Class: Puppet::Util::Ldap::Manager

Inherits:

Object

• Object
• Puppet::Util::Ldap::Manager

Defined in:

lib/puppet/util/ldap/manager.rb

Overview

The configuration class for LDAP providers, plus connection handling for actually interacting with ldap.

Instance Attribute Summary

• #location ⇒ Object readonly

  Returns the value of attribute location.

• #objectclasses ⇒ Object readonly

  Returns the value of attribute objectclasses.

• #puppet2ldap ⇒ Object readonly

  Returns the value of attribute puppet2ldap.

• #rdn ⇒ Object readonly

  Returns the value of attribute rdn.

Instance Method Summary

• #and ⇒ Object

  A null-op that just returns the config.

• #at(location) ⇒ Object

  Set the offset from the search base and return the config.

• #base ⇒ Object

  The basic search base.

• #connect ⇒ Object

  Open, yield, and close the connection.

• #create(name, attributes) ⇒ Object

  Convert the name to a dn, then pass the args along to our connection.

• #delete(name) ⇒ Object

  Convert the name to a dn, then pass the args along to our connection.

• #dn(name) ⇒ Object

  Calculate the dn for a given resource.

• #entry2provider(entry) ⇒ Object

  Convert an ldap-style entry hash to a provider-style hash.

• #filter ⇒ Object

  Create our normal search filter.

• #find(name) ⇒ Object

  Find the associated entry for a resource.

• #generate(values) ⇒ Object

  Generate any extra values we need to make the ldap entry work.

• #generates(parameter) ⇒ Object

  Declare a new attribute generator.

• #initialize ⇒ Manager constructor

  A new instance of Manager.

• #ldap_name(attribute) ⇒ Object

  Return the ldap name for a puppet attribute.

• #manages(*classes) ⇒ Object

  Specify what classes this provider models.

• #maps(attributes) ⇒ Object

  Specify the attribute map.

• #modify(name, mods) ⇒ Object

  Convert the name to a dn, then pass the args along to our connection.

• #named_by(attribute) ⇒ Object

  Specify the rdn that we use to build up our dn.

• #puppet_name(attribute) ⇒ Object

  Return the puppet name for an ldap attribute.

• #search(sfilter = nil) ⇒ Object

  Search for all entries at our base.

• #update(name, is, should) ⇒ Object

  Update the ldap entry with the desired state.

• #valid? ⇒ Boolean

  Is this a complete ldap configuration?.

Constructor Details

#initialize ⇒ Manager

Returns a new instance of Manager.

# File 'lib/puppet/util/ldap/manager.rb', line 160

def initialize
  @rdn = :cn
  @generators = []
end

Instance Attribute Details

#location ⇒ Object (readonly)

Returns the value of attribute location.

# File 'lib/puppet/util/ldap/manager.rb', line 10

def location
  @location
end

#objectclasses ⇒ Object (readonly)

Returns the value of attribute objectclasses.

# File 'lib/puppet/util/ldap/manager.rb', line 10

def objectclasses
  @objectclasses
end

#puppet2ldap ⇒ Object (readonly)

Returns the value of attribute puppet2ldap.

# File 'lib/puppet/util/ldap/manager.rb', line 10

def puppet2ldap
  @puppet2ldap
end

#rdn ⇒ Object (readonly)

Returns the value of attribute rdn.

# File 'lib/puppet/util/ldap/manager.rb', line 10

def rdn
  @rdn
end

Instance Method Details

#and ⇒ Object

A null-op that just returns the config.

# File 'lib/puppet/util/ldap/manager.rb', line 13

def and
  self
end

#at(location) ⇒ Object

Set the offset from the search base and return the config.

# File 'lib/puppet/util/ldap/manager.rb', line 18

def at(location)
  @location = location
  self
end

#base ⇒ Object

The basic search base.

# File 'lib/puppet/util/ldap/manager.rb', line 24

def base
  [location, Puppet[:ldapbase]].join(",")
end

#connect ⇒ Object

Open, yield, and close the connection. Cannot be left open, at this point.

