Forge Home

lpep

LDAP passwd Enumerator for Puppet

11,291 downloads

10,516 latest version

1.9 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 0.0.8 (latest)
  • 0.0.5
  • 0.0.3
  • 0.0.2
released Nov 18th 2012

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'new23d-lpep', '0.0.8'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add new23d-lpep
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install new23d-lpep --version 0.0.8

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

new23d/lpep — version 0.0.8 Nov 18th 2012

lpep

LDAP passwd Enumerator for Puppet

Purpose

Add users and groups from Active Directory to your Red Hat 6.x compatible systems

License

Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License

Setup

On Red Hat 6.x compatible systems:

(1) command: yum install pam_ldap (2) command: authconfig --enableldapauth --ldapserver="ldap://ad.example.com" --ldapbasedn="dc=example,dc=com" --updateall (3) in /etc/pam_ldap.conf, add the following lines towards the end

binddn cn=foo,ou=bar,dc=example,dc=com
bindpw fubar
pam_login_attribute sAMAccountName

In the lpep module:

(1) edit manifests/lpep.ini to configure ldap settings (2) ensure bin/lpep.py is executable (3) ensure manifests/lpep.pp , bin/lpep.db and bin/profiling.log are writable

Usage

(1) include the class lpep in your manifests to have the module query your ldap source and populate its database and manifest files; having done this, you can manually inspect bin/lpep.db using a tool like the sqlite manager extension for firefox, and manifests/lpep.pp for a manifest of users and groups

class {lpep: }

(2) include the class lpep::exec in your manifests to deploy the users and groups generated earlier onto targeted nodes

class {lpep::exec: }

Known Issues

(1) objects are tracked only by their username (or sAMAccountName) and not by SID, therefore if a username were to change, that would generate a new numeric uid (2) objects are not removed from the target system's local user database, but if the ldap authentication were to fail, the user won't be able to login anyway (3) limited to upto 1000 objects from active directory

Notes

(1) objects are stored in a local sqlite database, and the numeric uids and gids retained (2) coded originally for domino ldap, therefore the routines may not be ideal for active directory

Meta

CentOS Linux Integration with Active Directory