Class: Puppet::Util::Ldap::Manager

Inherits:
Object
  • Object
show all
Defined in:
lib/puppet/util/ldap/manager.rb

Overview

The configuration class for LDAP providers, plus connection handling for actually interacting with ldap.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initializeManager


160
161
162
163
# File 'lib/puppet/util/ldap/manager.rb', line 160

def initialize
  @rdn = :cn
  @generators = []
end

Instance Attribute Details

#locationObject (readonly)

Returns the value of attribute location


8
9
10
# File 'lib/puppet/util/ldap/manager.rb', line 8

def location
  @location
end

#objectclassesObject (readonly)

Returns the value of attribute objectclasses


8
9
10
# File 'lib/puppet/util/ldap/manager.rb', line 8

def objectclasses
  @objectclasses
end

#puppet2ldapObject (readonly)

Returns the value of attribute puppet2ldap


8
9
10
# File 'lib/puppet/util/ldap/manager.rb', line 8

def puppet2ldap
  @puppet2ldap
end

#rdnObject (readonly)

Returns the value of attribute rdn


8
9
10
# File 'lib/puppet/util/ldap/manager.rb', line 8

def rdn
  @rdn
end

Instance Method Details

#andObject

A null-op that just returns the config.


11
12
13
# File 'lib/puppet/util/ldap/manager.rb', line 11

def and
  self
end

#at(location) ⇒ Object

Set the offset from the search base and return the config.


16
17
18
19
# File 'lib/puppet/util/ldap/manager.rb', line 16

def at(location)
  @location = location
  self
end

#baseObject

The basic search base.


22
23
24
# File 'lib/puppet/util/ldap/manager.rb', line 22

def base
  [location, Puppet[:ldapbase]].join(",")
end

#connectObject

Open, yield, and close the connection. Cannot be left open, at this point.

Raises:

  • (ArgumentError)

46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
# File 'lib/puppet/util/ldap/manager.rb', line 46

def connect
  #TRANSLATORS '#connect' is a method name and and should not be translated, 'block' refers to a Ruby code block
  raise ArgumentError, _("You must pass a block to #connect") unless block_given?

  unless @connection
    if Puppet[:ldaptls]
      ssl = :tls
    elsif Puppet[:ldapssl]
      ssl = true
    else
      ssl = false
    end
    options = {:ssl => ssl}
    user = Puppet[:ldapuser]
    if user && user != ""
      options[:user] = user
    end
    password = Puppet[:ldappassword]
    if password && password != ""
      options[:password] = password
    end
    @connection = Puppet::Util::Ldap::Connection.new(Puppet[:ldapserver], Puppet[:ldapport], options)
  end
  @connection.start
  begin
    yield @connection.connection
  ensure
    @connection.close
  end
  nil
end

#create(name, attributes) ⇒ Object

Convert the name to a dn, then pass the args along to our connection.


28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
# File 'lib/puppet/util/ldap/manager.rb', line 28

def create(name, attributes)
  attributes = attributes.dup

  # Add the objectclasses
  attributes["objectClass"] = objectclasses.collect { |o| o.to_s }
  attributes["objectClass"] << "top" unless attributes["objectClass"].include?("top")

  attributes[rdn.to_s] = [name]

  # Generate any new values we might need.
  generate(attributes)

  # And create our resource.
  connect { |conn| conn.add dn(name), attributes }
end

#delete(name) ⇒ Object

Convert the name to a dn, then pass the args along to our connection.


80
81
82
# File 'lib/puppet/util/ldap/manager.rb', line 80

def delete(name)
  connect { |connection| connection.delete dn(name) }
end

#dn(name) ⇒ Object

Calculate the dn for a given resource.


85
86
87
# File 'lib/puppet/util/ldap/manager.rb', line 85

def dn(name)
  ["#{rdn}=#{name}", base].join(",")
end

#entry2provider(entry) ⇒ Object

Convert an ldap-style entry hash to a provider-style hash.

Raises:

  • (ArgumentError)

90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
# File 'lib/puppet/util/ldap/manager.rb', line 90

def entry2provider(entry)
  #TRANSLATOR 'dn' refers to a 'distinguished name' in LDAP (Lightweight Directory Access Protocol) and they should not be translated
  raise ArgumentError, _("Could not get dn from ldap entry") unless entry["dn"]

  # DN is always a single-entry array.  Strip off the bits before the
  # first comma, then the bits after the remaining equal sign.  This is the
  # name.
  name = entry["dn"].dup.pop.split(",").shift.split("=").pop

  result = {:name => name}

  @ldap2puppet.each do |ldap, puppet|
    result[puppet] = entry[ldap.to_s] || :absent
  end

  result
end

#filterObject

Create our normal search filter.


109
110
111
# File 'lib/puppet/util/ldap/manager.rb', line 109

def filter
  return(objectclasses.length == 1 ? "objectclass=#{objectclasses[0]}" : "(&(objectclass=" + objectclasses.join(")(objectclass=") + "))")
end

#find(name) ⇒ Object

Find the associated entry for a resource. Returns a hash, minus 'dn', or nil if the entry cannot be found.


