|
1 # |
|
2 # CDDL HEADER START |
|
3 # |
|
4 # The contents of this file are subject to the terms of the |
|
5 # Common Development and Distribution License (the "License"). |
|
6 # You may not use this file except in compliance with the License. |
|
7 # |
|
8 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE |
|
9 # or http://www.opensolaris.org/os/licensing. |
|
10 # See the License for the specific language governing permissions |
|
11 # and limitations under the License. |
|
12 # |
|
13 # When distributing Covered Code, include this CDDL HEADER in each |
|
14 # file and include the License file at usr/src/OPENSOLARIS.LICENSE. |
|
15 # If applicable, add the following below this CDDL HEADER, with the |
|
16 # fields enclosed by brackets "[]" replaced with your own identifying |
|
17 # information: Portions Copyright [yyyy] [name of copyright owner] |
|
18 # |
|
19 # CDDL HEADER END |
|
20 # |
|
21 |
|
22 # |
|
23 # Copyright (c) 2013, 2014, Oracle and/or its affiliates. All rights reserved. |
|
24 # |
|
25 |
|
26 require 'ipaddr' |
|
27 require 'puppet/property/list' |
|
28 |
|
29 def valid_hostname?(hostname) |
|
30 return false if hostname.length > 255 or hostname.scan('..').any? |
|
31 hostname = hostname[0...-1] if hostname.index('.', -1) |
|
32 return hostname.split('.').collect { |i| |
|
33 i.size <= 63 and |
|
34 not (i.rindex('-', 0) or i.index('-', -1) or i.scan(/[^a-z\d-]/i).any?) |
|
35 }.all? |
|
36 end |
|
37 |
|
38 def valid_ip?(value) |
|
39 begin |
|
40 ip = IPAddr.new(value) |
|
41 rescue ArgumentError |
|
42 return false |
|
43 end |
|
44 return true |
|
45 end |
|
46 |
|
47 Puppet::Type.newtype(:ldap) do |
|
48 @doc = "Manage the configuration of the LDAP client for Oracle Solaris" |
|
49 |
|
50 newparam(:name) do |
|
51 desc "The symbolic name for the LDAP client settings to use. This name |
|
52 is used for human reference only." |
|
53 isnamevar |
|
54 end |
|
55 |
|
56 newproperty(:profile) do |
|
57 desc "The LDAP profile name" |
|
58 class << self |
|
59 attr_accessor :pg |
|
60 end |
|
61 self.pg = "config" |
|
62 desc "The LDAP profile name" |
|
63 end |
|
64 |
|
65 newproperty(:server_list, :parent => Puppet::Property::List) do |
|
66 desc "LDAP server names or addresses. Specify multiple servers as an |
|
67 array" |
|
68 |
|
69 class << self |
|
70 attr_accessor :pg |
|
71 end |
|
72 self.pg = "config" |
|
73 |
|
74 # ensure should remains an array |
|
75 def should |
|
76 @should |
|
77 end |
|
78 |
|
79 def insync?(is) |
|
80 is = [] if is == :absent or is.nil? |
|
81 is.sort == self.should.sort |
|
82 end |
|
83 |
|
84 # svcprop returns multivalue entries delimited with a space |
|
85 def delimiter |
|
86 " " |
|
87 end |
|
88 |
|
89 validate do |value| |
|
90 raise Puppet::Error, "default_server entry: #{value} is |
|
91 invalid" if not valid_ip?(value) and not valid_hostname?(value) |
|
92 end |
|
93 end |
|
94 |
|
95 newproperty(:preferred_server_list, :parent => Puppet::Property::List) do |
|
96 desc "LDAP server(s) to contact before any servers listed in |
|
97 default_server_list" |
|
98 class << self |
|
99 attr_accessor :pg |
|
100 end |
|
101 self.pg = "config" |
|
102 |
|
103 # ensure should remains an array |
|
104 def should |
|
105 @should |
|
106 end |
|
107 |
|
108 def insync?(is) |
|
109 is = [] if is == :absent or is.nil? |
|
110 is.sort == self.should.sort |
|
111 end |
|
112 |
|
