Merge pull request #443 from gcoxmoz/lastbind-2.6

Add LastBind and LastBindPrecision to database options

REFERENCE.md

@@ -892,6 +892,8 @@ The following parameters are available in the `openldap::server::database` defin
 * [`dbmaxsize`](#-openldap--server--database--dbmaxsize)
 * [`timelimit`](#-openldap--server--database--timelimit)
 * [`updateref`](#-openldap--server--database--updateref)
+* [`lastbind`](#-openldap--server--database--lastbind)
+* [`lastbindprecision`](#-openldap--server--database--lastbindprecision)
 * [`limits`](#-openldap--server--database--limits)
 * [`dboptions`](#-openldap--server--database--dboptions)
 * [`synctype`](#-openldap--server--database--synctype)
@@ -1003,6 +1005,22 @@ Data type: `Optional[String[1]]`
 
 
 
+Default value: `undef`
+
+##### <a name="-openldap--server--database--lastbind"></a>`lastbind`
+
+Data type: `Optional[Boolean]`
+
+
+
+Default value: `undef`
+
+##### <a name="-openldap--server--database--lastbindprecision"></a>`lastbindprecision`
+
+Data type: `Optional[Integer[0]]`
+
+
+
 Default value: `undef`
 
 ##### <a name="-openldap--server--database--limits"></a>`limits`
@@ -1368,6 +1386,16 @@ Default value: `present`
 
 The index of the database.
 
+##### `lastbind`
+
+Valid values: `true`, `false`
+
+This option controls whether slapd will automatically maintain the pwdLastSuccess attribute for entries
+
+##### `lastbindprecision`
+
+specifies how frequently pwdLastSuccess will be updated
+
 ##### `limits`
 
 Limits the number entries returned and/or the time spent by a request

lib/puppet/provider/openldap.rb

@@ -158,6 +158,8 @@ def add_or_replace_key(key, force_replace = :false)
       IndexSubstrAnyLen
       IndexSubstrAnyStep
       IndexIntLen
+      LastBind
+      LastBindPrecision
       LastMod
       ListenerThreads
       LocalSSF

lib/puppet/provider/openldap_database/olc.rb

@@ -28,6 +28,8 @@ def self.instances
       dbmaxsize = nil
       timelimit = nil
       updateref = nil
+      lastbind = nil
+      lastbindprecision = nil
       dboptions = {}
       mirrormode = nil
       multiprovider = nil
@@ -59,6 +61,10 @@ def self.instances
           timelimit = line.split[1]
         when %r{^olcUpdateref: }i
           updateref = line.split[1]
+        when %r{^olcLastBind: }
+          lastbind = line.split[1] == 'TRUE' ? :true : :false
+        when %r{^olcLastBindPrecision: }
+          lastbindprecision = line.split[1]
         when %r{^olcDb\S+: }i
           optname, optvalue = line.split(': ', 2)
           optname.downcase!
@@ -120,6 +126,8 @@ def self.instances
         timelimit: timelimit,
         dbmaxsize: dbmaxsize,
         updateref: updateref,
+        lastbind: lastbind,
+        lastbindprecision: lastbindprecision,
         dboptions: dboptions,
         mirrormode: mirrormode,
         multiprovider: multiprovider,
@@ -243,6 +251,8 @@ def create
     t << "olcDbMaxSize: #{resource[:dbmaxsize]}\n" if resource[:dbmaxsize]
     t << "olcTimeLimit: #{resource[:timelimit]}\n" if resource[:timelimit]
     t << "olcUpdateref: #{resource[:updateref]}\n" if resource[:updateref]
+    t << "olcLastBind: #{resource[:lastbind] == :true ? 'TRUE' : 'FALSE'}\n" if resource[:lastbind]
+    t << "olcLastBindPrecision: #{resource[:lastbindprecision]}\n" if resource[:lastbindprecision]
     resource[:dboptions]&.each do |k, v|
       t << case k
            when 'dbnosync'
@@ -338,6 +348,14 @@ def updateref=(value)
     @property_flush[:updateref] = value
   end
 
