Interacting with Directory Services

Table of Contents

Active directory example

bundle agent active_directory
{
  vars:
      # NOTE: Edit this to your domain, e.g. "corp", may also need more DC's after it
      "domain_name" string => "cftesting";
      "user_name"    string => "Guest";


      # NOTE: We can also extract data from remote Domain Controllers

    dummy.DomainController::
      "domain_controller"  string => "localhost";

      "userlist"    slist => ldaplist(
                                       "ldap://$(domain_controller)",
                                       "CN=Users,DC=$(domain_name),DC=com",
                                       "(objectClass=user)",
                                       "sAMAccountName",
                                       "subtree",
                                       "none");
  classes:
    dummy.DomainController::
      "gotuser" expression => ldaparray(
                                         "userinfo",
                                         "ldap://$(domain_controller)",
                                         "CN=$(user_name),CN=Users,DC=$(domain_name),DC=com",
                                         "(name=*)",
                                         "subtree",
                                         "none");

  reports:
    dummy.DomainController::
      'Username is "$(userlist)"';
    dummy.gotuser::
      "Got user data; $(userinfo[name]) has logged on $(userinfo[logonCount]) times";
}

Active list users directory example

bundle agent ldap
{
  vars:
      "userlist" slist => ldaplist(
                                    "ldap://cf-win2003",
                                    "CN=Users,DC=domain,DC=cf-win2003",
                                    "(objectClass=user)",
                                    "sAMAccountName",
                                    "subtree",
                                    "none");
  reports:
      'Username: "$(userlist)"';
}

Active directory show users example

bundle agent ldap
{
  classes:
      "gotdata" expression => ldaparray(
                                         "myarray",
                                         "ldap://cf-win2003",
                                         "CN=Test Pilot,CN=Users,DC=domain,DC=cf-win2003",
                                         "(name=*)",
                                         "subtree",
                                         "none");
  reports:
    gotdata::
      "Got user data";
    !gotdata::
      "Did not get user data";
}

LDAP interactions

body common control
{
      bundlesequence => { "ldap" , "followup"};
}

bundle agent ldap
{
  vars:
      # Get the first matching value for "uid"

      "value" string => ldapvalue("ldap://eternity.iu.hio.no","dc=cfengine,dc=com","(sn=User)","uid","subtree","none");

      # Get all matching values for "uid" - should be a single record match
      "list" slist =>  ldaplist("ldap://eternity.iu.hio.no","dc=cfengine,dc=com","(sn=User)","uid","subtree","none");

  classes:
      "gotdata" expression => ldaparray("myarray","ldap://eternity.iu.hio.no","dc=cfengine,dc=com","(uid=mark)","subtree","none");
      "found" expression => regldap("ldap://eternity.iu.hio.no","dc=cfengine,dc=com","(sn=User)","uid","subtree","jon.*","none");

  reports:
    linux::
      "LDAP VALUE $(value) found";
      "LDAP LIST VALUE $(list)";
    gotdata::
      "Found specific entry data  ...$(ldap.myarray[uid]),$(ldap.myarray[gecos]), etc";
    found::
      "Matched regex";
}
bundle agent followup
{
  reports:
    linux::
      "Different bundle ...$(ldap.myarray[uid]),$(ldap.myarray[gecos]),...";
}