264 lines
9.9 KiB
Plaintext
264 lines
9.9 KiB
Plaintext
|
(*
|
||
|
Module: Nslcd
|
||
|
Parses /etc/nslcd.conf
|
||
|
|
||
|
Author: Jose Plana <jplana@gmail.com>
|
||
|
|
||
|
About: Reference
|
||
|
This lens tries to keep as close as possible to `man 5 nslcd.conf` where
|
||
|
possible.
|
||
|
|
||
|
License
|
||
|
This file is licenced under the LGPL v2+, like the rest of Augeas.
|
||
|
|
||
|
|
||
|
About: Lens Usage
|
||
|
|
||
|
Sample usage of this lens in augtool:
|
||
|
|
||
|
* get uid
|
||
|
> get /files/etc/nslcd.conf/threads
|
||
|
|
||
|
* set ldap URI
|
||
|
> set /files/etc/nslcd.conf/uri "ldaps://x.y.z"
|
||
|
|
||
|
* get cache values
|
||
|
> get /files/etc/nslcd.conf/cache
|
||
|
|
||
|
* change syslog level to debug
|
||
|
> set /files/etc/nslcd.conf/log "syslog debug"
|
||
|
|
||
|
* add/change filter for the passwd map
|
||
|
> set /files/etc/nslcd.conf/filter/passwd "(objectClass=posixGroup)"
|
||
|
|
||
|
* change the default search scope
|
||
|
> set /files/etc/nslcd.conf/scope[count( * )] "subtree"
|
||
|
|
||
|
* get the default search scope
|
||
|
> get /files/etc/nslcd.conf/scope[count( * )] "subtree"
|
||
|
|
||
|
* add/set a scope search value for a specific (host) map
|
||
|
> set /files/etc/nslcd.conf/scope[host]/host "subtree"
|
||
|
|
||
|
* get all default base search
|
||
|
> match /files/etc/nslcd.conf/base[count( * ) = 0]
|
||
|
|
||
|
* get the 3rd base search default value
|
||
|
> get /files/etc/nslcd.conf/base[3]
|
||
|
|
||
|
* add a new base search default value
|
||
|
> set /files/etc/nslcd.conf/base[last()+1] "dc=example,dc=com"
|
||
|
|
||
|
* change a base search default value to a new base value
|
||
|
> set /files/etc/nslcd.conf/base[self::* = "dc=example,dc=com"] "dc=test,dc=com"
|
||
|
|
||
|
* add/change a base search for a specific map (hosts)
|
||
|
> set /files/etc/nslcd.conf/base[hosts]/hosts "dc=hosts,dc=example,dc=com"
|
||
|
|
||
|
* add a base search for a specific map (passwd)
|
||
|
> set /files/etc/nslcd.conf/base[last()+1]/passwd "dc=users,dc=example,dc=com"
|
||
|
|
||
|
* remove all base search value for a map (rpc)
|
||
|
> rm /files/etc/nslcd.conf/base/rpc
|
||
|
|
||
|
* remove a specific search base value for a map (passwd)
|
||
|
> rm /files/etc/nslcd.conf/base/passwd[self::* = "dc=users,dc=example,dc=com"]
|
||
|
|
||
|
* get an attribute mapping value for a map
|
||
|
> get /files/etc/nslcd.conf/map/passwd/homeDirectory
|
||
|
|
||
|
* get all attribute values for a map
|
||
|
> match /files/etc/nslcd.conf/map/passwd/*
|
||
|
|
||
|
* set a specific attribute for a map
|
||
|
> set /files/etc/nslcd.conf/map/passwd/homeDirectory "\"${homeDirectory:-/home/$uid}\""
|
||
|
|
||
|
* add/change a specific attribute for a map (a map that might not be defined before)
|
||
|
> set /files/etc/nslcd.conf/map[shadow/userPassword]/shadow/userPassword "*"
|
||
|
|
||
|
* remove an attribute for a specific map
|
||
|
> rm /files/etc/nslcd.conf/map/shadow/userPassword
|
||
|
|
||
|
* remove all attributes for a specific map
|
||
|
> rm /files/etc/nslcd.conf/map/passwd/*
|
||
|
|
||
|
About: Configuration files
|
||
|
This lens applies to /etc/nslcd.conf. See <filter>.