+  def lastbind=(value)
+    @property_flush[:lastbind] = value
+  end
+
+  def lastbindprecision=(value)
+    @property_flush[:lastbindprecision] = value
+  end
+
   def dboptions=(value)
     @property_flush[:dboptions] = value
   end
@@ -416,6 +434,8 @@ def flush
       end
       t << "replace: olcSyncrepl\n#{resource[:syncrepl].map { |x| "olcSyncrepl: #{x}" }.join("\n")}\n-\n" if @property_flush[:syncrepl]
       t << "replace: olcUpdateref\nolcUpdateref: #{resource[:updateref]}\n-\n" if @property_flush[:updateref]
+      t << "replace: olcLastBind\nolcLastBind: #{resource[:lastbind] == :true ? 'TRUE' : 'FALSE'}\n-\n" if @property_flush[:lastbind]
+      t << "replace: olcLastBindPrecision\nolcLastBindPrecision: #{resource[:lastbindprecision]}\n" if @property_flush[:lastbindprecision]
       t << "replace: olcMirrorMode\nolcMirrorMode: #{resource[:mirrormode] == :true ? 'TRUE' : 'FALSE'}\n-\n" if @property_flush[:mirrormode]
       t << "replace: olcMultiProvider\nolcMultiProvider: #{resource[:multiprovider] == :true ? 'TRUE' : 'FALSE'}\n-\n" if @property_flush[:multiprovider]
       t << "replace: olcSyncUseSubentry\nolcSyncUseSubentry: #{resource[:syncusesubentry]}\n-\n" if @property_flush[:syncusesubentry]

lib/puppet/type/openldap_database.rb

@@ -185,6 +185,15 @@ def should_to_s(_newvalue)
     desc 'This directive is only applicable in a slave slapd. It specifies the URL to return to clients which submit update requests upon the replica.'
   end
 
+  newproperty(:lastbind, boolean: true) do
+    desc 'This option controls whether slapd will automatically maintain the pwdLastSuccess attribute for entries'
+    newvalues(:true, :false)
+  end
+
+  newproperty(:lastbindprecision) do
+    desc 'specifies how frequently pwdLastSuccess will be updated'
+  end
+
   newproperty(:dboptions) do
     desc 'Hash to pass specific HDB/BDB options for the database'
 

manifests/server/database.pp

@@ -1,27 +1,29 @@
 # See README.md for details.
 define openldap::server::database (
-  Enum['present', 'absent']                           $ensure          = present,
-  Optional[Stdlib::Absolutepath]                      $directory       = undef,
-  String[1]                                           $suffix          = $title,
-  Optional[String[1]]                                 $relay           = undef,
-  Optional[String[1]]                                 $backend         = undef,
-  Optional[String[1]]                                 $rootdn          = undef,
-  Optional[Variant[Sensitive[String[1]],String[1]]]   $rootpw          = undef,
-  Optional[Boolean]                                   $initdb          = undef,
-  Boolean                                             $readonly        = false,
-  Optional[String[1]]                                 $sizelimit       = undef,
-  Optional[String[1]]                                 $dbmaxsize       = undef,
-  Optional[String[1]]                                 $timelimit       = undef,
-  Optional[String[1]]                                 $updateref       = undef,
-  Openldap::Limits                                    $limits          = {},
+  Enum['present', 'absent']                           $ensure            = present,
+  Optional[Stdlib::Absolutepath]                      $directory         = undef,
+  String[1]                                           $suffix            = $title,
+  Optional[String[1]]                                 $relay             = undef,
+  Optional[String[1]]                                 $backend           = undef,
+  Optional[String[1]]                                 $rootdn            = undef,
+  Optional[Variant[Sensitive[String[1]],String[1]]]   $rootpw            = undef,
+  Optional[Boolean]                                   $initdb            = undef,
+  Boolean                                             $readonly          = false,
+  Optional[String[1]]                                 $sizelimit         = undef,
+  Optional[String[1]]                                 $dbmaxsize         = undef,
+  Optional[String[1]]                                 $timelimit         = undef,
+  Optional[String[1]]                                 $updateref         = undef,
+  Optional[Boolean]                                   $lastbind          = undef,
+  Optional[Integer[0]]                                $lastbindprecision = undef,
+  Openldap::Limits                                    $limits            = {},
   # BDB/HDB options
-  Hash[String[1],Variant[String[1],Array[String[1]]]] $dboptions       = {},
-  Optional[String[1]]                                 $synctype        = undef,
+  Hash[String[1],Variant[String[1],Array[String[1]]]] $dboptions         = {},
+  Optional[String[1]]                                 $synctype          = undef,
   # Synchronization options
-  Optional[Boolean]                                   $mirrormode      = undef,
-  Optional[Boolean]                                   $multiprovider   = undef,
-  Optional[String[1]]                                 $syncusesubentry = undef,
-  Array[Openldap::Syncrepl]                           $syncrepl        = [],
+  Optional[Boolean]                                   $mirrormode        = undef,
+  Optional[Boolean]                                   $multiprovider     = undef,
+  Optional[String[1]]                                 $syncusesubentry   = undef,
+  Array[Openldap::Syncrepl]                           $syncrepl          = [],
   Hash[
     Enum[
       'transport',
@@ -68,26 +70,28 @@
   }
 
