Integrating Puppet Enterprise with Active Directory

I have Active Directory running at home. I’ve been using it as a centralized credential store.

Puppet Enterprise can authenticate against Active Directory. I just successfully integrated them, so here are the parameters I’m actually using. I used this documentation for reference.

Directory name
homenet.iriumi.ad

Hostname
pdc01.homenet.iriumi.ad

Port
389

Lookup user (optional)
CN=svcldap,OU=UsersOU,DC=homenet,DC=iriumi,DC=ad

Lookup password (optional)
* Use the password for svcldap

Connection timeout (seconds)
60

Validate the hostname?
Yes

Allow wildcards in SSL certificate?
Yes

Base distinguished name
dc=homenet,dc=iriumi,dc=ad

User login attribute
sAMAccountName

User email address
mail

User relative distinguished name (optional)
* empty

Group object class
group

Group membership field
member

Group name attribute
name

Group lookup attribute
cn

Group relative distinguished name (optional)
cn=UsersOU

Turn off LDAP_MATCHING_RULE_IN_CHAIN?
No

Search nested groups?
Yes

One thing is that when you first login as an Active Directory user, you may get denied. Once you see it, logout and login as the local admin (root) user and then you will see your Active Directory user created in Puppet Enterprise. You can add the user to the Administrators group so that you can do administrative work as yourself.

The configurations I showed in this blog entry is actually working, so I hope this helps someone out there.

Author: admin

A software engineer in greater Seattle area

Leave a Reply

Your email address will not be published. Required fields are marked *