The code that specified the LDAP URI isn't compatible with the command line 'authconfig' or the puppet module MyLezeem/puppet-authconfig
(https://github.com/Mylezeem/puppet-authconfig).

When running 'authconfig --update', authconfig condenses the LDAP URIs into a single line. This causes puppet-nslcd to see that /etc/nslcd.conf file has changed and puppet-nslcd will change /etc/nslcd.conf back to a [potentially] multi-line URI.

<% @ldap_uris.each do |ldap_uri| -%>
uri <%= ldap_uri %>
<% end -%>

I recommend changing the three lines in templates/nslcd.erb thusly:

The location at which the LDAP server(s) should be reachable.

uri <%= @ldap_uris.join(' ').sort %>

This will make puppet-nslcd more compatible with command line authconfig and as a bonus, more compatible with MyLezeem/puppet-authconfig (https://github.com/Mylezeem/puppet-authconfig) module.

Can someone give me an example of $ldap_maps format?

I've tried:
$ldap_maps = { group => 'uniqueMember member', passwd => ['homedirectory unixHomeDirectory', 'uid sAMAccountName', 'gecos displayName', ], shadow => ['shadowLastChange pwdLastSet', 'uid sAMAccountName', ], }

...but the module incorrectly updates /etc/nslcd.conf thusly:

Custom maps

map group uniqueMember member
map passwd ["homedirectory unixHomeDirectory", "uid sAMAccountName", "gecos displayName"]
map shadow ["shadowLastChange pwdLastSet", "uid sAMAccountName"]

I recommend modifying the template file so that each hash iteration is sorted. The ruby sort mechanism isn't [always] consistent.

For example:

<% if @ldap_filters.length > 0 -%>

Custom search filters

<% @ldap_filters.sort.each do |map, filter| -%>
filter <%= map %> <%= filter %>
<% end -%>
<% end -%>

https://projects.puppetlabs.com/issues/16266

I'm using both your nslcd and the authconfig module from https://github.com/Mylezeem/puppet-authconfig.

Since the authconfig module also includes nss-pam-ldapd for Red Hat, the Package 'nss-pam-ldapd' is defined twice when including both authconfig and nslcd. The same goes for the 'nslcd' service.

I have changed my fork of init.pp to check to see if $service_name and/or $package_name are undefined. If either are undefined, the manifest modifies the anchor statement to include/exclude the appropriate service or package.

Due to the possibility of duplicate resource declarations with other modules

(ie: https://github.com/Mylezeem/puppet-authconfig), check to see if

$package_name is undefined. If it is undefined then don't attempt to

install it. The same is true for $service_name.

if $package_name == undef and $service_name == undef {
anchor { 'nslcd::begin': } ->
class { 'nslcd::config': } ~>
anchor { 'nslcd::end': }
} elsif $package_name == undef {
anchor { 'nslcd::begin': } ->
class { 'nslcd::config': } ~>
class { 'nslcd::service': } ->
anchor { 'nslcd::end': }
} elsif $service_name == undef {
anchor { 'nslcd::begin': } ->
class { 'nslcd::install': } ->
class { 'nslcd::config': } ~>
anchor { 'nslcd::end': }
} else {
anchor { 'nslcd::begin': } ->
class { 'nslcd::install': } ->
class { 'nslcd::config': } ~>
class { 'nslcd::service': } ->
anchor { 'nslcd::end': }
}

This is my first experience with anchors. If there's a better way to do this (ie: define the anchor) please feel free to let me know.