Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow for an outsider package on RHEL8+ #429

Open
wants to merge 2 commits into
base: master
Choose a base branch
from

Conversation

gcoxmoz
Copy link
Contributor

@gcoxmoz gcoxmoz commented Jul 3, 2024

In openldap::server::config, if redhat 8-or-newer, there's a systemd::dropin_file that makes a startup file so you can tune the user /usr/sbin/slapd runs as.

The problem is, there's a subtle assumption here that your binary is actually /usr/sbin/slapd. Ever since RHEL7.4, the openldap-servers has been deprecated, so some of us have pivoted over to using Symas' packages, which installs everything in /opt. That is, Puppet says to use /usr/sbin/slapd "because you're on RHEL8" (wrong), instead of "because you're using a RHEL-styled package". So this makes it more explicit why you're using this file, and takes it away when you use a different package.

"Why not just symlink slapd?" Tried, didn't work. systemd was not pleased by this.
"Why not just make the fully-pathed slapd executable be a parameter which defaults to /usr/sbin/slapd". Thought about it. But for the most part I'm thinking "this file adds unnecessary noise" so I went for the path of least surprise and removed it.

@jay7x
Copy link
Member

jay7x commented Dec 11, 2024

I'd introduce openldap::binary or something like this instead. Then just set it to a proper location depending on the package/OS (FreeBSD will have openldap binary under /usr/local/sbin/slapd I believe e.g.). Then reuse that in the systemd drop-in file.

@gcoxmoz
Copy link
Contributor Author

gcoxmoz commented Dec 11, 2024

I'd introduce openldap::binary or something like this instead.

I disagree. Nothing else uses /<something>/sbin/slapd in this module, we're scoped down to a section that is just RedHat, and there's plenty of prior use of hardcoded pathing in OS sections (see above in the Debian section).
There might be a reason to do a full openldap::server::binary implementation but this is scope-creeping.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants