%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /usr/lib/python2.7/site-packages/salt/pillar/
Upload File :
Create Path :
Current File : //usr/lib/python2.7/site-packages/salt/pillar/pillar_ldap.pyo

�
���^c@@s�dZddlmZmZmZddlZddlZddlZddl	m
Z
ddlZyddlZe
ZWnek
r�eZnXeje�Zd�Zd�Zdd�Zd�Zd	�Zd
�ZdS(uP

Use LDAP data as a Pillar source

This pillar module executes a series of LDAP searches.
Data returned by these searches are aggregated, whereby data returned by later
searches override data by previous searches with the same key.

The final result is merged with existing pillar data.

The configuration of this external pillar module is done via an external
file which provides the actual configuration for the LDAP searches.

===============================
Configuring the LDAP ext_pillar
===============================

The basic configuration is part of the `master configuration
<master-configuration-ext-pillar>`_.

.. code-block:: yaml

    ext_pillar:
      - pillar_ldap: /etc/salt/master.d/pillar_ldap.yaml

.. note::

    When placing the file in the ``master.d`` directory, make sure its name
    doesn't end in ``.conf``, otherwise the salt-master process will attempt
    to parse its content.

.. warning::

    Make sure this file has very restrictive permissions, as it will contain
    possibly sensitive LDAP credentials!

The only required key in the master configuration is ``pillar_ldap`` pointing
to a file containing the actual configuration.

Configuring the LDAP searches
=============================

The file is processed using `Salt's Renderers <renderers>` which makes it
possible to reference grains within the configuration.

.. warning::

    When using Jinja in this file, make sure to do it in a way which prevents
    leaking sensitive information. A rogue minion could send arbitrary grains
    to trick the master into returning secret data.
    Use only the 'id' grain which is verified through the minion's key/cert.


Map Mode
--------

The ``it-admins`` configuration below returns the Pillar ``it-admins`` by:

- filtering for:
  - members of the group ``it-admins``
  - objects with ``objectclass=user``
- returning the data of users, where each user is a dictionary containing the
  configured string or list attributes.


Configuration
*************

.. code-block:: yaml

    salt-users:
      server:    ldap.company.tld
      port:      389
      tls:       true
      dn:        'dc=company,dc=tld'
      binddn:    'cn=salt-pillars,ou=users,dc=company,dc=tld'
      bindpw:    bi7ieBai5Ano
      referrals: false
      anonymous: false
      mode:      map
      dn:        'ou=users,dc=company,dc=tld'
      filter:    '(&(memberof=cn=it-admins,ou=groups,dc=company,dc=tld)(objectclass=user))'
      attrs:
        - cn
        - displayName
        - givenName
        - sn
      lists:
        - memberOf

    search_order:
      - salt-users

Result
******

.. code-block:: python

    {
        'salt-users': [
            {
                'cn': 'cn=johndoe,ou=users,dc=company,dc=tld',
                'displayName': 'John Doe'
                'givenName': 'John'
                'sn': 'Doe'
                'memberOf': [
                  'cn=it-admins,ou=groups,dc=company,dc=tld',
                  'cn=team01,ou=groups,dc=company'
                ]
            },
            {
                'cn': 'cn=janedoe,ou=users,dc=company,dc=tld',
                'displayName': 'Jane Doe',
                'givenName': 'Jane',
                'sn': 'Doe',
                'memberOf': [
                  'cn=it-admins,ou=groups,dc=company,dc=tld',
                  'cn=team02,ou=groups,dc=company'
                ]
            }
        ]
    }
i(tabsolute_importtprint_functiontunicode_literalsN(tSaltInvocationErrorcC@str
dStSdS(u1
    Only return if ldap module is installed
    upillar_ldapN(tHAS_LDAPtFalse(((s;/usr/lib/python2.7/site-packages/salt/pillar/pillar_ldap.pyt__virtual__�scC@sOtjj|�\}}tjdtj|��}|j|�}|jt�S(uB
    Render config template, substituting grains where found.
    tloader(	tostpathtsplittjinja2tEnvironmenttFileSystemLoadertget_templatetrendert
__grains__(tconfig_filetdirnametfilenametenvttemplate((s;/usr/lib/python2.7/site-packages/salt/pillar/pillar_ldap.pyt_render_template�scC@sAy||}Wntk
r'|}nXtjjj|dt�S(u�
    Return a value for 'name' from the config file options. If the 'name' is
    not in the config, the 'default' value is returned. This method converts
    unicode values to str type under python 2.
    tto_str(tKeyErrortsalttutilstdatatdecodetTrue(tnametconftdefaulttvalue((s;/usr/lib/python2.7/site-packages/salt/pillar/pillar_ldap.pyt_config�s


