[Puppet-dev] [PATCH 1/1] Fixed #1272 - ldap group names will be converted to GIDs.

Luke Kanies Mon, 07 Jul 2008 13:41:14 -0700

Note that this only looks up ldap groups, at this point; if you want to set an
ldap user's primary group to a local group, you have to specify the GID.


Signed-off-by: Luke Kanies <[EMAIL PROTECTED]>
---
 CHANGELOG                         |    5 +++++
 lib/puppet/provider/group/ldap.rb |    9 +++++++++
 lib/puppet/provider/user/ldap.rb  |   14 ++++++++++++++
 spec/unit/provider/group/ldap.rb  |   25 +++++++++++++++++++++++++
 spec/unit/provider/user/ldap.rb   |    8 ++++++++
 5 files changed, 61 insertions(+), 0 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 1943e37..4b73e04 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,4 +1,9 @@
 0.24.?
+    Fixed #1272 - if you provide a group name as the gid to an ldap
+    user, the name will be converted to a gid.  Note that this only
+    looks up ldap groups, at this point; if you want to set an ldap
+    user's primary group to a local group, you have to specify the GID.
+
     Fixed #1232 - the rundir no longer specifies a user/group,
     and there are now client- and server-specific yaml directories.
 
diff --git a/lib/puppet/provider/group/ldap.rb 
b/lib/puppet/provider/group/ldap.rb
index a4870fc..37a7e73 100644
--- a/lib/puppet/provider/group/ldap.rb
+++ b/lib/puppet/provider/group/ldap.rb
@@ -36,4 +36,13 @@ Puppet::Type.type(:group).provide :ldap, :parent => 
Puppet::Provider::Ldap do
         largest + 1
     end
 
+    # Convert a group name to an id.
+    def self.name2id(group)
+        return nil unless result = manager.search("cn=%s" % group) and 
result.length > 0
+
+        # Only use the first result.
+        group = result[0]
+        gid = group[:gid][0]
+        return gid
+    end
 end
diff --git a/lib/puppet/provider/user/ldap.rb b/lib/puppet/provider/user/ldap.rb
index 0d149ac..da1edc5 100644
--- a/lib/puppet/provider/user/ldap.rb
+++ b/lib/puppet/provider/user/ldap.rb
@@ -45,6 +45,15 @@ Puppet::Type.type(:user).provide :ldap, :parent => 
Puppet::Provider::Ldap do
         largest + 1
     end
 
+    # Convert our gid to a group name, if necessary.
+    def gid=(value)
+        unless [Fixnum, Bignum].include?(value.class)
+            value = group2id(value)
+        end
+
+        @property_hash[:gid] = value
+    end
+
     # Find all groups this user is a member of in ldap.
     def groups
         # We want to cache the current result, so we know if we
@@ -101,6 +110,11 @@ Puppet::Type.type(:user).provide :ldap, :parent => 
Puppet::Provider::Ldap do
         end
     end
 
+    # Convert a gropu name to an id.
+    def group2id(group)
+        Puppet::Type.type(:group).provider(:ldap).name2id(group)
+    end
+
     private
 
     def group_manager
diff --git a/spec/unit/provider/group/ldap.rb b/spec/unit/provider/group/ldap.rb
index 53d9e8b..ab2bd72 100755
--- a/spec/unit/provider/group/ldap.rb
+++ b/spec/unit/provider/group/ldap.rb
@@ -77,4 +77,29 @@ describe provider_class do
             end
         end
     end
+
+    it "should have a method for converting group names to GIDs" do
+        provider_class.should respond_to(:name2id)
+    end
+
+    describe "when converting from a group name to GID" do
+        it "should use the ldap manager to look up the GID" do
+            provider_class.manager.expects(:search).with("cn=foo")
+            provider_class.name2id("foo")
+        end
+
+        it "should return nil if no group is found" do
+            provider_class.manager.expects(:search).with("cn=foo").returns nil
+            provider_class.name2id("foo").should be_nil
+            provider_class.manager.expects(:search).with("cn=bar").returns []
+            provider_class.name2id("bar").should be_nil
+        end
+
+        # We shouldn't ever actually have more than one gid, but it doesn't 
hurt
+        # to test for the possibility.
+        it "should return the first gid from the first returned group" do
+            provider_class.manager.expects(:search).with("cn=foo").returns 
[{:name => "foo", :gid => [10, 11]}, {:name => :bar, :gid => [20, 21]}]
+            provider_class.name2id("foo").should == 10
+        end
+    end
 end
diff --git a/spec/unit/provider/user/ldap.rb b/spec/unit/provider/user/ldap.rb
index 90fc742..4386fa8 100755
--- a/spec/unit/provider/user/ldap.rb
+++ b/spec/unit/provider/user/ldap.rb
@@ -24,6 +24,14 @@ describe provider_class do
         provider_class.manager.rdn.should == :uid
     end
 
+    it "should use the ldap group provider to convert group names to numbers" 
do
+        provider = provider_class.new(:name => "foo")
+        
Puppet::Type.type(:group).provider(:ldap).expects(:name2id).with("bar").returns 
10
+
+        provider.gid = 'bar'
+        provider.gid.should == 10
+    end
+
     {:name => "uid",
         :password => "userPassword",
         :comment => "cn",
-- 
1.5.3.7


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Puppet Developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/puppet-dev?hl=en
-~----------~----~----~----~------~----~------~--~---

[Puppet-dev] [PATCH 1/1] Fixed #1272 - ldap group names will be converted to GIDs.

Reply via email to