diff options
| -rw-r--r-- | CHANGELOG | 5 | ||||
| -rw-r--r-- | lib/puppet/provider/group/ldap.rb | 9 | ||||
| -rw-r--r-- | lib/puppet/provider/user/ldap.rb | 14 | ||||
| -rwxr-xr-x | spec/unit/provider/group/ldap.rb | 25 | ||||
| -rwxr-xr-x | spec/unit/provider/user/ldap.rb | 7 |
5 files changed, 60 insertions, 0 deletions
@@ -1,6 +1,11 @@ 0.24.? Fixed #1399 - the ldap user provider now knows it can manage passwords. + + Fixed #1272 - if you provide a group name as the gid to an ldap + user, the name will be converted to a gid. Note that this only + looks up ldap groups, at this point; if you want to set an ldap + user's primary group to a local group, you have to specify the GID. Fixed #1232 - the rundir no longer specifies a user/group, and there are now client- and server-specific yaml directories. diff --git a/lib/puppet/provider/group/ldap.rb b/lib/puppet/provider/group/ldap.rb index a4870fc68..37a7e7343 100644 --- a/lib/puppet/provider/group/ldap.rb +++ b/lib/puppet/provider/group/ldap.rb @@ -36,4 +36,13 @@ Puppet::Type.type(:group).provide :ldap, :parent => Puppet::Provider::Ldap do largest + 1 end + # Convert a group name to an id. + def self.name2id(group) + return nil unless result = manager.search("cn=%s" % group) and result.length > 0 + + # Only use the first result. + group = result[0] + gid = group[:gid][0] + return gid + end end diff --git a/lib/puppet/provider/user/ldap.rb b/lib/puppet/provider/user/ldap.rb index 57f926da8..2e200a88e 100644 --- a/lib/puppet/provider/user/ldap.rb +++ b/lib/puppet/provider/user/ldap.rb @@ -47,6 +47,15 @@ Puppet::Type.type(:user).provide :ldap, :parent => Puppet::Provider::Ldap do largest + 1 end + # Convert our gid to a group name, if necessary. + def gid=(value) + unless [Fixnum, Bignum].include?(value.class) + value = group2id(value) + end + + @property_hash[:gid] = value + end + # Find all groups this user is a member of in ldap. def groups # We want to cache the current result, so we know if we @@ -103,6 +112,11 @@ Puppet::Type.type(:user).provide :ldap, :parent => Puppet::Provider::Ldap do end end + # Convert a gropu name to an id. + def group2id(group) + Puppet::Type.type(:group).provider(:ldap).name2id(group) + end + private def group_manager diff --git a/spec/unit/provider/group/ldap.rb b/spec/unit/provider/group/ldap.rb index 53d9e8bfc..ab2bd72aa 100755 --- a/spec/unit/provider/group/ldap.rb +++ b/spec/unit/provider/group/ldap.rb @@ -77,4 +77,29 @@ describe provider_class do end end end + + it "should have a method for converting group names to GIDs" do + provider_class.should respond_to(:name2id) + end + + describe "when converting from a group name to GID" do + it "should use the ldap manager to look up the GID" do + provider_class.manager.expects(:search).with("cn=foo") + provider_class.name2id("foo") + end + + it "should return nil if no group is found" do + provider_class.manager.expects(:search).with("cn=foo").returns nil + provider_class.name2id("foo").should be_nil + provider_class.manager.expects(:search).with("cn=bar").returns [] + provider_class.name2id("bar").should be_nil + end + + # We shouldn't ever actually have more than one gid, but it doesn't hurt + # to test for the possibility. + it "should return the first gid from the first returned group" do + provider_class.manager.expects(:search).with("cn=foo").returns [{:name => "foo", :gid => [10, 11]}, {:name => :bar, :gid => [20, 21]}] + provider_class.name2id("foo").should == 10 + end + end end diff --git a/spec/unit/provider/user/ldap.rb b/spec/unit/provider/user/ldap.rb index 5cae61a7f..7e039d582 100755 --- a/spec/unit/provider/user/ldap.rb +++ b/spec/unit/provider/user/ldap.rb @@ -26,6 +26,13 @@ describe provider_class do it "should be able to manage passwords" do provider_class.should be_manages_passwords + + it "should use the ldap group provider to convert group names to numbers" do + provider = provider_class.new(:name => "foo") + Puppet::Type.type(:group).provider(:ldap).expects(:name2id).with("bar").returns 10 + + provider.gid = 'bar' + provider.gid.should == 10 end {:name => "uid", |