Last active
January 23, 2019 11:26
-
-
Save ptman/7599909 to your computer and use it in GitHub Desktop.
Trying to get and use complex data from LDAP for Ansible.replace : in filename with /
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # vim: set si ai et sw=4 sts=4 ts=4 ft=python: | |
| # coding: utf-8 | |
| # Copyright (c) 2013, ZenRobotics Ltd. | |
| # Author: Paul Tötterman <[email protected]> | |
| """Ansible lookup plugin for looking up user data in an LDAP directory.""" | |
| from ansible import utils, errors | |
| import ldap | |
| def get_ldap_base(conn, persist={}): | |
| """Find out LDAP base.""" | |
| # pylint: disable-msg=W0102 | |
| if 'base' in persist: | |
| return persist['base'] | |
| base = None | |
| entries = conn.search_s('', ldap.SCOPE_BASE, 'objectClass=*', ('+',)) | |
| attrs = entries[0][1] | |
| if len(attrs['namingContexts']) == 1: | |
| base = attrs['namingContexts'][0] | |
| persist['base'] = base | |
| return base | |
| class LookupModule(object): | |
| """Implement the Ansible lookup module interface.""" | |
| # pylint: disable-msg=R0903 | |
| def __init__(self, basedir=None, **_): | |
| """Class initializer. | |
| Discards all arguments except basedir.""" | |
| self.basedir = basedir | |
| self.ldapconn = ldap.initialize(ldap.get_option(ldap.OPT_URI)) | |
| self.ldapbase = get_ldap_base(self.ldapconn) | |
| def run(self, terms, inject=None, **_): | |
| """Process a ldap_user lookup.""" | |
| terms = utils.listify_lookup_plugin_terms(terms, self.basedir, inject) | |
| if isinstance(terms, basestring): | |
| terms = [ terms ] | |
| result = [] | |
| for term in terms: | |
| login = term | |
| entries = self.ldapconn.search_s(self.ldapbase, ldap.SCOPE_SUBTREE, | |
| '(uid=%s)' % login, | |
| ('sshPublicKey',)) | |
| if not len(entries) == 1: | |
| raise errors.AnsibleError('uid=%s not found in LDAP', login) | |
| attrs = entries[0][1] | |
| if 'sshPublicKey' not in attrs: | |
| continue | |
| for pubkey in attrs['sshPublicKey']: | |
| result.append({'login': login, | |
| 'pubkey': pubkey}) | |
| return result |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # vim: set si ai et sw=4 sts=4 ts=4 ft=python: | |
| # coding: utf-8 | |
| # Copyright (c) 2013, ZenRobotics Ltd. | |
| # Author: Paul Tötterman <[email protected]> | |
| """Ansible lookup plugin for looking up user data in an LDAP directory.""" | |
| from ansible import utils, errors | |
| import ldap | |
| def get_ldap_base(conn, persist={}): | |
| """Find out LDAP base.""" | |
| # pylint: disable-msg=W0102 | |
| if 'base' in persist: | |
| return persist['base'] | |
| base = None | |
| entries = conn.search_s('', ldap.SCOPE_BASE, 'objectClass=*', ('+',)) | |
| attrs = entries[0][1] | |
| if len(attrs['namingContexts']) == 1: | |
| base = attrs['namingContexts'][0] | |
| persist['base'] = base | |
| return base | |
| class LookupModule(object): | |
| """Implement the Ansible lookup module interface.""" | |
| # pylint: disable-msg=R0903 | |
| def __init__(self, basedir=None, **_): | |
| """Class initializer. | |
| Discards all arguments except basedir.""" | |
| self.basedir = basedir | |
| self.ldapconn = ldap.initialize(ldap.get_option(ldap.OPT_URI)) | |
| self.ldapbase = get_ldap_base(self.ldapconn) | |
| def run(self, terms, inject=None, **_): | |
| """Process a ldap_user lookup.""" | |
| terms = utils.listify_lookup_plugin_terms(terms, self.basedir, inject) | |
| if isinstance(terms, basestring): | |
| terms = [ terms ] | |
| result = [] | |
| for term in terms: | |
| login = term | |
| entries = self.ldapconn.search_s(self.ldapbase, ldap.SCOPE_SUBTREE, | |
| '(uid=%s)' % login) | |
| if not len(entries) == 1: | |
| raise errors.AnsibleError('uid=%s not found in LDAP', login) | |
| attrs = entries[0][1] | |
| info = {'login': login, | |
| 'uid': int(attrs['uidNumber'][0]), | |
| 'gid': int(attrs['gidNumber'][0]), | |
| 'home': attrs['homeDirectory'][0]} | |
| if 'loginShell' in attrs: | |
| info['shell'] = attrs['loginShell'][0] | |
| if 'gecos' in attrs: | |
| info['gecos'] = attrs['gecos'][0] | |
| result.append(info) | |
| return result |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # vim: set si ai et ts=2 sts=2 sw=2 ft=yaml: | |
| --- | |
| - hosts: all | |
| sudo: yes | |
| vars: | |
| users: foobar | |
| tasks: | |
| - name: 'Add users' | |
| user: name='{{item.login}}' | |
| uid='{{item.uid}}' | |
| #group='{{item.gid}}' # does ansible really want symbolic group name or will gid do? | |
| group=users | |
| groups=sudo | |
| comment='{{item.gecos}}' | |
| with_ldap_users: users | |
| - name: 'SSH pubkeys' | |
| authorized_key: user='{{item.login}}' key='{{item.pubkey}}' | |
| with_ldap_sshkeys: users |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment