: conn=1012 op=1 SRCH
base="uid=amateo_adm2,<base for users>" scope=0 deref=0
filter="(objectClass=*)"
Jun 17 13:28:02 canis30 slapd[10776]: conn=1012 op=1 SEARCH RESULT
tag=101 err=32 nentries=0 text=
Jun 17 13:28:02 canis30 slapd[10776]: conn=1012 op=2 UNBIND
but I can't see any addition/modification for the user.
Am I missing something? What I am doing wrong?
--
Angel L. Mateo Martínez
Sección de Telemática
Área de Tecnologías de la Información
y las Comunicaciones Aplicadas (ATICA)
http://www.um.es/atica
Tfo: 868887590
Fax: 868888337
I would like one of my puppet agent creating some users in a ldap
directory instead of traditional /etc/passwd.
According to documentation for the user type, there is a ldap provider,
which requires ldapbase, ldapuser and ldappasswd options in puppet.conf.
So I have configured these options in my puppet.conf:
[main]
logdir = /var/log/puppet
rundir = /var/run/puppet
ssldir = $vardir/ssl
...
ldapbase = <base of my users in ldap>
ldappassword = <password to use>
ldapserver = <fqdn of my ldap server>
ldapuser = <user to connect to ldap>
after this, I have created a simple manifiest to create an test user:
# ldap_user.pp
user { 'amateo_adm2':
ensure => 'present',
uid => 4002,
gid => 'telematadm',
comment => 'Angel L. Mateo',
shell => '/bin/bash',
password => <password>,
provider => 'ldap',
}
Then I try to create the user with "sudo puppet apply ldap_user.pp"
When I run this, I get the error:
amateo_adm@canis30:~$ sudo puppet apply ldap_user.pp
Notice: Compiled catalog for canis30.um.es in environment production in
0.15 seconds
Error: Could not set 'present' on ensure: No such object at
9:/home/amateo_adm/ldap_user.pp
Error: Could not set 'present' on ensure: No such object at
9:/home/amateo_adm/ldap_user.pp
Wrapped exception:
No such object
Error: /Stage[main]/Main/User[amateo_adm2]/ensure: change from absent to
present failed: Could not set 'present' on ensure: No such object at
9:/home/amateo_adm/ldap_user.pp
Notice: Finished catalog run in 0.73 seconds
In the ldap server I could searches for that user (and it groups) like:
Jun 17 13:28:02 canis30 slapd[10776]: conn=1012 op=0 BIND dn="<user
configured in puppet.conf>" method=128
Jun 17 13:28:02 canis30 slapd[10776]: conn=1012 op=0 BIND dn="<user
configured in puppet.conf>" mech=SIMPLE ssf=0
Jun 17 13:28:02 canis30 slapd[10776]: conn=1012 op=0 RESULT tag=97 err=0
text=
Jun 17 13:28:02 canis30 slapd[10776]: conn=1012 op=1 SRCH
base="uid=amateo_adm2,<base for users>" scope=0 deref=0
filter="(objectClass=*)"
Jun 17 13:28:02 canis30 slapd[10776]: conn=1012 op=1 SEARCH RESULT
tag=101 err=32 nentries=0 text=
Jun 17 13:28:02 canis30 slapd[10776]: conn=1012 op=2 UNBIND
but I can't see any addition/modification for the user.
Am I missing something? What I am doing wrong?
--
Angel L. Mateo Martínez
Sección de Telemática
Área de Tecnologías de la Información
y las Comunicaciones Aplicadas (ATICA)
http://www.um.es/atica
Tfo: 868887590
Fax: 868888337
Reply all
Reply to author
Forward
0 new messages