Cfengine 3 example unit_ldap.html

# Copyright (C) Cfengine AS # This file is part of Cfengine 3 - written and maintained by Cfengine AS. # This program is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by the # Free Software Foundation; version 3. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA # To the extent this program is licensed as part of the Enterprise # versions of Cfengine, the applicable Commerical Open Source License # (COSL) may apply to this file if you as a licensee so wish it. See # included file COSL.txt. # body common control { bundlesequence => { "ldap" , "followup"}; } ################################################################################################### # NOTE!! relying on LDAP or other network data without validation is EXTREMELY dangerous. # You could destroy a system by assuming that the service will respond with a # sensible result. Cfengine does not recommend reliance on network services in configuration. ################################################################################################### bundle agent ldap { vars: # Get the first matching value for "uid" "value" string => ldapvalue("ldap://eternity.iu.hio.no","dc=cfengine,dc=com","(sn=User)","uid","subtree","none"); # Geta all matching values for "uid" - should be a single record match "list" slist => ldaplist("ldap://eternity.iu.hio.no","dc=cfengine,dc=com","(sn=User)","uid","subtree","none"); classes: "gotdata" expression => ldaparray("myarray","ldap://eternity.iu.hio.no","dc=cfengine,dc=com","(uid=mark)","subtree","none"); "found" expression => regldap("ldap://eternity.iu.hio.no","dc=cfengine,dc=com","(sn=User)","uid","subtree","jon.*","none"); reports: linux:: "LDAP VALUE $(value) found"; "LDAP LIST VALUE $(list)"; gotdata:: "Found specific entry data ...$(ldap.myarray[uid]),$(ldap.myarray[gecos]), etc"; found:: "Matched regex"; } bundle agent followup { reports: linux:: "Different bundle ...$(ldap.myarray[uid]),$(ldap.myarray[gecos]), etc"; }