Class: Puppet::Util::Ldap::Manager
- Defined in:
- lib/puppet/util/ldap/manager.rb
Overview
The configuration class for LDAP providers, plus connection handling for actually interacting with ldap.
Instance Attribute Summary collapse
-
#location ⇒ Object
readonly
Returns the value of attribute location.
-
#objectclasses ⇒ Object
readonly
Returns the value of attribute objectclasses.
-
#puppet2ldap ⇒ Object
readonly
Returns the value of attribute puppet2ldap.
-
#rdn ⇒ Object
readonly
Returns the value of attribute rdn.
Instance Method Summary collapse
-
#and ⇒ Object
A null-op that just returns the config.
-
#at(location) ⇒ Object
Set the offset from the search base and return the config.
-
#base ⇒ Object
The basic search base.
-
#connect ⇒ Object
Open, yield, and close the connection.
-
#create(name, attributes) ⇒ Object
Convert the name to a dn, then pass the args along to our connection.
-
#delete(name) ⇒ Object
Convert the name to a dn, then pass the args along to our connection.
-
#dn(name) ⇒ Object
Calculate the dn for a given resource.
-
#entry2provider(entry) ⇒ Object
Convert an ldap-style entry hash to a provider-style hash.
-
#filter ⇒ Object
Create our normal search filter.
-
#find(name) ⇒ Object
Find the associated entry for a resource.
-
#generate(values) ⇒ Object
Generate any extra values we need to make the ldap entry work.
-
#generates(parameter) ⇒ Object
Declare a new attribute generator.
-
#initialize ⇒ Manager
constructor
A new instance of Manager.
-
#ldap_name(attribute) ⇒ Object
Return the ldap name for a puppet attribute.
-
#manages(*classes) ⇒ Object
Specify what classes this provider models.
-
#maps(attributes) ⇒ Object
Specify the attribute map.
-
#modify(name, mods) ⇒ Object
Convert the name to a dn, then pass the args along to our connection.
-
#named_by(attribute) ⇒ Object
Specify the rdn that we use to build up our dn.
-
#puppet_name(attribute) ⇒ Object
Return the puppet name for an ldap attribute.
-
#search(sfilter = nil) ⇒ Object
Search for all entries at our base.
-
#update(name, is, should) ⇒ Object
Update the ldap entry with the desired state.
-
#valid? ⇒ Boolean
Is this a complete ldap configuration?.
Constructor Details
#initialize ⇒ Manager
Returns a new instance of Manager.
160 161 162 163 |
# File 'lib/puppet/util/ldap/manager.rb', line 160 def initialize @rdn = :cn @generators = [] end |
Instance Attribute Details
#location ⇒ Object (readonly)
Returns the value of attribute location.
10 11 12 |
# File 'lib/puppet/util/ldap/manager.rb', line 10 def location @location end |
#objectclasses ⇒ Object (readonly)
Returns the value of attribute objectclasses.
10 11 12 |
# File 'lib/puppet/util/ldap/manager.rb', line 10 def objectclasses @objectclasses end |
#puppet2ldap ⇒ Object (readonly)
Returns the value of attribute puppet2ldap.
10 11 12 |
# File 'lib/puppet/util/ldap/manager.rb', line 10 def puppet2ldap @puppet2ldap end |
#rdn ⇒ Object (readonly)
Returns the value of attribute rdn.
10 11 12 |
# File 'lib/puppet/util/ldap/manager.rb', line 10 def rdn @rdn end |
Instance Method Details
#and ⇒ Object
A null-op that just returns the config.
13 14 15 |
# File 'lib/puppet/util/ldap/manager.rb', line 13 def and self end |
#at(location) ⇒ Object
Set the offset from the search base and return the config.
18 19 20 21 |
# File 'lib/puppet/util/ldap/manager.rb', line 18 def at(location) @location = location self end |
#base ⇒ Object
The basic search base.
24 25 26 |
# File 'lib/puppet/util/ldap/manager.rb', line 24 def base [location, Puppet[:ldapbase]].join(",") end |
#connect ⇒ Object
Open, yield, and close the connection. Cannot be left open, at this point.
