Enhance LDAP server configuration

- Added functionality to convert the domain to LDAP DN format for better integration. - Configured phpLDAPadmin to use the generated base DN, ensuring it matches the LDAP domain.
2026-02-21 11:18:06 +00:00 · 2026-02-03 09:59:45 +00:00
parent f1d57078fe
commit 28ea284d83
2 changed files with 14 additions and 0 deletions
--- a/modules/utilities/unix/authentication/ldap_server/manifests/install.pp
+++ b/modules/utilities/unix/authentication/ldap_server/manifests/install.pp
@@ -5,6 +5,10 @@ class ldap_server::install {
  $organization = $secgen_parameters['organization'][0]
  $admin_password = $secgen_parameters['admin_password'][0]

+  # Convert domain to LDAP DN format (e.g., "secgen.local" -> "dc=secgen,dc=local")
+  $domain_parts = split($domain, '\.')
+  $base_dn = $domain_parts.map |$part| { "dc=${part}" }.join(',')
+
  # Pre-seed debconf values to make slapd installation non-interactive
  # This prevents prompts during package installation
  exec { 'preseed-slapd':
@@ -48,6 +52,14 @@ class ldap_server::install {
  package { 'phpldapadmin':
    ensure => installed,
  }
+
+  ->
+  # Configure phpLDAPadmin base DN to match LDAP domain
+  exec { 'configure-phpldapadmin-base-dn':
+    command => "/bin/sed -i \"s/\\$servers->setValue('server','base',array('dc=example,dc=com'));/\\$servers->setValue('server','base',array('${base_dn}'));/\" /etc/phpldapadmin/config.php",
+    onlyif  => "/bin/grep -q \"dc=example,dc=com\" /etc/phpldapadmin/config.php",
+    path    => ['/bin', '/usr/bin'],
+  }
  ->
  # Enable PHP module in Apache (version-agnostic)
  # Uses find to locate the installed PHP module and enables it
--- a/scenarios/labs/systems_security/3_ss_conf.xml
+++ b/scenarios/labs/systems_security/3_ss_conf.xml
@@ -120,6 +120,8 @@

    <vulnerability type="ftp"/>

+    <utility module_path=".*/apparmor"/>
+
    <service module_path="services/unix/http/parameterised_website">
      <input into="organisation" into_datastore="organisation">
        <encoder type="line_selector">