Module: ASF::LDAP

Defined in:
lib/whimsy/asf/ldap.rb,
lib/whimsy/asf/ldap.rb

Constant Summary collapse

HOSTS =

www.pingmybox.com/dashboard?location=304 github.com/apache/infrastructure-puppet/blob/deployment/data/common.yaml (ldapserver::slapd_peers)

%w(
  ldaps://ldap1-us-west.apache.org:636
  ldaps://ldap1-eu-central.apache.org:636
  ldaps://ldap2-us-west.apache.org:636
  ldaps://ldap1-us-east.apache.org:636
  ldaps://snappy5.apache.org:636
)

Class Method Summary collapse

Class Method Details

.bind(user, password, &block) ⇒ Object 



355
356
357
358
359
360
361
362
363
 
# File 'lib/whimsy/asf/ldap.rb', line 355

def self.bind(user, password, &block)
  dn = ASF::Person.new(user).dn
  if block
    ASF.ldap.bind(dn, password, &block)
  else
    ASF.ldap.bind(dn, password)
  end
  ASF.init_ldap
end

.certObject

query and extract cert from openssl output



385
386
387
388
389
390
 
# File 'lib/whimsy/asf/ldap.rb', line 385

def self.cert
  host = LDAP.host[%r{//(.*?)(/|$)}, 1]
  query = "openssl s_client -connect #{host} -showcerts"
  output = `#{query} < /dev/null 2> /dev/null`
  output[/^-+BEGIN.*?\n-+END[^\n]+\n/m]
end

.configureObject

update /etc/ldap.conf. Usage:

sudo ruby -r whimsy/asf -e "ASF::LDAP.configure"



394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
 
# File 'lib/whimsy/asf/ldap.rb', line 394

def self.configure
  if not File.exist? "#{ETCLDAP}/asf-ldap-client.pem"
    File.write "#{ETCLDAP}/asf-ldap-client.pem", self.cert
  end

  ldap_conf = "#{ETCLDAP}/ldap.conf"
  content = File.read(ldap_conf)
  unless content.include? 'asf-ldap-client.pem'
    content.gsub!(/^TLS_CACERT/, '# TLS_CACERT')
    content.gsub!(/^TLS_REQCERT/, '# TLS_REQCERT')
    content += "TLS_CACERT #{ETCLDAP}/asf-ldap-client.pem\n"
    content += "uri #{LDAP.host}\n"
    content += "base dc=apache,dc=org\n"
    content += "TLS_REQCERT allow\n" if ETCLDAP.include? 'openldap'
    File.write(ldap_conf, content)
  end
end

.hostObject

select LDAP host



366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
 
# File 'lib/whimsy/asf/ldap.rb', line 366

def self.host
  # try whimsy config
  host = ASF::Config.get(:ldap)

  # check system configuration
  unless host
    conf = "#{ETCLDAP}/ldap.conf"
    if File.exist? conf
      host = File.read(conf)[/^uri\s+(ldaps?:\/\/\S+?:\d+)/i, 1]
    end
  end

  # if all else fails, pick one at random
  host = ASF::LDAP::HOSTS.sample unless host

  host
end