48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 |
# File 'lib/puppet/util/ldap/manager.rb', line 48 def connect # TRANSLATORS '#connect' is a method name and and should not be translated, 'block' refers to a Ruby code block raise ArgumentError, _("You must pass a block to #connect") unless block_given? unless @connection if Puppet[:ldaptls] ssl = :tls elsif Puppet[:ldapssl] ssl = true else ssl = false end = { :ssl => ssl } user = Puppet[:ldapuser] if user && user != "" [:user] = user end password = Puppet[:ldappassword] if password && password != "" [:password] = password end @connection = Puppet::Util::Ldap::Connection.new(Puppet[:ldapserver], Puppet[:ldapport], ) end @connection.start begin yield @connection.connection ensure @connection.close end nil end |
#create(name, attributes) ⇒ Object
Convert the name to a dn, then pass the args along to our connection.
30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 |
# File 'lib/puppet/util/ldap/manager.rb', line 30 def create(name, attributes) attributes = attributes.dup # Add the objectclasses attributes["objectClass"] = objectclasses.collect(&:to_s) attributes["objectClass"] << "top" unless attributes["objectClass"].include?("top") attributes[rdn.to_s] = [name] # Generate any new values we might need. generate(attributes) # And create our resource. connect { |conn| conn.add dn(name), attributes } end |
#delete(name) ⇒ Object
Convert the name to a dn, then pass the args along to our connection.
82 83 84 |
# File 'lib/puppet/util/ldap/manager.rb', line 82 def delete(name) connect { |connection| connection.delete dn(name) } end |
#dn(name) ⇒ Object
Calculate the dn for a given resource.
87 88 89 |
# File 'lib/puppet/util/ldap/manager.rb', line 87 def dn(name) ["#{rdn}=#{name}", base].join(",") end |
#entry2provider(entry) ⇒ Object
Convert an ldap-style entry hash to a provider-style hash.
92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 |
# File 'lib/puppet/util/ldap/manager.rb', line 92 def entry2provider(entry) # TRANSLATOR 'dn' refers to a 'distinguished name' in LDAP (Lightweight Directory Access Protocol) and they should not be translated raise ArgumentError, _("Could not get dn from ldap entry") unless entry["dn"] # DN is always a single-entry array. Strip off the bits before the # first comma, then the bits after the remaining equal sign. This is the # name. name = entry["dn"].dup.pop.split(",").shift.split("=").pop result = { :name => name } @ldap2puppet.each do |ldap, puppet| result[puppet] = entry[ldap.to_s] || :absent end result end |
#filter ⇒ Object
Create our normal search filter.
111 112 113 |
# File 'lib/puppet/util/ldap/manager.rb', line 111 def filter (objectclasses.length == 1 ? "objectclass=#{objectclasses[0]}" : "(&(objectclass=" + objectclasses.join(")(objectclass=") + "))") end |
#find(name) ⇒ Object
Find the associated entry for a resource. Returns a hash, minus ‘dn’, or nil if the entry cannot be found.
117 118 119 120 121 122 123 124 125 126 |
# File 'lib/puppet/util/ldap/manager.rb', line 117 def find(name) connect do |conn| conn.search2(dn(name), 0, "objectclass=*") do |result| # Convert to puppet-appropriate attributes return entry2provider(result) end rescue return nil end end |
#generate(values) ⇒ Object
Generate any extra values we need to make the ldap entry work.
135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 |
# File 'lib/puppet/util/ldap/manager.rb', line 135 def generate(values) return unless @generators.length > 0 @generators.each do |generator| # Don't override any values that might exist. next if values[generator.name] if generator.source value = values[generator.source] unless value raise ArgumentError, _("%{source} must be defined to generate %{name}") % { source: generator.source, name: generator.name } end result = generator.generate(value) else result = generator.generate end result = [result] unless result.is_a?(Array) result = result.collect(&:to_s) values[generator.name] = result end end |
#generates(parameter) ⇒ Object
Declare a new attribute generator.