|
||
|
|
||
|
About: Examples
|
||
|
The <Test_Nslcd> file contains various examples and tests.
|
||
|
*)
|
||
|
|
||
|
module Nslcd =
|
||
|
autoload xfm
|
||
|
|
||
|
|
||
|
(************************************************************************
|
||
|
* Group: USEFUL PRIMITIVES
|
||
|
*************************************************************************)
|
||
|
|
||
|
|
||
|
(* Group: Comments and empty lines *)
|
||
|
|
||
|
(* View: eol *)
|
||
|
let eol = Util.eol
|
||
|
(* View: empty *)
|
||
|
let empty = Util.empty
|
||
|
(* View: spc *)
|
||
|
let spc = Util.del_ws_spc
|
||
|
(* View: comma *)
|
||
|
let comma = Sep.comma
|
||
|
(* View: comment *)
|
||
|
let comment = Util.comment
|
||
|
(* View: do_dquote *)
|
||
|
let do_dquote = Quote.do_dquote
|
||
|
(* View: opt_list *)
|
||
|
let opt_list = Build.opt_list
|
||
|
|
||
|
(* Group: Ldap related values
|
||
|
Values that need to be parsed.
|
||
|
*)
|
||
|
|
||
|
(* Variable: ldap_rdn *)
|
||
|
let ldap_rdn = /[A-Za-z][A-Za-z]+=[A-Za-z0-9_.-]+/
|
||
|
(* Variable: ldap_dn *)
|
||
|
let ldap_dn = ldap_rdn . (/(,)?/ . ldap_rdn)*
|
||
|
(* Variable: ldap_filter *)
|
||
|
let ldap_filter = /\(.*\)/
|
||
|
(* Variable: ldap_scope *)
|
||
|
let ldap_scope = /sub(tree)?|one(level)?|base/
|
||
|
(* Variable: map_names *)
|
||
|
let map_names = /alias(es)?/
|
||
|
| /ether(s)?/
|
||
|
| /group/
|
||
|
| /host(s)?/
|
||
|
| /netgroup/
|
||
|
| /network(s)?/
|
||
|
| /passwd/
|
||
|
| /protocol(s)?/
|
||
|
| /rpc/
|
||
|
| /service(s)?/
|
||
|
| /shadow/
|
||
|
(* Variable: key_name *)
|
||
|
let key_name = /[^ #\n\t\/][^ #\n\t\/]+/
|
||
|
|
||
|
|
||
|
(************************************************************************
|
||
|
* Group: CONFIGURATION ENTRIES
|
||
|
*************************************************************************)
|
||
|
|
||
|
(* Group: Generic definitions *)
|
||
|
|
||
|
(* View: simple_entry
|
||
|
The simplest configuration option a key spc value. As in `gid id`
|
||
|
*)
|
||
|
let simple_entry (kw:string) = Build.key_ws_value kw
|
||
|
|
||
|
(* View: simple_entry_quoted_value
|
||
|
Simple entry with quoted value
|
||
|
*)
|
||
|
let simple_entry_quoted_value (kw:string) = Build.key_value_line kw spc (do_dquote (store /.*/))
|
||
|
|
||
|
(* View simple_entry_opt_list_comma_value
|
||
|
Simple entry that contains a optional list separated by commas
|
||
|
*)
|
||
|
let simple_entry_opt_list_value (kw:string) (lsep:lens) = Build.key_value_line kw spc (opt_list [ seq kw . store /[^, \t\n\r]+/ ] (lsep))
|
||
|
(* View: key_value_line_regexp
|
||
|
A simple configuration option but specifying the regex for the value.
|
||
|
*)
|
||
|
let key_value_line_regexp (kw:string) (sto:regexp) = Build.key_value_line kw spc (store sto)
|
||
|
|
||
|
(* View: mapped_entry
|
||
|
A mapped configuration as in `filter MAP option`.
|
||
|
*)
|
||
|
let mapped_entry (kw:string) (sto:regexp) = [ key kw . spc
|
||
|
. Build.key_value_line map_names spc (store sto)
|
||
|
]
|
||
|
(* View: key_value_line_regexp_opt_map
|
||
|
A mapped configuration but the MAP value is optional as in scope [MAP] value`.
