All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog and this project adheres to Semantic Versioning.
3.1.0 - 2023-08-08
- Update module dependencies and Puppet version requirement
- Fix GitHub Actions
3.0.1 - 2023-07-11
- Fix puppet-lint offenses & use modern fact in acceptance test (#6)
3.0.0 - 2022-10-08
This new major release breaks compatibility with spacepants/ds_389. Users should first migrate to version 2.x of this module when coming from spacepants/ds_389.
- Add new parameter
$supplier_role_name(set to either 'master' or 'supplier')
- Use the 'path' parameter for 'ssl_pkey' and 'x509_cert' resources (#2)
- Fix compatibility with recent versions of 389-ds (through
$supplier_role_name) - Do not ignore failures when running ldapadd (#4)
- Revive acceptance tests
- Remove migration path for spacepants/ds_389
2.7.0 - 2022-10-05
- Add documentation for all parameters
- Replace dependency camptocamp/openssl with puppet/openssl
- Migrate tests to GitHub Actions
- Fix unit tests
- Drop Ubuntu 18.04 support
2.6.0 - 2022-09-21
- Update os versions and Puppet version
- Update PDK from 1.8.0 to 2.5.0
- Fix puppet-lint offenses
- Fix unit tests
- Updating dependencies and source information in metadata.json
- Fixing parameters of creating ssl objects
- Fixing manifests/replication.pp because of wrong command parameter on creating a replica as a supplier
2.5.0 - 2021-01-20
- Add parameter
$backup_notlsto defined typeds_389::instance
- Allow Puppet 7
2.4.0 - 2020-11-30
- Add parameter
$environmentto defined typeds_389::backup
- Add PATH environment variable to default backup cron job
- Fix "command not found" error in backup cron job due to missing PATH variable
2.3.0 - 2020-11-18
- Add defined type to manage backup jobs:
ds_389::backup
- Protect passwords by not displaying a diff when the password file changes
2.2.0 - 2020-11-16
This release fixes a major bug when using self-signed certificates. In previous releases the internal CA certificate was created without the required extensions. As a result, using LDAPS could lead to various SSL errors. Note that only new CA certificates will benefit from this bugfix. The README contains instructions to purge the existing SSL certificates.
- Add new dependency: camptocamp/openssl
- Use camptocamp/openssl to generate CA certificates
- Fix broken CA certificates by including the required CA extensions
- Fix missing newline in cert bundle
2.1.0 - 2020-11-07
- Add new parameter
$optionsto provide additional plugin configuration
- Fix resource ordering: skip plugins on error
2.0.0 - 2020-11-01
This is the first release after forking the module. It aims to be compatible with spacepants/ds_389, but please read the migration notes in the README.
- Add new parameter
$create_suffix - Add ability to manage 389-ds plugins
- Add migration path for users of spacepants/puppet-ds_389
- Add acceptance test for multi-master replication
- Drop legacy tool usage (setup-ds.pl)
- Migrate params.pp to Hiera module data
- Convert erb templates to epp
- Refactor SSL setup/config to use new tools wherever possible
- Refactor support for nsds5replicatedattributelist (
$excluded_attributes) - Refactor support for nsDS5ReplicaPurgeDelay (
$purge_delay) - Use modern facts instead of
$::fqdn, $ ::hostname, etc. - Update to PDK 1.18.1
- Limit OS support to versions that include 389-ds 1.4
- Update unit tests
- Update acceptance tests
- Fix resource ordering: a service restart could break the initialization of the replication
1.1.7 - 2018-03-13
This release fixes an issue when setting the file descriptor limit on Debian systems.
- Fix limits config dir on Debian.
1.1.6 - 2018-01-29
This release fixes a replication issue for consumers and hubs.
- Set the replica id for consumers and hubs.
1.1.5 - 2018-01-19
This release adds some additional fixes for replication.
- Fixed a bug where the nsDS5ReplicaRoot wasn't being set correctly in the replication agreement.
- Cleaned up replication attributes.
- Made the replication agreement cn more explicit.
1.1.4 - 2018-01-18
Fixed a bug with replication logic.
- Check for fqdn when setting replication.
1.1.3 - 2018-01-18
This release adds additional support for StartTLS. ldapadd and ldapmodify actions now connect via the URI, and can connect with StartTLS via the starttls param. nsDS5ReplicaTransportInfo can be set to 'TLS' as well.
- ldapadd / ldapmodify commands now connect via URI.
- ldapadd / ldapmodify commands now can connect with StartTLS.
1.1.2 - 2018-01-12
This release adds the ability to customize nsDS5ReplicaTransportInfo for replication. It defaults to 'LDAP', but can be set to 'SSL' via the replica_transport param.
- Parameterize replication transport.
- ldapadd / ldapmodify commands now default to port 389 instead of 636.
1.1.1 - 2018-01-05
This release adds the ability to specify the minssf setting that controls StartTLS for non-SSL connections.
- Parameterize nsslapd-minssf.
- Default nsslapd-minssf value changed to package default.
- ldif files are passed to ldapmodify directly instead of piping from stdout.
1.1.0 - 2017-12-18
This release adds the ability to manage the content of both ds_389::add and ds_389::modify ldif files. This allows for better secret management and the use of template(), inline_template(), or inline_epp() when declaring these defined types.
- Expose the content of an ldif file to allow for template-based management.
- Clean up references to the replication manager.
- The
bind_dn_passparam for replication has been replaced withreplication_pass. - Added
replication_userwhich defaults to 'Replication Manager'. bind_dnis now optional, and allows the bind DN for replication to be overriden if needed.
- Initial release.