Raises:

• (ArgumentError)

# File 'lib/puppet/util/ldap/manager.rb', line 48

def connect
  # TRANSLATORS '#connect' is a method name and and should not be translated, 'block' refers to a Ruby code block
  raise ArgumentError, _("You must pass a block to #connect") unless block_given?

  unless @connection
    if Puppet[:ldaptls]
      ssl = :tls
    elsif Puppet[:ldapssl]
      ssl = true
    else
      ssl = false
    end
    options = { :ssl => ssl }
    user = Puppet[:ldapuser]
    if user && user != ""
      options[:user] = user
    end
    password = Puppet[:ldappassword]
    if password && password != ""
      options[:password] = password
    end
    @connection = Puppet::Util::Ldap::Connection.new(Puppet[:ldapserver], Puppet[:ldapport], options)
  end
  @connection.start
  begin
    yield @connection.connection
  ensure
    @connection.close
  end
  nil
end

#create(name, attributes) ⇒ Object

Convert the name to a dn, then pass the args along to our connection.

# File 'lib/puppet/util/ldap/manager.rb', line 30

def create(name, attributes)
  attributes = attributes.dup

  # Add the objectclasses
  attributes["objectClass"] = objectclasses.collect(&:to_s)
  attributes["objectClass"] << "top" unless attributes["objectClass"].include?("top")

  attributes[rdn.to_s] = [name]

  # Generate any new values we might need.
  generate(attributes)

  # And create our resource.
  connect { |conn| conn.add dn(name), attributes }
end

#delete(name) ⇒ Object

Convert the name to a dn, then pass the args along to our connection.

# File 'lib/puppet/util/ldap/manager.rb', line 82

def delete(name)
  connect { |connection| connection.delete dn(name) }
end

#dn(name) ⇒ Object

Calculate the dn for a given resource.

# File 'lib/puppet/util/ldap/manager.rb', line 87

def dn(name)
  ["#{rdn}=#{name}", base].join(",")
end

#entry2provider(entry) ⇒ Object

Convert an ldap-style entry hash to a provider-style hash.

Raises:

• (ArgumentError)

# File 'lib/puppet/util/ldap/manager.rb', line 92

def entry2provider(entry)
  # TRANSLATOR 'dn' refers to a 'distinguished name' in LDAP (Lightweight Directory Access Protocol) and they should not be translated
  raise ArgumentError, _("Could not get dn from ldap entry") unless entry["dn"]

  # DN is always a single-entry array.  Strip off the bits before the
  # first comma, then the bits after the remaining equal sign.  This is the
  # name.
  name = entry["dn"].dup.pop.split(",").shift.split("=").pop

  result = { :name => name }

  @ldap2puppet.each do |ldap, puppet|
    result[puppet] = entry[ldap.to_s] || :absent
  end

  result
end

#filter ⇒ Object

Create our normal search filter.

# File 'lib/puppet/util/ldap/manager.rb', line 111

def filter
  (objectclasses.length == 1 ? "objectclass=#{objectclasses[0]}" : "(&(objectclass=" + objectclasses.join(")(objectclass=") + "))")
end

#find(name) ⇒ Object

Find the associated entry for a resource. Returns a hash, minus ‘dn’, or nil if the entry cannot be found.

# File 'lib/puppet/util/ldap/manager.rb', line 117

def find(name)
  connect do |conn|
    conn.search2(dn(name), 0, "objectclass=*") do |result|
      # Convert to puppet-appropriate attributes
      return entry2provider(result)
    end
  rescue
    return nil
  end
end

#generate(values) ⇒ Object

Generate any extra values we need to make the ldap entry work.

# File 'lib/puppet/util/ldap/manager.rb', line 135

def generate(values)
  return unless @generators.length > 0

  @generators.each do |generator|
    # Don't override any values that might exist.
    next if values[generator.name]

    if generator.source
      value = values[generator.source]
      unless value
        raise ArgumentError, _("%{source} must be defined to generate %{name}") %
                             { source: generator.source, name: generator.name }
      end
      result = generator.generate(value)
    else
      result = generator.generate
    end

    result = [result] unless result.is_a?(Array)
    result = result.collect(&:to_s)

    values[generator.name] = result
  end
end

#generates(parameter) ⇒ Object

Declare a new attribute generator.