|
||
|
*)
|
||
|
let key_value_line_regexp_opt_map (kw:string) (sto:regexp) =
|
||
|
( key_value_line_regexp kw sto | mapped_entry kw sto )
|
||
|
|
||
|
(* View: map_entry
|
||
|
A map entry as in `map MAP ATTRIBUTE NEWATTRIBUTE`.
|
||
|
*)
|
||
|
let map_entry = [ key "map" . spc
|
||
|
. [ key map_names . spc
|
||
|
. [ key key_name . spc . store Rx.no_spaces ]
|
||
|
] .eol
|
||
|
]
|
||
|
|
||
|
(* Group: Option definitions *)
|
||
|
|
||
|
(* View: Base entry *)
|
||
|
let base_entry = key_value_line_regexp_opt_map "base" ldap_dn
|
||
|
|
||
|
(* View: Scope entry *)
|
||
|
let scope_entry = key_value_line_regexp_opt_map "scope" ldap_scope
|
||
|
|
||
|
(* View: Filter entry *)
|
||
|
let filter_entry = mapped_entry "filter" ldap_filter
|
||
|
|
||
|
(* View: entries
|
||
|
All the combined entries.
|
||
|
*)
|
||
|
let entries = map_entry
|
||
|
| base_entry
|
||
|
| scope_entry
|
||
|
| filter_entry
|
||
|
| simple_entry "threads"
|
||
|
| simple_entry "uid"
|
||
|
| simple_entry "gid"
|
||
|
| simple_entry_opt_list_value "uri" spc
|
||
|
| simple_entry "ldap_version"
|
||
|
| simple_entry "binddn"
|
||
|
| simple_entry "bindpw"
|
||
|
| simple_entry "rootpwmoddn"
|
||
|
| simple_entry "rootpwmodpw"
|
||
|
| simple_entry "sasl_mech"
|
||
|
| simple_entry "sasl_realm"
|
||
|
| simple_entry "sasl_authcid"
|
||
|
| simple_entry "sasl_authzid"
|
||
|
| simple_entry "sasl_secprops"
|
||
|
| simple_entry "sasl_canonicalize"
|
||
|
| simple_entry "krb5_ccname"
|
||
|
| simple_entry "deref"
|
||
|
| simple_entry "referrals"
|
||
|
| simple_entry "bind_timelimit"
|
||
|
| simple_entry "timelimit"
|
||
|
| simple_entry "idle_timelimit"
|
||
|
| simple_entry "reconnect_sleeptime"
|
||
|
| simple_entry "reconnect_retrytime"
|
||
|
| simple_entry "ssl"
|
||
|
| simple_entry "tls_reqcert"
|
||
|
| simple_entry "tls_cacertdir"
|
||
|
| simple_entry "tls_cacertfile"
|
||
|
| simple_entry "tls_randfile"
|
||
|
| simple_entry "tls_ciphers"
|
||
|
| simple_entry "tls_cert"
|
||
|
| simple_entry "tls_key"
|
||
|
| simple_entry "pagesize"
|
||
|
| simple_entry_opt_list_value "nss_initgroups_ignoreusers" comma
|
||
|
| simple_entry "nss_min_uid"
|
||
|
| simple_entry "nss_nested_groups"
|
||
|
| simple_entry "nss_getgrent_skipmembers"
|
||
|
| simple_entry "nss_disable_enumeration"
|
||
|
| simple_entry "validnames"
|
||
|
| simple_entry "ignorecase"
|
||
|
| simple_entry "pam_authz_search"
|
||
|
| simple_entry_quoted_value "pam_password_prohibit_message"
|
||
|
| simple_entry "reconnect_invalidate"
|
||
|
| simple_entry "cache"
|
||
|
| simple_entry "log"
|
||
|
| simple_entry "pam_authc_ppolicy"
|
||
|
|
||
|
(* View: lens *)
|
||
|
let lns = (entries|empty|comment)+
|
||
|
|
||
|
(* View: filter *)
|
||
|
let filter = incl "/etc/nslcd.conf"
|
||
|
. Util.stdexcl
|
||
|
|
||
|
let xfm = transform lns filter
|