-
Notifications
You must be signed in to change notification settings - Fork 289
/
Copy pathldap.pp
63 lines (60 loc) · 1.73 KB
/
ldap.pp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
# Read more at Sensu's documentation site.
#
# https://docs.sensu.io/sensu-go/latest/installation/auth/#ldap-authentication
#
# The documentation for the puppet types are available at the following links.
#
# http://sensu.github.io/sensu-puppet/puppet_types/sensu_ldap_auth.html
# http://sensu.github.io/sensu-puppet/puppet_types/sensu_role_binding.html
#
# Access the backend in a web browser such as
# https:://sensu-backend.example.com:3000 and you should be able to login with
# LDAP credentials. If you can login, but see a 404 that means that
# sensu_ldap_auth is likely working but the access for your user is not granted
# and you should modify the sensu_role_binding.
#
class { 'sensu::backend':
# This will turn on debugging which will make it possible to see the LDAP
# related Sensu logs.
config_hash => {
'debug' => true,
'log-level' => 'debug',
},
}
$ldap_server = 'ldap.example.com'
$ldap_bind_password = 'password'
sensu_ldap_auth { 'openldap':
ensure => 'present',
servers => [
{
'host' => $ldap_server,
'port' => 389,
'security' => 'starttls',
'binding' => {
'user_dn' => 'cn=sensu,ou=Services,dc=ops,dc=example,dc=com',
'password' => $ldap_bind_password,
},
'group_search' => {
'base_dn' => 'dc=ops,dc=example,dc=com',
'object_class' => 'posixGroup',
'attribute' => 'memberUid',
},
'user_search' => {
'base_dn' => 'dc=ops,dc=example,dc=com',
},
},
],
}
sensu_role_binding { 'ldap-ops':
ensure => 'present',
role_ref => {
'type' => 'ClusterRole',
'name' => 'cluster-admin',
},
subjects => [
{
'type' => 'Group',
'name' => 'ops',
},
],
}