129 130 131 132 |
# File 'lib/puppet/util/ldap/manager.rb', line 129 def generates(parameter) @generators << Puppet::Util::Ldap::Generator.new(parameter) @generators[-1] end |
#ldap_name(attribute) ⇒ Object
Return the ldap name for a puppet attribute.
185 186 187 |
# File 'lib/puppet/util/ldap/manager.rb', line 185 def ldap_name(attribute) @puppet2ldap[attribute].to_s end |
#manages(*classes) ⇒ Object
Specify what classes this provider models.
166 167 168 169 |
# File 'lib/puppet/util/ldap/manager.rb', line 166 def manages(*classes) @objectclasses = classes self end |
#maps(attributes) ⇒ Object
Specify the attribute map. Assumes the keys are the puppet attributes, and the values are the ldap attributes, and creates a map for each direction.
174 175 176 177 178 179 180 181 182 |
# File 'lib/puppet/util/ldap/manager.rb', line 174 def maps(attributes) # The map with the puppet attributes as the keys @puppet2ldap = attributes # and the ldap attributes as the keys. @ldap2puppet = attributes.each_with_object({}) { |ary, map| map[ary[1]] = ary[0]; } self end |
#modify(name, mods) ⇒ Object
Convert the name to a dn, then pass the args along to our connection.
191 192 193 |
# File 'lib/puppet/util/ldap/manager.rb', line 191 def modify(name, mods) connect { |connection| connection.modify dn(name), mods } end |
#named_by(attribute) ⇒ Object
Specify the rdn that we use to build up our dn.
196 197 198 199 |
# File 'lib/puppet/util/ldap/manager.rb', line 196 def named_by(attribute) @rdn = attribute self end |
#puppet_name(attribute) ⇒ Object
Return the puppet name for an ldap attribute.
202 203 204 |
# File 'lib/puppet/util/ldap/manager.rb', line 202 def puppet_name(attribute) @ldap2puppet[attribute] end |
#search(sfilter = nil) ⇒ Object
Search for all entries at our base. A potentially expensive search.
207 208 209 210 211 212 213 214 215 216 217 |
# File 'lib/puppet/util/ldap/manager.rb', line 207 def search(sfilter = nil) sfilter ||= filter result = [] connect do |conn| conn.search2(base, 1, sfilter) do |entry| result << entry2provider(entry) end end (result.empty? ? nil : result) end |
#update(name, is, should) ⇒ Object
Update the ldap entry with the desired state.
220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 |
# File 'lib/puppet/util/ldap/manager.rb', line 220 def update(name, is, should) if should[:ensure] == :absent Puppet.info _("Removing %{name} from ldap") % { name: dn(name) } delete(name) return end # We're creating a new entry if is.empty? or is[:ensure] == :absent Puppet.info _("Creating %{name} in ldap") % { name: dn(name) } # Remove any :absent params and :ensure, then convert the names to ldap names. attrs = ldap_convert(should) create(name, attrs) return end # We're modifying an existing entry. Yuck. mods = [] # For each attribute we're deleting that is present, create a # modify instance for deletion. [is.keys, should.keys].flatten.uniq.each do |property| # They're equal, so do nothing. next if is[property] == should[property] attributes = ldap_convert(should) prop_name = ldap_name(property).to_s # We're creating it. if is[property] == :absent or is[property].nil? mods << LDAP::Mod.new(LDAP::LDAP_MOD_ADD, prop_name, attributes[prop_name]) next end # We're deleting it if should[property] == :absent or should[property].nil? mods << LDAP::Mod.new(LDAP::LDAP_MOD_DELETE, prop_name, []) next end # We're replacing an existing value mods << LDAP::Mod.new(LDAP::LDAP_MOD_REPLACE, prop_name, attributes[prop_name]) end modify(name, mods) end |
#valid? ⇒ Boolean
Is this a complete ldap configuration?
269 270 271 |
# File 'lib/puppet/util/ldap/manager.rb', line 269 def valid? location and objectclasses and !objectclasses.empty? and puppet2ldap end |