113 # svcprop returns multivalue entries delimited with a space |
|
114 def delimiter |
|
115 " " |
|
116 end |
|
117 |
|
118 validate do |value| |
|
119 raise Puppet::Error, "preferred_server entry: #{value} is |
|
120 invalid" if not valid_ip?(value) and not valid_hostname?(value) |
|
121 end |
|
122 end |
|
123 |
|
124 newproperty(:search_base) do |
|
125 desc "The default search base DN" |
|
126 class << self |
|
127 attr_accessor :pg |
|
128 end |
|
129 self.pg = "config" |
|
130 end |
|
131 |
|
132 newproperty(:search_scope) do |
|
133 desc "The default search scope for the client's search operations." |
|
134 newvalues("base", "one", "sub") |
|
135 class << self |
|
136 attr_accessor :pg |
|
137 end |
|
138 self.pg = "config" |
|
139 end |
|
140 |
|
141 newproperty(:authentication_method, :parent => Puppet::Property::List) do |
|
142 desc "The default authentication method(s). Specify multiple methods |
|
143 as an array." |
|
144 |
|
145 class << self |
|
146 attr_accessor :pg |
|
147 end |
|
148 self.pg = "config" |
|
149 |
|
150 # ensure should remains an array |
|
151 def should |
|
152 @should |
|
153 end |
|
154 |
|
155 def insync?(is) |
|
156 is = [] if is == :absent or is.nil? |
|
157 is.sort == self.should.sort |
|
158 end |
|
159 |
|
160 # svcprop returns multivalue entries delimited with a space |
|
161 def delimiter |
|
162 " " |
|
163 end |
|
164 |
|
165 newvalues("none", "simple", "sasl/CRAM-MD5", "sasl/DIGEST-MD5", |
|
166 "sasl/GSSAPI", "tls:simple", "tls:sasl/CRAM-MD5", |
|
167 "tls:sasl/DIGEST-MD5") |
|
168 end |
|
169 |
|
170 newproperty(:credential_level) do |
|
171 desc "The credential level the client should use to contact the |
|
172 directory." |
|
173 newvalues("anonymous", "proxy", "self") |
|
174 class << self |
|
175 attr_accessor :pg |
|
176 end |
|
177 self.pg = "config" |
|
178 end |
|
179 |
|
180 newproperty(:search_time_limit) do |
|
181 desc "The maximum number of seconds allowed for an LDAP search |
|
182 operation." |
|
183 class << self |
|
184 attr_accessor :pg |
|
185 end |
|
186 self.pg = "config" |
|
187 end |
|
188 |
|
189 newproperty(:bind_time_limit) do |
|
190 desc "The maximum number of seconds a client should spend performing a |
|
191 bind operation." |
|
192 class << self |
|
193 attr_accessor :pg |
|
194 end |
|
195 self.pg = "config" |
|
196 end |
|
197 |
|
198 newproperty(:follow_referrals) do |
|
199 desc "The referral setting." |
|
200 newvalues(:true, :false) |
|
201 class << self |
|
202 attr_accessor :pg |
|
203 end |
|
204 self.pg = "config" |
|
205 end |
|
206 |
|
207 newproperty(:profile_ttl) do |
|
208 desc "The TTL value in seconds for the client information" |
|
209 class << self |
|
210 attr_accessor :pg |
|
211 end |
|
212 self.pg = "config" |
|
213 end |
|
214 |
|
215 newproperty(:attribute_map, :parent => Puppet::Property::List) do |
|
216 desc "A mapping from an attribute defined by a service to an attribute |
|
217 in an alternative schema. Specify multiple mappings as an array." |
|
218 |
|
219 class << self |
|
220 attr_accessor :pg |
|
221 end |
|
222 self.pg = "config" |
|
223 |
|
224 # ensure should remains an array |
|
225 def should |
|
226 @should |
|
227 end |
|
228 |
|
229 def insync?(is) |
|
230 is = [] if is == :absent or is.nil? |
|
231 is.sort == self.should.sort |
|
232 end |
|
233 |
|
234 # svcprop returns multivalue entries delimited with a space |
|
235 def delimiter |
|
236 " " |
|
237 end |
|
