Fixed #1272 - ldap group names will be converted to GIDs.

Note that this only looks up ldap groups, at this point; if you want to set an ldap user's primary group to a local group, you have to specify the GID. Signed-off-by: Luke Kanies <luke@madstop.com>
author: Luke Kanies <luke@madstop.com> 2008-07-07 14:58:28 -0500
committer: Luke Kanies <luke@madstop.com> 2008-07-07 14:58:28 -0500
commit: c751e4eef508ab3cf9466dcb45479fced5d3e4be (patch)
tree: 153c767f8d54931e0224cbaa10105a1fbac1005c
parent: 81be1c5c3f85f514505e99fab5b8a2b2ae6fbec8 (diff)
download: puppet-c751e4eef508ab3cf9466dcb45479fced5d3e4be.tar.gz
puppet-c751e4eef508ab3cf9466dcb45479fced5d3e4be.tar.xz
puppet-c751e4eef508ab3cf9466dcb45479fced5d3e4be.zip
5 files changed, 61 insertions, 0 deletions
diff --git a/CHANGELOG b/CHANGELOG
index 1943e3767..4b73e04a1 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,4 +1,9 @@
 0.24.?
+    Fixed #1272 - if you provide a group name as the gid to an ldap
+    user, the name will be converted to a gid.  Note that this only
+    looks up ldap groups, at this point; if you want to set an ldap
+    user's primary group to a local group, you have to specify the GID.
+
     Fixed #1232 - the rundir no longer specifies a user/group,
     and there are now client- and server-specific yaml directories.
 
diff --git a/lib/puppet/provider/group/ldap.rb b/lib/puppet/provider/group/ldap.rb
index a4870fc68..37a7e7343 100644
--- a/lib/puppet/provider/group/ldap.rb
+++ b/lib/puppet/provider/group/ldap.rb
@@ -36,4 +36,13 @@ Puppet::Type.type(:group).provide :ldap, :parent => Puppet::Provider::Ldap do
         largest + 1
     end
 
+    # Convert a group name to an id.
+    def self.name2id(group)
+        return nil unless result = manager.search("cn=%s" % group) and result.length > 0
+
+        # Only use the first result.
+        group = result[0]
+        gid = group[:gid][0]
+        return gid
+    end
 end
diff --git a/lib/puppet/provider/user/ldap.rb b/lib/puppet/provider/user/ldap.rb
index 0d149ac9a..da1edc520 100644
--- a/lib/puppet/provider/user/ldap.rb
+++ b/lib/puppet/provider/user/ldap.rb
@@ -45,6 +45,15 @@ Puppet::Type.type(:user).provide :ldap, :parent => Puppet::Provider::Ldap do
         largest + 1
     end
 
+    # Convert our gid to a group name, if necessary.
+    def gid=(value)
+        unless [Fixnum, Bignum].include?(value.class)
+            value = group2id(value)
+        end
+
+        @property_hash[:gid] = value
+    end
+
     # Find all groups this user is a member of in ldap.
     def groups
         # We want to cache the current result, so we know if we
@@ -101,6 +110,11 @@ Puppet::Type.type(:user).provide :ldap, :parent => Puppet::Provider::Ldap do
         end
     end
 
+    # Convert a gropu name to an id.
+    def group2id(group)
+        Puppet::Type.type(:group).provider(:ldap).name2id(group)
+    end
+
     private
 
     def group_manager
diff --git a/spec/unit/provider/group/ldap.rb b/spec/unit/provider/group/ldap.rb
index 53d9e8bfc..ab2bd72aa 100755
--- a/spec/unit/provider/group/ldap.rb
+++ b/spec/unit/provider/group/ldap.rb
@@ -77,4 +77,29 @@ describe provider_class do
             end
         end
     end
+
+    it "should have a method for converting group names to GIDs" do
+        provider_class.should respond_to(:name2id)
+    end
+
+    describe "when converting from a group name to GID" do
+        it "should use the ldap manager to look up the GID" do
+            provider_class.manager.expects(:search).with("cn=foo")
+            provider_class.name2id("foo")
+        end
+
+        it "should return nil if no group is found" do
+            provider_class.manager.expects(:search).with("cn=foo").returns nil
+            provider_class.name2id("foo").should be_nil
+            provider_class.manager.expects(:search).with("cn=bar").returns []
+            provider_class.name2id("bar").should be_nil
+        end
+
+        # We shouldn't ever actually have more than one gid, but it doesn't hurt
+        # to test for the possibility.
+        it "should return the first gid from the first returned group" do
+            provider_class.manager.expects(:search).with("cn=foo").returns [{:name => "foo", :gid => [10, 11]}, {:name => :bar, :gid => [20, 21]}]
+            provider_class.name2id("foo").should == 10
+        end
+    end
 end
diff --git a/spec/unit/provider/user/ldap.rb b/spec/unit/provider/user/ldap.rb
index 90fc7423f..4386fa85d 100755
--- a/spec/unit/provider/user/ldap.rb
+++ b/spec/unit/provider/user/ldap.rb
@@ -24,6 +24,14 @@ describe provider_class do
         provider_class.manager.rdn.should == :uid
     end
 
+    it "should use the ldap group provider to convert group names to numbers" do
+        provider = provider_class.new(:name => "foo")
+        Puppet::Type.type(:group).provider(:ldap).expects(:name2id).with("bar").returns 10
+
+        provider.gid = 'bar'
+        provider.gid.should == 10
+    end
+
     {:name => "uid",
         :password => "userPassword",
         :comment => "cn",
author	Luke Kanies <luke@madstop.com>	2008-07-07 14:58:28 -0500
committer	Luke Kanies <luke@madstop.com>	2008-07-07 14:58:28 -0500
commit	c751e4eef508ab3cf9466dcb45479fced5d3e4be (patch)
tree	153c767f8d54931e0224cbaa10105a1fbac1005c
parent	81be1c5c3f85f514505e99fab5b8a2b2ae6fbec8 (diff)
download	puppet-c751e4eef508ab3cf9466dcb45479fced5d3e4be.tar.gz puppet-c751e4eef508ab3cf9466dcb45479fced5d3e4be.tar.xz puppet-c751e4eef508ab3cf9466dcb45479fced5d3e4be.zip