Class: Puppet::Util::Ldap::Manager

Inherits:
Object
  • Object
show all
Defined in:
lib/puppet/util/ldap/manager.rb

Overview

The configuration class for LDAP providers, plus connection handling for actually interacting with ldap.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initializeManager

Returns a new instance of Manager.



162
163
164
165
# File 'lib/puppet/util/ldap/manager.rb', line 162

def initialize
  @rdn = :cn
  @generators = []
end

Instance Attribute Details

#locationObject (readonly)

Returns the value of attribute location.



10
11
12
# File 'lib/puppet/util/ldap/manager.rb', line 10

def location
  @location
end

#objectclassesObject (readonly)

Returns the value of attribute objectclasses.



10
11
12
# File 'lib/puppet/util/ldap/manager.rb', line 10

def objectclasses
  @objectclasses
end

#puppet2ldapObject (readonly)

Returns the value of attribute puppet2ldap.



10
11
12
# File 'lib/puppet/util/ldap/manager.rb', line 10

def puppet2ldap
  @puppet2ldap
end

#rdnObject (readonly)

Returns the value of attribute rdn.



10
11
12
# File 'lib/puppet/util/ldap/manager.rb', line 10

def rdn
  @rdn
end

Instance Method Details

#andObject

A null-op that just returns the config.



13
14
15
# File 'lib/puppet/util/ldap/manager.rb', line 13

def and
  self
end

#at(location) ⇒ Object

Set the offset from the search base and return the config.



18
19
20
21
# File 'lib/puppet/util/ldap/manager.rb', line 18

def at(location)
  @location = location
  self
end

#baseObject

The basic search base.



24
25
26
# File 'lib/puppet/util/ldap/manager.rb', line 24

def base
  [location, Puppet[:ldapbase]].join(",")
end

#connectObject

Open, yield, and close the connection. Cannot be left open, at this point.

Raises:

  • (ArgumentError)


48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
# File 'lib/puppet/util/ldap/manager.rb', line 48

def connect
  # TRANSLATORS '#connect' is a method name and and should not be translated, 'block' refers to a Ruby code block
  raise ArgumentError, _("You must pass a block to #connect") unless block_given?

  unless @connection
    if Puppet[:ldaptls]
      ssl = :tls
    elsif Puppet[:ldapssl]
      ssl = true
    else
      ssl = false
    end
    options = {:ssl => ssl}
    user = Puppet[:ldapuser]
    if user && user != ""
      options[:user] = user
    end
    password = Puppet[:ldappassword]
    if password && password != ""
      options[:password] = password
    end
    @connection = Puppet::Util::Ldap::Connection.new(Puppet[:ldapserver], Puppet[:ldapport], options)
  end
  @connection.start
  begin
    yield @connection.connection
  ensure
    @connection.close
  end
  nil
end

#create(name, attributes) ⇒ Object

Convert the name to a dn, then pass the args along to our connection.



30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
# File 'lib/puppet/util/ldap/manager.rb', line 30

def create(name, attributes)
  attributes = attributes.dup

  # Add the objectclasses
  attributes["objectClass"] = objectclasses.collect { |o| o.to_s }
  attributes["objectClass"] << "top" unless attributes["objectClass"].include?("top")

  attributes[rdn.to_s] = [name]

  # Generate any new values we might need.
  generate(attributes)

  # And create our resource.
  connect { |conn| conn.add dn(name), attributes }
end

#delete(name) ⇒ Object

Convert the name to a dn, then pass the args along to our connection.



82
83
84
# File 'lib/puppet/util/ldap/manager.rb', line 82

def delete(name)
  connect { |connection| connection.delete dn(name) }
end

#dn(name) ⇒ Object

Calculate the dn for a given resource.



87
88
89
# File 'lib/puppet/util/ldap/manager.rb', line 87

def dn(name)
  ["#{rdn}=#{name}", base].join(",")
end

#entry2provider(entry) ⇒ Object

Convert an ldap-style entry hash to a provider-style hash.

Raises:

  • (ArgumentError)


92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
# File 'lib/puppet/util/ldap/manager.rb', line 92

def entry2provider(entry)
  # TRANSLATOR 'dn' refers to a 'distinguished name' in LDAP (Lightweight Directory Access Protocol) and they should not be translated
  raise ArgumentError, _("Could not get dn from ldap entry") unless entry["dn"]

  # DN is always a single-entry array.  Strip off the bits before the
  # first comma, then the bits after the remaining equal sign.  This is the
  # name.
  name = entry["dn"].dup.pop.split(",").shift.split("=").pop

  result = {:name => name}

  @ldap2puppet.each do |ldap, puppet|
    result[puppet] = entry[ldap.to_s] || :absent
  end

  result
end

#filterObject

Create our normal search filter.



111
112
113
# File 'lib/puppet/util/ldap/manager.rb', line 111

def filter
  return(objectclasses.length == 1 ? "objectclass=#{objectclasses[0]}" : "(&(objectclass=" + objectclasses.join(")(objectclass=") + "))")
end

#find(name) ⇒ Object

Find the associated entry for a resource. Returns a hash, minus ‘dn’, or nil if the entry cannot be found.



