|
1 # |
|
2 # CDDL HEADER START |
|
3 # |
|
4 # The contents of this file are subject to the terms of the |
|
5 # Common Development and Distribution License (the "License"). |
|
6 # You may not use this file except in compliance with the License. |
|
7 # |
|
8 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE |
|
9 # or http://www.opensolaris.org/os/licensing. |
|
10 # See the License for the specific language governing permissions |
|
11 # and limitations under the License. |
|
12 # |
|
13 # When distributing Covered Code, include this CDDL HEADER in each |
|
14 # file and include the License file at usr/src/OPENSOLARIS.LICENSE. |
|
15 # If applicable, add the following below this CDDL HEADER, with the |
|
16 # fields enclosed by brackets "[]" replaced with your own identifying |
|
17 # information: Portions Copyright [yyyy] [name of copyright owner] |
|
18 # |
|
19 # CDDL HEADER END |
|
20 # |
|
21 |
|
22 # |
|
23 # Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. |
|
24 # |
|
25 |
|
26 require 'ipaddr' |
|
27 require 'puppet/property/list' |
|
28 |
|
29 def valid_hostname?(hostname) |
|
30 return false if hostname.length > 255 or hostname.scan('..').any? |
|
31 hostname = hostname[0...-1] if hostname.index('.', -1) |
|
32 return hostname.split('.').collect { |i| |
|
33 i.size <= 63 and |
|
34 not (i.rindex('-', 0) or i.index('-', -1) or i.scan(/[^a-z\d-]/i).any?) |
|
35 }.all? |
|
36 end |
|
37 |
|
38 def valid_ip?(value) |
|
39 begin |
|
40 ip = IPAddr.new(value) |
|
41 rescue ArgumentError |
|
42 return false |
|
43 end |
|
44 return true |
|
45 end |
|
46 |
|
47 Puppet::Type.newtype(:ldap) do |
|
48 @doc = "Manage the configuration of the LDAP client for Oracle Solaris" |
|
49 |
|
50 newparam(:name) do |
|
51 desc "The LDAP profile name" |
|
52 isnamevar |
|
53 end |
|
54 |
|
55 newproperty(:server_list, :parent => Puppet::Property::List) do |
|
56 desc "LDAP server names or addresses. Specify multiple servers as an |
|
57 array" |
|
58 |
|
59 class << self |
|
60 attr_accessor :pg |
|
61 end |
|
62 self.pg = "config" |
|
63 |
|
64 # ensure should remains an array |
|
65 def should |
|
66 @should |
|
67 end |
|
68 |
|
69 def insync?(is) |
|
70 is = [] if is == :absent or is.nil? |
|
71 is.sort == self.should.sort |
|
72 end |
|
73 |
|
74 # svcprop returns multivalue entries delimited with a space |
|
75 def delimiter |
|
76 " " |
|
77 end |
|
78 |
|
79 validate do |value| |
|
80 raise Puppet::Error, "default_server entry: #{value} is |
|
81 invalid" if not valid_ip?(value) and not valid_hostname?(value) |
|
82 end |
|
83 end |
|
84 |
|
85 newproperty(:preferred_server_list, :parent => Puppet::Property::List) do |
|
86 desc "LDAP server(s) to contact before any servers listed in |
|
87 default_server_list" |
|
88 class << self |
|
89 attr_accessor :pg |
|
90 end |
|
91 self.pg = "config" |
|
92 |
|
93 # ensure should remains an array |
|
94 def should |
|
95 @should |
|
96 end |
|
97 |
|
98 def insync?(is) |
|
99 is = [] if is == :absent or is.nil? |
|
100 is.sort == self.should.sort |
|
101 end |
|
102 |
|
103 # svcprop returns multivalue entries delimited with a space |
|
104 def delimiter |
|
105 " " |
|
106 end |
|
107 |
|
108 validate do |value| |
|
109 raise Puppet::Error, "preferred_server entry: #{value} is |
|
110 invalid" if not valid_ip?(value) and not valid_hostname?(value) |
|
111 end |
|
112 end |
|
113 |
|
114 newproperty(:search_base) do |