cC@s�td|�pg}td|�p'g}td|�p<d}td|�pQd}|dkrRg||<x8|D]�}i}	d|ks�d|kr�tjd	|d
�|d
|	d<n|d}tjd|�xc|D][}
|
|krx$|j|
�D]}||	|
<q�Wn|
|kr�|j|
�|	|
<q�q�W||j|	�qqWnS|d
kr�i||<x:|D]?}i}	|d
}tjd	|�d|ks�d|kr�||	d<n|d}tjd|�xc|D][}
|
|krx$|j|
�D]}||	|
<q�Wn|
|kr�|j|
�|	|
<q�q�W|dkrO|}
n!djt|j|g���}
y|||
j|	�Wqotk
r�|	g|||
<qoXqoWn�|dkr�x�|d
dD]�}
|
|kr!x�|j|
�D](}|jdd�\}}|||<q�Wq�|
|kr�xn|j|
�D]Z}d|kr=|jdd�\}}||kr�|g||<q�||j|�q=q=Wq�q�Wn|S(u�
    Aggregates LDAP search result based on rules, returns a dictionary.

    Rules:
    Attributes tagged in the pillar config as 'attrs' or 'lists' are
    scanned for a 'key=value' format (non matching entries are ignored.

    Entries matching the 'attrs' tag overwrite previous values where
    the key matches a previous result.

    Entries matching the 'lists' tag are appended to list of values where
    the key matches a previous result.

    All Matching entries are then written directly to the pillar data
    dictionary as data[key] = value.

    For example, search result:

        { saltKeyValue': ['ntpserver=ntp.acme.local', 'foo=myfoo'],
          'saltList': ['vhost=www.acme.net', 'vhost=www.acme.local'] }

    is written to the pillar data dictionary as:

        { 'ntpserver': 'ntp.acme.local', 'foo': 'myfoo',
           'vhost': ['www.acme.net', 'www.acme.local'] }
    uattrsulistsu
dict_key_attrudnumodeusplitumapudistinguishedNameudn: %siiu
record: %sudictu,u=(udnudistinguishedName(	R"tlogtdebugtgettappendtjointsortedRR
(RtresultRtsourcetattrstlistst
dict_key_attrtmodetrecordtrettkeytitemtdistinguished_nametdict_keytskeytsval((s;/usr/lib/python2.7/site-packages/salt/pillar/pillar_ldap.pyt_result_to_dict�sr









	!
"c	C@s{i}x3ddddddgD]}t||�||<qW|dr]|dr]t|d<ny|d}Wntk
r�td��nXtd	|�}td
|�}td|�p�g}td|�p�g}td
|d	�}|||g}	|	sd}	ny$td||||	|�d}
WnKtk
rRtjd|�i}
n%t	k
rvtj
ddt�iSX|
S(u�
    Builds connection and search arguments, performs the LDAP search and
    formats the results as a dictionary appropriate for pillar use.
    userveruportutlsubinddnubindpwu	anonymousufilterumissing filterudnuscopeulistsuattrsu
dict_key_attruldap.searchuresultsu-LDAP search returned no results for filter %su*Failed to retrieve pillar data from LDAP:
texc_infoN(R"RRRtNonet__salt__t
IndexErrorR#R$t	ExceptiontcriticalR(RtconnargsRt_filtert_dntscopet_listst_attrst_dict_key_attrR+R)((s;/usr/lib/python2.7/site-packages/salt/pillar/pillar_ldap.pyt
_do_searchs8

	
	

cC@s�d}yt|�}WnMtjjk
r?tjd|�n'tk
retjd|dt�nX|spiSddl	}y)|j
jj|�p�i}||d<Wngtk
r}ddl
}d}|jj�r�tj|j||��nt|j||��iSXt|t�s2tjd|�iSd	|krOtjd
�iSi}xY|d	D]M}	||	}
t|
�}tjd|	|�|r`t|||
|	�}q`q`W|S(u>
    Execute LDAP searches and return the aggregated data
    u*pillar_ldap: missing configuration file %su-pillar_ldap: failed to render template for %sR8iNu	conf_fileu8pillar_ldap: error parsing configuration file: {0} - {1}unpillar_ldap: %s is invalidly formatted, must be a YAML dictionary. See the documentation for more information.usearch_orderuapillar_ldap: search_order missing from configuration. See the documentation for more information.usource %s got result %s(R9RRt
exceptionstTemplateNotFoundR#R$R<Rtsalt.utils.yamlRtyamlt	safe_loadtsalt.logtis_console_configuredtwarningtformattprintt
isinstancetdictRER7(t	minion_idtpillarRtconfig_templateRtoptsterrtmsgRR*tconfigR)((s;/usr/lib/python2.7/site-packages/salt/pillar/pillar_ldap.pyt
ext_pillar5sL
	
(t__doc__t
__future__RRRRtloggingtsalt.utils.dataRtsalt.exceptionsRRtldapRRtImportErrorRt	getLoggert__name__R#RRR9R"R7RERY(((s;/usr/lib/python2.7/site-packages/salt/pillar/pillar_ldap.pyt<module>{s$


	
	

	[	'

Zerion Mini Shell 1.0