115
116
117
118
119
120
121
122
123
124
125
126
# File 'lib/puppet/util/ldap/manager.rb', line 115

def find(name)
  connect do |conn|
    begin
      conn.search2(dn(name), 0, "objectclass=*") do |result|
        # Convert to puppet-appropriate attributes
        return entry2provider(result)
      end
    rescue
      return nil
    end
  end
end

#generate(values) ⇒ Object

Generate any extra values we need to make the ldap entry work.


135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
# File 'lib/puppet/util/ldap/manager.rb', line 135

def generate(values)
  return unless @generators.length > 0

  @generators.each do |generator|
    # Don't override any values that might exist.
    next if values[generator.name]

    if generator.source
      value = values[generator.source]
      unless value
        raise ArgumentError, _("%{source} must be defined to generate %{name}") %
            { source: generator.source, name: generator.name }
      end
      result = generator.generate(value)
    else
      result = generator.generate
    end

    result = [result] unless result.is_a?(Array)
    result = result.collect { |r| r.to_s }

    values[generator.name] = result
  end
end

#generates(parameter) ⇒ Object

Declare a new attribute generator.


129
130
131
132
# File 'lib/puppet/util/ldap/manager.rb', line 129

def generates(parameter)
  @generators << Puppet::Util::Ldap::Generator.new(parameter)
  @generators[-1]
end

#ldap_name(attribute) ⇒ Object

Return the ldap name for a puppet attribute.


185
186
187
# File 'lib/puppet/util/ldap/manager.rb', line 185

def ldap_name(attribute)
  @puppet2ldap[attribute].to_s
end

#manages(*classes) ⇒ Object

Specify what classes this provider models.


166
167
168
169
# File 'lib/puppet/util/ldap/manager.rb', line 166

def manages(*classes)
  @objectclasses = classes
  self
end

#maps(attributes) ⇒ Object

Specify the attribute map. Assumes the keys are the puppet attributes, and the values are the ldap attributes, and creates a map for each direction.


174
175
176
177
178
179
180
181
182
# File 'lib/puppet/util/ldap/manager.rb', line 174

def maps(attributes)
  # The map with the puppet attributes as the keys
  @puppet2ldap = attributes

  # and the ldap attributes as the keys.
  @ldap2puppet = attributes.inject({}) { |map, ary| map[ary[1]] = ary[0]; map }

  self
end

#modify(name, mods) ⇒ Object

Convert the name to a dn, then pass the args along to our connection.


191
192
193
# File 'lib/puppet/util/ldap/manager.rb', line 191

def modify(name, mods)
  connect { |connection| connection.modify dn(name), mods }
end

#named_by(attribute) ⇒ Object

Specify the rdn that we use to build up our dn.


196
197
198
199
# File 'lib/puppet/util/ldap/manager.rb', line 196

def named_by(attribute)
  @rdn = attribute
  self
end

#puppet_name(attribute) ⇒ Object

Return the puppet name for an ldap attribute.


202
203
204
# File 'lib/puppet/util/ldap/manager.rb', line 202

def puppet_name(attribute)
  @ldap2puppet[attribute]
end

#search(sfilter = nil) ⇒ Object

Search for all entries at our base. A potentially expensive search.


207
208
209
210
211
212
213
214
215
216
217
# File 'lib/puppet/util/ldap/manager.rb', line 207

def search(sfilter = nil)
  sfilter ||= filter

  result = []
  connect do |conn|
    conn.search2(base, 1, sfilter) do |entry|
      result << entry2provider(entry)
    end
  end
  return(result.empty? ? nil : result)
end

#update(name, is, should) ⇒ Object

Update the ldap entry with the desired state.


220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
# File 'lib/puppet/util/ldap/manager.rb', line 220

def update(name, is, should)
  if should[:ensure] == :absent
    Puppet.info _("Removing %{name} from ldap") % { name: dn(name) }
    delete(name)
    return
  end

  # We're creating a new entry
  if is.empty? or is[:ensure] == :absent
    Puppet.info _("Creating %{name} in ldap") % { name: dn(name) }
    # Remove any :absent params and :ensure, then convert the names to ldap names.
    attrs = ldap_convert(should)
    create(name, attrs)
    return
  end

  # We're modifying an existing entry.  Yuck.

  mods = []
  # For each attribute we're deleting that is present, create a
  # modify instance for deletion.
  [is.keys, should.keys].flatten.uniq.each do |property|
    # They're equal, so do nothing.
    next if is[property] == should[property]

    attributes = ldap_convert(should)

    prop_name = ldap_name(property).to_s

    # We're creating it.
    if is[property] == :absent or is[property].nil?
      mods << LDAP::Mod.new(LDAP::LDAP_MOD_ADD, prop_name, attributes[prop_name])
      next
    end

    # We're deleting it
    if should[property] == :absent or should[property].nil?
      mods << LDAP::Mod.new(LDAP::LDAP_MOD_DELETE, prop_name, [])
      next
    end

    # We're replacing an existing value
    mods << LDAP::Mod.new(LDAP::LDAP_MOD_REPLACE, prop_name, attributes[prop_name])
  end

  modify(name, mods)
end

#valid?Boolean

Is this a complete ldap configuration?


269
270
271
# File 'lib/puppet/util/ldap/manager.rb', line 269

def valid?
  location and objectclasses and ! objectclasses.empty? and puppet2ldap
end