|
115 desc "The default search base DN" |
|
116 class << self |
|
117 attr_accessor :pg |
|
118 end |
|
119 self.pg = "config" |
|
120 end |
|
121 |
|
122 newproperty(:search_scope) do |
|
123 desc "The default search scope for the client's search operations. |
|
124 Valid values are base, one, sub." |
|
125 newvalues("base", "one", "sub") |
|
126 class << self |
|
127 attr_accessor :pg |
|
128 end |
|
129 self.pg = "config" |
|
130 end |
|
131 |
|
132 newproperty(:authentication_method, :parent => Puppet::Property::List) do |
|
133 desc "The default authentication method(s). Specify multiple methods |
|
134 as an array. Valid values are none, simple, sasl/CRAM-MD5, |
|
135 sasl/DIGEST-MD5, sasl/GSSAPI, tls:simple, tls:sasl/CRAM-MD5, |
|
136 tls:sasl/DIGEST-MD5" |
|
137 |
|
138 class << self |
|
139 attr_accessor :pg |
|
140 end |
|
141 self.pg = "config" |
|
142 |
|
143 # ensure should remains an array |
|
144 def should |
|
145 @should |
|
146 end |
|
147 |
|
148 def insync?(is) |
|
149 is = [] if is == :absent or is.nil? |
|
150 is.sort == self.should.sort |
|
151 end |
|
152 |
|
153 # svcprop returns multivalue entries delimited with a space |
|
154 def delimiter |
|
155 " " |
|
156 end |
|
157 |
|
158 newvalues("none", "simple", "sasl/CRAM-MD5", "sasl/DIGEST-MD5", |
|
159 "sasl/GSSAPI", "tls:simple", "tls:sasl/CRAM-MD5", |
|
160 "tls:sasl/DIGEST-MD5") |
|
161 end |
|
162 |
|
163 newproperty(:credential_level) do |
|
164 desc "The credential level the client should use to contact the |
|
165 directory. Valid values are anonymous, proxy, self" |
|
166 newvalues("anonymous", "proxy", "self") |
|
167 class << self |
|
168 attr_accessor :pg |
|
169 end |
|
170 self.pg = "config" |
|
171 end |
|
172 |
|
173 newproperty(:search_time_limit) do |
|
174 desc "The maximum number of seconds allowed for an LDAP search |
|
175 operation." |
|
176 class << self |
|
177 attr_accessor :pg |
|
178 end |
|
179 self.pg = "config" |
|
180 end |
|
181 |
|
182 newproperty(:bind_time_limit) do |
|
183 desc "The maximum number of seconds a client should spend performing a |
|
184 bind operation." |
|
185 class << self |
|
186 attr_accessor :pg |
|
187 end |
|
188 self.pg = "config" |
|
189 end |
|
190 |
|
191 newproperty(:follow_referrals) do |
|
192 desc "The referral setting. Valid values are true, false" |
|
193 newvalues(:true, :false) |
|
194 class << self |
|
195 attr_accessor :pg |
|
196 end |
|
197 self.pg = "config" |
|
198 end |
|
199 |
|
200 newproperty(:profile_ttl) do |
|
201 desc "The TTL value in seconds for the client information" |
|
202 class << self |
|
203 attr_accessor :pg |
|
204 end |
|
205 self.pg = "config" |
|
206 end |
|
207 |
|
208 newproperty(:attribute_map, :parent => Puppet::Property::List) do |
|
209 desc "A mapping from an attribute defined by a service to an attribute |
|
210 in an alternative schema. Specify multiple mappings as an array." |
|
211 |
|
212 class << self |
|
213 attr_accessor :pg |
|
214 end |
|
215 self.pg = "config" |
|
216 |
|
217 # ensure should remains an array |
|
218 def should |
|
219 @should |
|
220 end |
|
221 |
|
222 def insync?(is) |
|
223 is = [] if is == :absent or is.nil? |
|
224 is.sort == self.should.sort |
|
225 end |
|
226 |
|
227 # svcprop returns multivalue entries delimited with a space |
|
228 def delimiter |
|
229 " " |
|
230 end |
|
231 end |
|
232 |
|
233 newproperty(:objectclass_map, :parent => Puppet::Property::List) do |
