lib/puppet/indirector/ldap.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78

require 'puppet/indirector/terminus'
require 'puppet/util/ldap/connection'

class Puppet::Indirector::Ldap < Puppet::Indirector::Terminus
  # Perform our ldap search and process the result.
  def find(request)
    ldapsearch(search_filter(request.key)) { |entry| return process(entry) } || nil
  end

  # Process the found entry.  We assume that we don't just want the
  # ldap object.
  def process(entry)
    raise Puppet::DevError, "The 'process' method has not been overridden for the LDAP terminus for #{self.name}"
  end

  # Default to all attributes.
  def search_attributes
    nil
  end

  def search_base
    Puppet[:ldapbase]
  end

  # The ldap search filter to use.
  def search_filter(name)
    raise Puppet::DevError, "No search string set for LDAP terminus for #{self.name}"
  end

  # Find the ldap node, return the class list and parent node specially,
  # and everything else in a parameter hash.
  def ldapsearch(filter)
    raise ArgumentError.new("You must pass a block to ldapsearch") unless block_given?

    found = false
    count = 0

    begin
      connection.search(search_base, 2, filter, search_attributes) do |entry|
        found = true
        yield entry
      end
    rescue SystemExit,NoMemoryError
      raise
    rescue Exception => detail
      if count == 0
        # Try reconnecting to ldap if we get an exception and we haven't yet retried.
        count += 1
        @connection = nil
        Puppet.warning "Retrying LDAP connection"
        retry
      else
        error = Puppet::Error.new("LDAP Search failed")
        error.set_backtrace(detail.backtrace)
        raise error
      end
    end

    found
  end

  # Create an ldap connection.
  def connection
    unless @connection
      raise Puppet::Error, "Could not set up LDAP Connection: Missing ruby/ldap libraries" unless Puppet.features.ldap?
      begin
        conn = Puppet::Util::Ldap::Connection.instance
        conn.start
        @connection = conn.connection
      rescue => detail
        puts detail.backtrace if Puppet[:trace]
        raise Puppet::Error, "Could not connect to LDAP: #{detail}"
      end
    end

    @connection
  end
end