Cfengine 3 example unit_ldap.html

#  Copyright (C) Cfengine AS

#  This file is part of Cfengine 3 - written and maintained by Cfengine AS.

#  This program is free software; you can redistribute it and/or modify it
#  under the terms of the GNU General Public License as published by the
#  Free Software Foundation; version 3.

#  This program is distributed in the hope that it will be useful,
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#  GNU General Public License for more details.

# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA

# To the extent this program is licensed as part of the Enterprise
# versions of Cfengine, the applicable Commerical Open Source License
# (COSL) may apply to this file if you as a licensee so wish it. See
# included file COSL.txt.


#

body common control
{
bundlesequence => { "ldap" , "followup"};
}

###################################################################################################
#  NOTE!! relying on LDAP or other network data without validation is EXTREMELY dangerous. 
#         You could destroy a system by assuming that the service will respond with a 
#         sensible result. Cfengine does not recommend reliance on network services in configuration.
###################################################################################################

bundle agent ldap
{
vars:

   # Get the first matching value for "uid"

  "value" string => ldapvalue("ldap://eternity.iu.hio.no","dc=cfengine,dc=com","(sn=User)","uid","subtree","none");

   # Geta all matching values for "uid" - should be a single record match

  "list" slist =>  ldaplist("ldap://eternity.iu.hio.no","dc=cfengine,dc=com","(sn=User)","uid","subtree","none");

classes:

   "gotdata" expression => ldaparray("myarray","ldap://eternity.iu.hio.no","dc=cfengine,dc=com","(uid=mark)","subtree","none");

   "found" expression => regldap("ldap://eternity.iu.hio.no","dc=cfengine,dc=com","(sn=User)","uid","subtree","jon.*","none");

reports:

 linux::

   "LDAP VALUE $(value) found";
   "LDAP LIST VALUE $(list)";

 gotdata::

   "Found specific entry data  ...$(ldap.myarray[uid]),$(ldap.myarray[gecos]), etc";

  found::

    "Matched regex";

}

bundle agent followup

{
reports:

 linux::

   "Different bundle  ...$(ldap.myarray[uid]),$(ldap.myarray[gecos]), etc";

}