238 end |
|
239 |
|
240 newproperty(:objectclass_map, :parent => Puppet::Property::List) do |
|
241 desc "A mapping from an objectclass defined by a service to an |
|
242 objectclass in an alternative schema. Specify multiple mappings |
|
243 as an array." |
|
244 |
|
245 class << self |
|
246 attr_accessor :pg |
|
247 end |
|
248 self.pg = "config" |
|
249 |
|
250 # ensure should remains an array |
|
251 def should |
|
252 @should |
|
253 end |
|
254 |
|
255 def insync?(is) |
|
256 is = [] if is == :absent or is.nil? |
|
257 is.sort == self.should.sort |
|
258 end |
|
259 |
|
260 # svcprop returns multivalue entries delimited with a space |
|
261 def delimiter |
|
262 " " |
|
263 end |
|
264 end |
|
265 |
|
266 newproperty(:service_credential_level) do |
|
267 desc "The credential level to be used by a service." |
|
268 newvalues("anonymous", "proxy") |
|
269 class << self |
|
270 attr_accessor :pg |
|
271 end |
|
272 self.pg = "config" |
|
273 end |
|
274 |
|
275 newproperty(:service_authentication_method, |
|
276 :parent => Puppet::Property::List) do |
|
277 desc "The authentication method to be used by a service. Specify |
|
278 multiple methods as an array." |
|
279 |
|
280 class << self |
|
281 attr_accessor :pg |
|
282 end |
|
283 self.pg = "config" |
|
284 |
|
285 # ensure should remains an array |
|
286 def should |
|
287 @should |
|
288 end |
|
289 |
|
290 def insync?(is) |
|
291 is = [] if is == :absent or is.nil? |
|
292 is.sort == self.should.sort |
|
293 end |
|
294 |
|
295 # svcprop returns multivalue entries delimited with a space |
|
296 def delimiter |
|
297 " " |
|
298 end |
|
299 end |
|
300 |
|
301 newproperty(:bind_dn, :parent => Puppet::Property::List) do |
|
302 desc "An entry that has read permission for the requested database. |
|
303 Specify multiple entries as an array." |
|
304 |
|
305 class << self |
|
306 attr_accessor :pg |
|
307 end |
|
308 self.pg = "cred" |
|
309 |
|
310 # ensure should remains an array |
|
311 def should |
|
312 @should |
|
313 end |
|
314 |
|
315 def insync?(is) |
|
316 is = [] if is == :absent or is.nil? |
|
317 is.sort == self.should.sort |
|
318 end |
|
319 |
|
320 # svcprop returns multivalue entries delimited with a space |
|
321 def delimiter |
|
322 " " |
|
323 end |
|
324 end |
|
325 |
|
326 newproperty(:bind_passwd) do |
|
327 desc "password to be used for authenticating the bind DN." |
|
328 class << self |
|
329 attr_accessor :pg |
|
330 end |
|
331 self.pg = "cred" |
|
332 end |
|
333 |
|
334 newproperty(:enable_shadow_update) do |
|
335 desc "Specify whether the client is allowed to update shadow |
|
336 information." |
|
337 newvalues(:true, :false) |
|
338 class << self |
|
339 attr_accessor :pg |
|
340 end |
|
341 self.pg = "cred" |
|
342 end |
|
343 |
|
344 newproperty(:admin_bind_dn) do |
|
345 desc "The Bind Distinguished Name for the administrator identity that |
|
346 is used for shadow information update" |
|
347 class << self |
|
348 attr_accessor :pg |
|
349 end |
|
350 self.pg = "cred" |
|
351 end |
|
352 |
|
353 newproperty(:admin_bind_passwd) do |
|
354 desc "The administrator password" |
|
355 class << self |
|
356 attr_accessor :pg |
|
357 end |
|
358 self.pg = "cred" |
|
359 end |
|
360 |
|
361 newproperty(:host_certpath) do |
|
362 desc "The location of the certificate files" |
|
363 class << self |
|
364 attr_accessor :pg |
|
365 end |
|
366 self.pg = "cred" |
|
367 end |
|
368 end |