   openldap_database { $title:
-    ensure          => $ensure,
-    suffix          => $suffix,
-    relay           => $relay,
-    target          => $openldap::server::conffile,
-    backend         => $backend,
-    directory       => $manage_directory,
-    rootdn          => $rootdn,
-    rootpw          => $rootpw,
-    initdb          => $initdb,
-    readonly        => $readonly,
-    sizelimit       => $sizelimit,
-    timelimit       => $timelimit,
-    dbmaxsize       => $dbmaxsize,
-    updateref       => $updateref,
-    dboptions       => $dboptions,
-    synctype        => $synctype,
-    mirrormode      => $mirrormode,
-    multiprovider   => $multiprovider,
-    syncusesubentry => $syncusesubentry,
-    syncrepl        => $syncrepl.map |$item| {
+    ensure            => $ensure,
+    suffix            => $suffix,
+    relay             => $relay,
+    target            => $openldap::server::conffile,
+    backend           => $backend,
+    directory         => $manage_directory,
+    rootdn            => $rootdn,
+    rootpw            => $rootpw,
+    initdb            => $initdb,
+    readonly          => $readonly,
+    sizelimit         => $sizelimit,
+    timelimit         => $timelimit,
+    dbmaxsize         => $dbmaxsize,
+    updateref         => $updateref,
+    lastbind          => $lastbind,
+    lastbindprecision => $lastbindprecision,
+    dboptions         => $dboptions,
+    synctype          => $synctype,
+    mirrormode        => $mirrormode,
+    multiprovider     => $multiprovider,
+    syncusesubentry   => $syncusesubentry,
+    syncrepl          => $syncrepl.map |$item| {
       $item.map |$k, $v| {
         $v ? {
           true    => $k,
@@ -96,7 +100,7 @@
         }
       }.flatten.join(' ')
     },
-    limits          => $limits.map |$selector, $limits| { "${selector} ${limits.map |$k, $v| { "${k}=${v}" }.join(' ')}" },
-    security        => $security,
+    limits            => $limits.map |$selector, $limits| { "${selector} ${limits.map |$k, $v| { "${k}=${v}" }.join(' ')}" },
+    security          => $security,
   }
 }

spec/defines/openldap_server_database_spec.rb

@@ -37,6 +37,8 @@
                 dbmaxsize: '10000',
                 timelimit: '10000',
                 updateref: 'default_updateref',
+                lastbind: true,
+                lastbindprecision: 3600,
                 limits: {
                   'dn.exact="cn=anyuser,dc=example,dc=org"'   => { size: 100_000 },
                   'dn.exact="cn=personnel,dc=example,dc=org"' => { size: 'unlimited' },