117
118
119
120
121
122
123
124
125
126
127
128
# File 'lib/puppet/util/ldap/manager.rb', line 117

def find(name)
  connect do |conn|
    begin
      conn.search2(dn(name), 0, "objectclass=*") do |result|
        # Convert to puppet-appropriate attributes
        return entry2provider(result)
      end
    rescue
      return nil
    end
  end
end

#generate(values) ⇒ Object

Generate any extra values we need to make the ldap entry work.



137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
# File 'lib/puppet/util/ldap/manager.rb', line 137

def generate(values)
  return unless @generators.length > 0

  @generators.each do |generator|
    # Don't override any values that might exist.
    next if values[generator.name]

    if generator.source
      value = values[generator.source]
      unless value
        raise ArgumentError, _("%{source} must be defined to generate %{name}") %
            { source: generator.source, name: generator.name }
      end
      result = generator.generate(value)
    else
      result = generator.generate
    end

    result = [result] unless result.is_a?(Array)
    result = result.collect { |r| r.to_s }

    values[generator.name] = result
  end
end

#generates(parameter) ⇒ Object

Declare a new attribute generator.



131
132
133
134
# File 'lib/puppet/util/ldap/manager.rb', line 131

def generates(parameter)
  @generators << Puppet::Util::Ldap::Generator.new(parameter)
  @generators[-1]
end

#ldap_name(attribute) ⇒ Object

Return the ldap name for a puppet attribute.



187
188
189
# File 'lib/puppet/util/ldap/manager.rb', line 187

def ldap_name(attribute)
  @puppet2ldap[attribute].to_s
end

#manages(*classes) ⇒ Object

Specify what classes this provider models.



168
169
170
171
# File 'lib/puppet/util/ldap/manager.rb', line 168

def manages(*classes)
  @objectclasses = classes
  self
end

#maps(attributes) ⇒ Object

Specify the attribute map. Assumes the keys are the puppet attributes, and the values are the ldap attributes, and creates a map for each direction.



176
177
178
179
180
181
182
183
184
# File 'lib/puppet/util/ldap/manager.rb', line 176

def maps(attributes)
  # The map with the puppet attributes as the keys
  @puppet2ldap = attributes

  # and the ldap attributes as the keys.
  @ldap2puppet = attributes.inject({}) { |map, ary| map[ary[1]] = ary[0]; map }

  self
end

#modify(name, mods) ⇒ Object

Convert the name to a dn, then pass the args along to our connection.



193
194
195
# File 'lib/puppet/util/ldap/manager.rb', line 193

def modify(name, mods)
  connect { |connection| connection.modify dn(name), mods }
end

#named_by(attribute) ⇒ Object

Specify the rdn that we use to build up our dn.



198
199
200
201
# File 'lib/puppet/util/ldap/manager.rb', line 198

def named_by(attribute)
  @rdn = attribute
  self
end

#puppet_name(attribute) ⇒ Object

Return the puppet name for an ldap attribute.



204
205
206
# File 'lib/puppet/util/ldap/manager.rb', line 204

def puppet_name(attribute)
  @ldap2puppet[attribute]
end

#search(sfilter = nil) ⇒ Object

Search for all entries at our base. A potentially expensive search.



209
210
211
212
213
214
215
216
217
218
219
# File 'lib/puppet/util/ldap/manager.rb', line 209

def search(sfilter = nil)
  sfilter ||= filter

  result = []
  connect do |conn|
    conn.search2(base, 1, sfilter) do |entry|
      result << entry2provider(entry)
    end
  end
  return(result.empty? ? nil : result)
end

#update(name, is, should) ⇒ Object

Update the ldap entry with the desired state.



222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
# File 'lib/puppet/util/ldap/manager.rb', line 222

def update(name, is, should)
  if should[:ensure] == :absent
    Puppet.info _("Removing %{name} from ldap") % { name: dn(name) }
    delete(name)
    return
  end

  # We're creating a new entry
  if is.empty? or is[:ensure] == :absent
    Puppet.info _("Creating %{name} in ldap") % { name: dn(name) }
    # Remove any :absent params and :ensure, then convert the names to ldap names.
    attrs = ldap_convert(should)
    create(name, attrs)
    return
  end

  # We're modifying an existing entry.  Yuck.

  mods = []
  # For each attribute we're deleting that is present, create a
  # modify instance for deletion.
  [is.keys, should.keys].flatten.uniq.each do |property|
    # They're equal, so do nothing.
    next if is[property] == should[property]

    attributes = ldap_convert(should)

    prop_name = ldap_name(property).to_s

    # We're creating it.
    if is[property] == :absent or is[property].nil?
      mods << LDAP::Mod.new(LDAP::LDAP_MOD_ADD, prop_name, attributes[prop_name])
      next
    end

    # We're deleting it
    if should[property] == :absent or should[property].nil?
      mods << LDAP::Mod.new(LDAP::LDAP_MOD_DELETE, prop_name, [])
      next
    end

    # We're replacing an existing value
    mods << LDAP::Mod.new(LDAP::LDAP_MOD_REPLACE, prop_name, attributes[prop_name])
  end

  modify(name, mods)
end

#valid?Boolean

Is this a complete ldap configuration?

Returns:

  • (Boolean)


271
272
273
# File 'lib/puppet/util/ldap/manager.rb', line 271

def valid?
  location and objectclasses and ! objectclasses.empty? and puppet2ldap
end