Resource Type: sensu_ad_auth

Defined in:
lib/puppet/type/sensu_ad_auth.rb
Providers:
sensuctl
sensu_api

Summary

Manages Sensu AD auth.

Overview

Autorequires:

  • Package[sensu-go-cli]
  • Service[sensu-backend]
  • Sensuctl_configure[puppet]
  • Sensu_api_validator[sensu]
  • Sensu_user[admin]

Examples:

Add a AD auth

sensu_ldap_auth { 'ad':
  ensure              => 'present',
  servers             => [
    {
      'host' => '127.0.0.1',
      'port' => 389,
      'binding' => {
        'user_dn' => 'cn=binder,dc=acme,dc=org',
        'password' => 'P@ssw0rd!'
      },
      'group_search' => {
        'base_dn' => 'dc=acme,dc=org',
      },
      'user_search'  => {
        'base_dn' => 'dc=acme,dc=org',
      },
    },
  ],
}

Add an AD auth that uses memberOf attribute by omitting group_search

sensu_ldap_auth { 'ad':
  ensure              => 'present',
  servers             => [
    {
      'host' => '127.0.0.1',
      'port' => 389,
      'binding' => {
        'user_dn' => 'cn=binder,dc=acme,dc=org',
        'password' => 'P@ssw0rd!'
      },
      'user_search'  => {
        'base_dn' => 'dc=acme,dc=org',
      },
    },
  ],
}

Properties

  • ensure (defaults to: present)

    The basic property that the resource should be in.

    Supported values:
    • present
    • absent
  • groups_prefix

    The prefix added to all LDAP groups.

  • servers

    AD servers as Array of Hashes

    Keys:

    • host: required
    • port: required
    • group_search: optional (omit to use memberOf)
    • user_search: required
    • binding: optional Hash
    • insecure: default is false
    • security: default is tls
    • trusted_ca_file: default is ""
    • client_cert_file: default is ""
    • client_key_file: default is ""
    • default_upn_domain: default is ""
    • include_nested_groups: Boolean

    group_search keys:

    • base_dn: required
    • attribute: default is member
    • name_attribute: default is cn
    • object_class: default is group

    user_search Keys:

    • base_dn: required
    • attribute: default is sAMAccountName
    • name_attribute: default is displayName
    • object_class: default is person

    binding keys:

    • user_dn: required
    • password: required
  • username_prefix

    The prefix added to all LDAP usernames.

Parameters

  • name (namevar)

    The name of the AD auth.

  • provider

    The specific backend to use for this sensu_ad_auth resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform.