|
Server IP : 111.118.215.189 / Your IP : 18.216.95.250 Web Server : Apache System : Linux md-in-83.webhostbox.net 4.19.286-203.ELK.el7.x86_64 #1 SMP Wed Jun 14 04:33:55 CDT 2023 x86_64 User : a1673wkz ( 2475) PHP Version : 8.2.25 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON Directory (0755) : /usr/share/ruby/vendor_ruby/puppet/util/ldap/ |
| [ Home ] | [ C0mmand ] | [ Upload File ] |
|---|
require 'puppet/util/ldap'
require 'puppet/util/ldap/connection'
require 'puppet/util/ldap/generator'
# The configuration class for LDAP providers, plus
# connection handling for actually interacting with ldap.
class Puppet::Util::Ldap::Manager
attr_reader :objectclasses, :puppet2ldap, :location, :rdn
# A null-op that just returns the config.
def and
self
end
# Set the offset from the search base and return the config.
def at(location)
@location = location
self
end
# The basic search base.
def base
[location, Puppet[:ldapbase]].join(",")
end
# Convert the name to a dn, then pass the args along to
# our connection.
def create(name, attributes)
attributes = attributes.dup
# Add the objectclasses
attributes["objectClass"] = objectclasses.collect { |o| o.to_s }
attributes["objectClass"] << "top" unless attributes["objectClass"].include?("top")
attributes[rdn.to_s] = [name]
# Generate any new values we might need.
generate(attributes)
# And create our resource.
connect { |conn| conn.add dn(name), attributes }
end
# Open, yield, and close the connection. Cannot be left
# open, at this point.
def connect
raise ArgumentError, "You must pass a block to #connect" unless block_given?
unless @connection
if Puppet[:ldaptls]
ssl = :tls
elsif Puppet[:ldapssl]
ssl = true
else
ssl = false
end
options = {:ssl => ssl}
if user = Puppet[:ldapuser] and user != ""
options[:user] = user
end
if password = Puppet[:ldappassword] and password != ""
options[:password] = password
end
@connection = Puppet::Util::Ldap::Connection.new(Puppet[:ldapserver], Puppet[:ldapport], options)
end
@connection.start
begin
yield @connection.connection
ensure
@connection.close
end
nil
end
# Convert the name to a dn, then pass the args along to
# our connection.
def delete(name)
connect { |connection| connection.delete dn(name) }
end
# Calculate the dn for a given resource.
def dn(name)
["#{rdn}=#{name}", base].join(",")
end
# Convert an ldap-style entry hash to a provider-style hash.
def entry2provider(entry)
raise ArgumentError, "Could not get dn from ldap entry" unless entry["dn"]
# DN is always a single-entry array. Strip off the bits before the
# first comma, then the bits after the remaining equal sign. This is the
# name.
name = entry["dn"].dup.pop.split(",").shift.split("=").pop
result = {:name => name}
@ldap2puppet.each do |ldap, puppet|
result[puppet] = entry[ldap.to_s] || :absent
end
result
end
# Create our normal search filter.
def filter
return(objectclasses.length == 1 ? "objectclass=#{objectclasses[0]}" : "(&(objectclass=" + objectclasses.join(")(objectclass=") + "))")
end
# Find the associated entry for a resource. Returns a hash, minus
# 'dn', or nil if the entry cannot be found.
def find(name)
connect do |conn|
begin
conn.search2(dn(name), 0, "objectclass=*") do |result|
# Convert to puppet-appropriate attributes
return entry2provider(result)
end
rescue
return nil
end
end
end
# Declare a new attribute generator.
def generates(parameter)
@generators << Puppet::Util::Ldap::Generator.new(parameter)
@generators[-1]
end
# Generate any extra values we need to make the ldap entry work.
def generate(values)
return unless @generators.length > 0
@generators.each do |generator|
# Don't override any values that might exist.
next if values[generator.name]
if generator.source
unless value = values[generator.source]
raise ArgumentError, "#{generator.source} must be defined to generate #{generator.name}"
end
result = generator.generate(value)
else
result = generator.generate
end
result = [result] unless result.is_a?(Array)
result = result.collect { |r| r.to_s }
values[generator.name] = result
end
end
def initialize
@rdn = :cn
@generators = []
end
# Specify what classes this provider models.
def manages(*classes)
@objectclasses = classes
self
end
# Specify the attribute map. Assumes the keys are the puppet
# attributes, and the values are the ldap attributes, and creates a map
# for each direction.
def maps(attributes)
# The map with the puppet attributes as the keys
@puppet2ldap = attributes
# and the ldap attributes as the keys.
@ldap2puppet = attributes.inject({}) { |map, ary| map[ary[1]] = ary[0]; map }
self
end
# Return the ldap name for a puppet attribute.
def ldap_name(attribute)
@puppet2ldap[attribute].to_s
end
# Convert the name to a dn, then pass the args along to
# our connection.
def modify(name, mods)
connect { |connection| connection.modify dn(name), mods }
end
# Specify the rdn that we use to build up our dn.
def named_by(attribute)
@rdn = attribute
self
end
# Return the puppet name for an ldap attribute.
def puppet_name(attribute)
@ldap2puppet[attribute]
end
# Search for all entries at our base. A potentially expensive search.
def search(sfilter = nil)
sfilter ||= filter
result = []
connect do |conn|
conn.search2(base, 1, sfilter) do |entry|
result << entry2provider(entry)
end
end
return(result.empty? ? nil : result)
end
# Update the ldap entry with the desired state.
def update(name, is, should)
if should[:ensure] == :absent
Puppet.info "Removing #{dn(name)} from ldap"
delete(name)
return
end
# We're creating a new entry
if is.empty? or is[:ensure] == :absent
Puppet.info "Creating #{dn(name)} in ldap"
# Remove any :absent params and :ensure, then convert the names to ldap names.
attrs = ldap_convert(should)
create(name, attrs)
return
end
# We're modifying an existing entry. Yuck.
mods = []
# For each attribute we're deleting that is present, create a
# modify instance for deletion.
[is.keys, should.keys].flatten.uniq.each do |property|
# They're equal, so do nothing.
next if is[property] == should[property]
attributes = ldap_convert(should)
prop_name = ldap_name(property).to_s
# We're creating it.
if is[property] == :absent or is[property].nil?
mods << LDAP::Mod.new(LDAP::LDAP_MOD_ADD, prop_name, attributes[prop_name])
next
end
# We're deleting it
if should[property] == :absent or should[property].nil?
mods << LDAP::Mod.new(LDAP::LDAP_MOD_DELETE, prop_name, [])
next
end
# We're replacing an existing value
mods << LDAP::Mod.new(LDAP::LDAP_MOD_REPLACE, prop_name, attributes[prop_name])
end
modify(name, mods)
end
# Is this a complete ldap configuration?
def valid?
location and objectclasses and ! objectclasses.empty? and puppet2ldap
end
private
# Convert a hash of attributes to ldap-like forms. This mostly means
# getting rid of :ensure and making sure everything's an array of strings.
def ldap_convert(attributes)
attributes.reject { |param, value| value == :absent or param == :ensure }.inject({}) do |result, ary|
value = (ary[1].is_a?(Array) ? ary[1] : [ary[1]]).collect { |v| v.to_s }
result[ldap_name(ary[0])] = value
result
end
end
end