|
234 desc "A mapping from an objectclass defined by a service to an |
|
235 objectclass in an alternative schema. Specify multiple mappings |
|
236 as an array." |
|
237 |
|
238 class << self |
|
239 attr_accessor :pg |
|
240 end |
|
241 self.pg = "config" |
|
242 |
|
243 # ensure should remains an array |
|
244 def should |
|
245 @should |
|
246 end |
|
247 |
|
248 def insync?(is) |
|
249 is = [] if is == :absent or is.nil? |
|
250 is.sort == self.should.sort |
|
251 end |
|
252 |
|
253 # svcprop returns multivalue entries delimited with a space |
|
254 def delimiter |
|
255 " " |
|
256 end |
|
257 end |
|
258 |
|
259 newproperty(:service_credential_level) do |
|
260 desc "The credential level to be used by a service. Value values are |
|
261 anonymous, proxy" |
|
262 newvalues("anonymous", "proxy") |
|
263 class << self |
|
264 attr_accessor :pg |
|
265 end |
|
266 self.pg = "config" |
|
267 end |
|
268 |
|
269 newproperty(:service_authentication_method, |
|
270 :parent => Puppet::Property::List) do |
|
271 desc "The authentication method to be used by a service. Specify |
|
272 multiple methods as an array." |
|
273 |
|
274 class << self |
|
275 attr_accessor :pg |
|
276 end |
|
277 self.pg = "config" |
|
278 |
|
279 # ensure should remains an array |
|
280 def should |
|
281 @should |
|
282 end |
|
283 |
|
284 def insync?(is) |
|
285 is = [] if is == :absent or is.nil? |
|
286 is.sort == self.should.sort |
|
287 end |
|
288 |
|
289 # svcprop returns multivalue entries delimited with a space |
|
290 def delimiter |
|
291 " " |
|
292 end |
|
293 end |
|
294 |
|
295 newproperty(:bind_dn, :parent => Puppet::Property::List) do |
|
296 desc "An entry that has read permission for the requested database. |
|
297 Specify multiple entries as an array." |
|
298 |
|
299 class << self |
|
300 attr_accessor :pg |
|
301 end |
|
302 self.pg = "cred" |
|
303 |
|
304 # ensure should remains an array |
|
305 def should |
|
306 @should |
|
307 end |
|
308 |
|
309 def insync?(is) |
|
310 is = [] if is == :absent or is.nil? |
|
311 is.sort == self.should.sort |
|
312 end |
|
313 |
|
314 # svcprop returns multivalue entries delimited with a space |
|
315 def delimiter |
|
316 " " |
|
317 end |
|
318 end |
|
319 |
|
320 newproperty(:bind_passwd) do |
|
321 desc "password to be used for authenticating the bind DN." |
|
322 class << self |
|
323 attr_accessor :pg |
|
324 end |
|
325 self.pg = "cred" |
|
326 end |
|
327 |
|
328 newproperty(:enable_shadow_update) do |
|
329 desc "Specify whether the client is allowed to update shadow |
|
330 information. Valid values are true, false" |
|
331 newvalues(:true, :false) |
|
332 class << self |
|
333 attr_accessor :pg |
|
334 end |
|
335 self.pg = "cred" |
|
336 end |
|
337 |
|
338 newproperty(:admin_dn) do |
|
339 desc "The Bind Distinguised Name for the administrator identity that |
|
340 is used for shadow information update" |
|
341 class << self |
|
342 attr_accessor :pg |
|
343 end |
|
344 self.pg = "cred" |
|
345 end |
|
346 |
|
347 newproperty(:admin_password) do |
|
348 desc "The administrator password" |
|
349 class << self |
|
350 attr_accessor :pg |
|
351 end |
|
352 self.pg = "cred" |
|
353 end |
|
354 |
|
355 newproperty(:certificate_path) do |
|
356 desc "The location of the certificate files" |
|
357 class << self |
|
358 attr_accessor :pg |
|
359 end |
|
360 self.pg = "cred" |
|
361 end |
|
362 end |