Class: HttpdConfigmapGenerator::Ldap

Inherits:

Base

• Object
• Base
• HttpdConfigmapGenerator::Ldap

Defined in:

lib/httpd_configmap_generator/ldap.rb

Constant Summary

AUTHCONFIG_COMMAND =

"/usr/sbin/authconfig".freeze

LDAP_MODES =

%w(ldap ldaps).freeze

AUTH =

{
  :type    => "external",
  :subtype => "ldap"
}.freeze

Constants inherited from Base

Base::APACHE_USER, Base::HTTP_KEYTAB, Base::IPA_COMMAND, Base::KERBEROS_CONFIG_FILE, Base::LDAP_ATTRS, Base::PAM_CONFIG, Base::SSSD_CONFIG, Base::TIMESTAMP_FORMAT

Constants included from Base::Network

Base::Network::HOSTNAME_COMMAND

Instance Attribute Summary

Attributes inherited from Base

#opts

Instance Method Summary

• #configure(opts) ⇒ Object
• #configured? ⇒ Boolean
• #domain ⇒ Object
• #optional_options ⇒ Object
• #persistent_files ⇒ Object
• #required_options ⇒ Object
• #unconfigure ⇒ Object

Methods inherited from Base

#debug_msg, #err_msg, #info_msg, #initialize, #run_configure

Methods included from Base::Pam

#configure_pam

Methods included from Base::Network

#domain_from_host, #fetch_network_file, #host_reachable?, #realm, #update_hostname

Methods included from Base::Kerberos

#enable_kerberos_dns_lookups

Methods included from Base::FileHelper

#cp_template, #create_target_directory, #delete_target_file, #file_binary?, #path_join, #rm_file, #template_directory

Methods included from Base::ConfigHelper

#config_file_backup

Methods included from Base::Command

#command_run, #command_run!, #log_command_error

Constructor Details

This class inherits a constructor from HttpdConfigmapGenerator::Base

Instance Method Details

#configure(opts) ⇒ Object

# File 'lib/httpd_configmap_generator/ldap.rb', line 63

def configure(opts)
  update_hostname(opts[:host])

  init_search_base
  run_auth_config
  configure_pam
  configure_sssd
  chmod_chown_cert_file
  config_map = ConfigMap.new(opts)
  config_map.generate(AUTH[:type], realm, persistent_files)
  config_map.save(opts[:output])
rescue => err
  log_command_error(err)
  raise err
end

#configured? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/httpd_configmap_generator/ldap.rb', line 84

def configured?
  File.exist?(SSSD_CONFIG)
end

#domain ⇒ Object

# File 'lib/httpd_configmap_generator/ldap.rb', line 88

def domain
  opts[:ldap_basedn].split(",").collect do |p|
    p.split('dc=')[1]
  end.compact.join('.')
end

#optional_options ⇒ Object

# File 'lib/httpd_configmap_generator/ldap.rb', line 22

def optional_options
  super.merge(
    :ldap_group_name         => { :description => "LDAP Directory Group Name",
                                  :default     => "cn" },
    :ldap_group_member       => { :description => "Attribute containing the names of the group's members",
                                  :default     => "member" },
    :ldap_group_object_class => { :description => "The object class of a group entry in LDAP",
                                  :default     => "groupOfNames" },
    :ldap_id_use_start_tls   => { :description => "Connection use tls?",
                                  :default     => true },
    :ldap_port               => { :description => "LDAP Directory Port" },
    :ldap_tls_reqcert        => { :description => "The checks to perform on server certificates.",
                                  :default     => "allow" },
    :ldap_user_gid_number    => { :description => "LDAP attribute corresponding to the user's gid",
                                  :default     => "gidNumber" },
    :ldap_user_name          => { :description => "LDAP Directory User Name",
                                  :default     => "cn"},
    :ldap_user_object_class  => { :description => "Object class of a user entry in LDAP",
                                  :default     => "posixAccount" },
    :ldap_user_uid_number    => { :description => "LDAP attribute corresponding to the user's id",
                                  :default     => "uidNumber" },
    :ldap_user_search_base   => { :description => "The user DN search scope" },
    :ldap_group_search_base  => { :description => "The group DN search scope" },
    :support_non_posix       => { :description => "Suppoert non-posix user records",
                                  :default     => false },
  )
end

#persistent_files ⇒ Object

# File 'lib/httpd_configmap_generator/ldap.rb', line 50

def persistent_files
  %w(/etc/nsswitch.conf
     /etc/openldap/ldap.conf
     /etc/pam.d/fingerprint-auth-ac
     /etc/pam.d/httpd-auth
     /etc/pam.d/password-auth-ac
     /etc/pam.d/postlogin-ac
     /etc/pam.d/smartcard-auth-ac
     /etc/pam.d/system-auth-ac
     /etc/sssd/sssd.conf
     /etc/sysconfig/authconfig) + [opts[:cert_file]]
end

#required_options ⇒ Object

# File 'lib/httpd_configmap_generator/ldap.rb', line 11

def required_options
  super.merge(
    :host        => { :description => "Application Domain",
                      :short       => "-h" },
    :cert_file   => { :description => "Cert File" },
    :ldap_host   => { :description => "LDAP Directory Host FQDN" },
    :ldap_mode   => { :description => "ldap | ldaps" },
    :ldap_basedn => { :description => "LDAP Directory Base DN" },
  )
end

#unconfigure ⇒ Object

# File 'lib/httpd_configmap_generator/ldap.rb', line 79

def unconfigure
  return unless configured?
  raise "Unable to unconfigure authentication against LDAP"
end