diff --git a/modules/utilities/unix/authentication/ldap_packages/ldap_packages.pp b/modules/utilities/unix/authentication/ldap_packages/ldap_packages.pp
new file mode 100644
index 000000000..05b6b6647
--- /dev/null
+++ b/modules/utilities/unix/authentication/ldap_packages/ldap_packages.pp
@@ -0,0 +1 @@
+include ldap_packages::install
diff --git a/modules/utilities/unix/authentication/ldap_packages/manifests/install.pp b/modules/utilities/unix/authentication/ldap_packages/manifests/install.pp
new file mode 100644
index 000000000..82cd292b8
--- /dev/null
+++ b/modules/utilities/unix/authentication/ldap_packages/manifests/install.pp
@@ -0,0 +1,21 @@
+class ldap_packages::install {
+ # LDAP Client Utilities
+ # Provides command-line tools for interacting with LDAP directories
+ ensure_packages(['ldap-utils'])
+
+ # NSS and PAM LDAP Integration
+ # Enables system authentication and name service lookups via LDAP
+ ensure_packages(['libnss-ldap', 'libpam-ldap'])
+
+ # NSS LDAP Daemon
+ # Daemon that performs LDAP queries for NSS and PAM
+ ensure_packages(['nslcd'])
+
+ # Name Service Cache Daemon
+ # Caches name service lookups to improve performance
+ ensure_packages(['nscd'])
+
+ # System Security Services Daemon
+ # Provides access to identity and authentication remote resource providers
+ ensure_packages(['sssd'])
+}
diff --git a/modules/utilities/unix/authentication/ldap_packages/secgen_metadata.xml b/modules/utilities/unix/authentication/ldap_packages/secgen_metadata.xml
new file mode 100644
index 000000000..d7aa785e3
--- /dev/null
+++ b/modules/utilities/unix/authentication/ldap_packages/secgen_metadata.xml
@@ -0,0 +1,17 @@
+
+
+
+ LDAP Packages
+ Z. Cliffe Schreuders
+ Apache v2
+ Installs LDAP client utilities, server, and authentication integration packages
+
+ authentication_configuration
+ linux
+
+
+ update
+
+
diff --git a/modules/utilities/unix/authentication/ldap_server/ldap_server.pp b/modules/utilities/unix/authentication/ldap_server/ldap_server.pp
new file mode 100644
index 000000000..b233a5d14
--- /dev/null
+++ b/modules/utilities/unix/authentication/ldap_server/ldap_server.pp
@@ -0,0 +1 @@
+require ldap_server::init
diff --git a/modules/utilities/unix/authentication/ldap_server/manifests/init.pp b/modules/utilities/unix/authentication/ldap_server/manifests/init.pp
new file mode 100644
index 000000000..5077dcfde
--- /dev/null
+++ b/modules/utilities/unix/authentication/ldap_server/manifests/init.pp
@@ -0,0 +1,13 @@
+class ldap_server::init {
+ $secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file)
+
+ $domain = $secgen_parameters['domain'][0]
+ $organization = $secgen_parameters['organization'][0]
+ $admin_password = $secgen_parameters['admin_password'][0]
+
+ class { 'ldap_server::install':
+ domain => $domain,
+ organization => $organization,
+ admin_password => $admin_password,
+ }
+}
diff --git a/modules/utilities/unix/authentication/ldap_server/manifests/install.pp b/modules/utilities/unix/authentication/ldap_server/manifests/install.pp
new file mode 100644
index 000000000..e16d6dea5
--- /dev/null
+++ b/modules/utilities/unix/authentication/ldap_server/manifests/install.pp
@@ -0,0 +1,63 @@
+class ldap_server::install (
+ String $domain = 'example.com',
+ String $organization = 'Example Organization',
+ String $admin_password = 'temp123',
+) {
+ # Pre-seed debconf values to make slapd installation non-interactive
+ # This prevents prompts during package installation
+ exec { 'preseed-slapd':