# File 'lib/puppet/util/ldap/manager.rb', line 129

def generates(parameter)
  @generators << Puppet::Util::Ldap::Generator.new(parameter)
  @generators[-1]
end

#ldap_name(attribute) ⇒ Object

Return the ldap name for a puppet attribute.

# File 'lib/puppet/util/ldap/manager.rb', line 185

def ldap_name(attribute)
  @puppet2ldap[attribute].to_s
end

#manages(*classes) ⇒ Object

Specify what classes this provider models.

# File 'lib/puppet/util/ldap/manager.rb', line 166

def manages(*classes)
  @objectclasses = classes
  self
end

#maps(attributes) ⇒ Object

Specify the attribute map. Assumes the keys are the puppet attributes, and the values are the ldap attributes, and creates a map for each direction.

# File 'lib/puppet/util/ldap/manager.rb', line 174

def maps(attributes)
  # The map with the puppet attributes as the keys
  @puppet2ldap = attributes

  # and the ldap attributes as the keys.
  @ldap2puppet = attributes.each_with_object({}) { |ary, map| map[ary[1]] = ary[0]; }

  self
end

#modify(name, mods) ⇒ Object

Convert the name to a dn, then pass the args along to our connection.

# File 'lib/puppet/util/ldap/manager.rb', line 191

def modify(name, mods)
  connect { |connection| connection.modify dn(name), mods }
end

#named_by(attribute) ⇒ Object

Specify the rdn that we use to build up our dn.

# File 'lib/puppet/util/ldap/manager.rb', line 196

def named_by(attribute)
  @rdn = attribute
  self
end

#puppet_name(attribute) ⇒ Object

Return the puppet name for an ldap attribute.

# File 'lib/puppet/util/ldap/manager.rb', line 202

def puppet_name(attribute)
  @ldap2puppet[attribute]
end

#search(sfilter = nil) ⇒ Object

Search for all entries at our base. A potentially expensive search.

# File 'lib/puppet/util/ldap/manager.rb', line 207

def search(sfilter = nil)
  sfilter ||= filter

  result = []
  connect do |conn|
    conn.search2(base, 1, sfilter) do |entry|
      result << entry2provider(entry)
    end
  end
  (result.empty? ? nil : result)
end

#update(name, is, should) ⇒ Object

Update the ldap entry with the desired state.

# File 'lib/puppet/util/ldap/manager.rb', line 220

def update(name, is, should)
  if should[:ensure] == :absent
    Puppet.info _("Removing %{name} from ldap") % { name: dn(name) }
    delete(name)
    return
  end

  # We're creating a new entry
  if is.empty? or is[:ensure] == :absent
    Puppet.info _("Creating %{name} in ldap") % { name: dn(name) }
    # Remove any :absent params and :ensure, then convert the names to ldap names.
    attrs = ldap_convert(should)
    create(name, attrs)
    return
  end

  # We're modifying an existing entry.  Yuck.

  mods = []
  # For each attribute we're deleting that is present, create a
  # modify instance for deletion.
  [is.keys, should.keys].flatten.uniq.each do |property|
    # They're equal, so do nothing.
    next if is[property] == should[property]

    attributes = ldap_convert(should)

    prop_name = ldap_name(property).to_s

    # We're creating it.
    if is[property] == :absent or is[property].nil?
      mods << LDAP::Mod.new(LDAP::LDAP_MOD_ADD, prop_name, attributes[prop_name])
      next
    end

    # We're deleting it
    if should[property] == :absent or should[property].nil?
      mods << LDAP::Mod.new(LDAP::LDAP_MOD_DELETE, prop_name, [])
      next
    end

    # We're replacing an existing value
    mods << LDAP::Mod.new(LDAP::LDAP_MOD_REPLACE, prop_name, attributes[prop_name])
  end

  modify(name, mods)
end

#valid? ⇒ Boolean

Is this a complete ldap configuration?

Returns:

• (Boolean)

# File 'lib/puppet/util/ldap/manager.rb', line 269

def valid?
  location and objectclasses and !objectclasses.empty? and puppet2ldap
end