+ command => "/bin/echo \"slapd slapd/internal/generated_adminpw password ${admin_password}\" | debconf-set-selections && \
+ /bin/echo \"slapd slapd/internal/adminpw password ${admin_password}\" | debconf-set-selections && \
+ /bin/echo \"slapd slapd/password2 password ${admin_password}\" | debconf-set-selections && \
+ /bin/echo \"slapd slapd/password1 password ${admin_password}\" | debconf-set-selections && \
+ /bin/echo \"slapd slapd/domain string ${domain}\" | debconf-set-selections && \
+ /bin/echo \"slapd shared/organization string ${organization}\" | debconf-set-selections && \
+ /bin/echo 'slapd slapd/backend string MDB' | debconf-set-selections && \
+ /bin/echo 'slapd slapd/purge_database boolean true' | debconf-set-selections && \
+ /bin/echo 'slapd slapd/move_old_database boolean true' | debconf-set-selections && \
+ /bin/echo 'slapd slapd/allow_ldap_v2 boolean false' | debconf-set-selections && \
+ /bin/echo 'slapd slapd/no_configuration boolean false' | debconf-set-selections",
+ unless => '/usr/bin/dpkg -l | grep -q "^ii slapd"',
+ path => ['/bin', '/usr/bin'],
+ } ->
+ # OpenLDAP Server and Utilities
+ # Standalone LDAP daemon for serving directory information
+ package { 'slapd':
+ ensure => installed,
+ } ->
+ # Ensure slapd service is running
+ service { 'slapd':
+ ensure => running,
+ enable => true,
+ }
+
+ # LDAP command-line utilities for server management
+ # Provides ldapsearch, ldapadd, ldapmodify, ldapdelete, etc.
+ ensure_packages(['ldap-utils'])
+
+ # phpLDAPadmin - Web-based LDAP administration interface
+ # Provides a GUI for managing LDAP directory via Apache
+ # This will automatically pull in php, php-ldap, php-xml, and libapache2-mod-php
+ package { 'phpldapadmin':
+ ensure => installed,
+ }
+ ->
+ # Enable PHP module in Apache (version-agnostic)
+ # Uses find to locate the installed PHP module and enables it
+ exec { 'enable-php-module':
+ command => '/bin/sh -c "/usr/bin/find /etc/apache2/mods-available -name php*.load -exec basename {} .load \; | /usr/bin/head -1 | /usr/bin/xargs /usr/sbin/a2enmod"',
+ path => ['/bin', '/usr/bin', '/usr/sbin'],
+ }
+ ->
+ # Enable phpldapadmin Apache configuration
+ exec { 'enable-phpldapadmin-conf':
+ command => '/usr/sbin/a2enconf phpldapadmin',
+ path => ['/bin', '/usr/bin', '/usr/sbin'],
+ }
+ ->
+ # Restart Apache to apply configuration changes
+ exec { 'restart-apache2-for-phpldapadmin':
+ command => '/usr/sbin/service apache2 restart',
+ path => ['/bin', '/usr/bin', '/usr/sbin'],
+ }
+}
diff --git a/modules/utilities/unix/authentication/ldap_server/secgen_metadata.xml b/modules/utilities/unix/authentication/ldap_server/secgen_metadata.xml
new file mode 100644
index 000000000..a18fa75f2
--- /dev/null
+++ b/modules/utilities/unix/authentication/ldap_server/secgen_metadata.xml
@@ -0,0 +1,43 @@
+
+
+
+ LDAP Server
+ Z. Cliffe Schreuders
+ Apache v2
+ Installs and configures OpenLDAP server (slapd) with phpLDAPadmin web interface and non-interactive setup
+
+ authentication_server
+ linux
+
+ domain
+ organization
+ admin_password
+
+
+ example.com
+
+
+
+ Example Organization
+
+
+
+
+
+
+
+ update
+
+
+ .*apache.*compatible.*
+
+
+
+
+
+ .*bases/(?!debian_bookworm).*
+
+
+
diff --git a/scenarios/labs/systems_security/3_ss_conf.xml b/scenarios/labs/systems_security/3_ss_conf.xml
index 818f1eaad..eb1e99d6f 100644
--- a/scenarios/labs/systems_security/3_ss_conf.xml
+++ b/scenarios/labs/systems_security/3_ss_conf.xml
@@ -69,6 +69,7 @@
+
@@ -173,6 +174,7 @@
+
@@ -218,6 +220,21 @@
+
+
+
+
+
+
+ safetynet.local
+
+
+ SAFETYNET
+
+
+ tiaspbiqe2r
+
+