lenses/nslcd.aug

   1 (*
   2 Module: Nslcd
   3   Parses /etc/nslcd.conf
   4
   5 Author: Jose Plana <jplana@gmail.com>
   6
   7 About: Reference
   8   This lens tries to keep as close as possible to `man 5 nslcd.conf` where
   9   possible.
  10
  11 License
  12    This file is licenced under the LGPL v2+, like the rest of Augeas.
  13
  14
  15 About: Lens Usage
  16
  17        Sample usage of this lens in augtool:
  18
  19        * get uid
  20          > get /files/etc/nslcd.conf/threads
  21
  22        * set ldap URI
  23          > set /files/etc/nslcd.conf/uri "ldaps://x.y.z"
  24
  25        * get cache values
  26          > get /files/etc/nslcd.conf/cache
  27
  28        * change syslog level to debug
  29          > set /files/etc/nslcd.conf/log "syslog debug"
  30
  31        * add/change filter for the passwd map
  32          > set /files/etc/nslcd.conf/filter/passwd "(objectClass=posixGroup)"
  33
  34        * change the default search scope
  35          > set /files/etc/nslcd.conf/scope[count( * )] "subtree"
  36
  37        * get the default search scope
  38          > get /files/etc/nslcd.conf/scope[count( * )] "subtree"
  39
  40        * add/set a scope search value for a specific (host) map
  41          > set /files/etc/nslcd.conf/scope[host]/host "subtree"
  42
  43        * get all default base search
  44          > match /files/etc/nslcd.conf/base[count( * ) = 0]
  45
  46        * get the 3rd base search default value
  47          > get /files/etc/nslcd.conf/base[3]
  48
  49        * add a new base search default value
  50          > set /files/etc/nslcd.conf/base[last()+1] "dc=example,dc=com"
  51
  52        * change a base search default value to a new base value
  53          > set /files/etc/nslcd.conf/base[self::* = "dc=example,dc=com"] "dc=test,dc=com"
  54
  55        * add/change a base search for a specific map (hosts)
  56          > set /files/etc/nslcd.conf/base[hosts]/hosts "dc=hosts,dc=example,dc=com"
  57
  58        * add a base search for a specific map (passwd)
  59          > set /files/etc/nslcd.conf/base[last()+1]/passwd "dc=users,dc=example,dc=com"
  60
  61        * remove all base search value for a map (rpc)
  62          > rm /files/etc/nslcd.conf/base/rpc
  63
  64        * remove a specific search base value for a map (passwd)
  65          > rm /files/etc/nslcd.conf/base/passwd[self::* = "dc=users,dc=example,dc=com"]
  66
  67        * get an attribute mapping value for a map
  68          > get /files/etc/nslcd.conf/map/passwd/homeDirectory
  69
  70        * get all attribute values for a map
  71          > match /files/etc/nslcd.conf/map/passwd/*
  72
  73        * set a specific attribute for a map
  74          > set /files/etc/nslcd.conf/map/passwd/homeDirectory "\"${homeDirectory:-/home/$uid}\""
  75
  76        * add/change a specific attribute for a map (a map that might not be defined before)
  77          > set /files/etc/nslcd.conf/map[shadow/userPassword]/shadow/userPassword "*"
  78
  79        * remove an attribute for a specific map
  80          > rm /files/etc/nslcd.conf/map/shadow/userPassword
  81
  82        * remove all attributes for a specific map
  83          > rm /files/etc/nslcd.conf/map/passwd/*
  84
  85 About: Configuration files
  86    This lens applies to /etc/nslcd.conf. See <filter>.
  87
  88 About: Examples
  89    The <Test_Nslcd> file contains various examples and tests.
  90 *)
  91
  92 module Nslcd =
  93 autoload xfm
  94
  95
  96 (************************************************************************
  97  * Group:                 USEFUL PRIMITIVES
  98  *************************************************************************)
  99
 100
 101 (* Group: Comments and empty lines *)
 102
 103 (* View: eol *)
 104 let eol                       = Util.eol
 105 (* View: empty *)
 106 let empty                     = Util.empty
 107 (* View: spc *)
 108 let spc                       = Util.del_ws_spc
 109 (* View: comma *)
 110 let comma                     = Sep.comma
 111 (* View: comment *)
 112 let comment                   = Util.comment
 113 (* View: do_dquote *)
 114 let do_dquote                 = Quote.do_dquote
 115 (* View: opt_list *)
 116 let opt_list                  = Build.opt_list
 117
 118 (* Group: Ldap related values
 119 Values that need to be parsed.
 120 *)
 121
 122 (* Variable: ldap_rdn *)
 123 let ldap_rdn                  = /[A-Za-z][A-Za-z]+=[A-Za-z0-9_.-]+/
 124 (* Variable: ldap_dn *)
 125 let ldap_dn                   = ldap_rdn . (/(,)?/ . ldap_rdn)*
 126 (* Variable: ldap_filter *)
 127 let ldap_filter               = /\(.*\)/
 128 (* Variable: ldap_scope *)
 129 let ldap_scope                = /sub(tree)?|one(level)?|base/
 130 (* Variable: map_names *)
 131 let map_names                 = /alias(es)?/
 132                               | /ether(s)?/
 133                               | /group/
 134                               | /host(s)?/
 135                               | /netgroup/
 136                               | /network(s)?/
 137                               | /passwd/
 138                               | /protocol(s)?/
 139                               | /rpc/
 140                               | /service(s)?/
 141                               | /shadow/
 142 (* Variable: key_name *)
 143 let key_name                  = /[^ #\n\t\/][^ #\n\t\/]+/
 144
 145
 146 (************************************************************************
 147  * Group:                 CONFIGURATION ENTRIES
 148  *************************************************************************)
 149
 150 (* Group: Generic definitions *)
 151
 152 (* View: simple_entry
 153 The simplest configuration option a key spc value. As in `gid id`
 154 *)
 155 let simple_entry  (kw:string) = Build.key_ws_value kw
 156
 157 (* View: simple_entry_quoted_value
 158 Simple entry with quoted value
 159 *)
 160 let simple_entry_quoted_value (kw:string) = Build.key_value_line kw spc (do_dquote (store /.*/))
 161
 162 (* View simple_entry_opt_list_comma_value
 163 Simple entry that contains a optional list separated by commas
 164 *)
 165 let simple_entry_opt_list_value (kw:string) (lsep:lens) = Build.key_value_line kw spc (opt_list [ seq kw . store /[^, \t\n\r]+/ ] (lsep))
 166 (* View: key_value_line_regexp
 167 A simple configuration option but specifying the regex for the value.
 168 *)
 169 let key_value_line_regexp (kw:string) (sto:regexp) = Build.key_value_line kw spc (store sto)
 170
 171 (* View: mapped_entry
 172 A mapped configuration as in `filter MAP option`.
 173 *)
 174 let mapped_entry (kw:string) (sto:regexp)  = [ key kw . spc
 175                                                . Build.key_value_line map_names spc (store sto)
 176                                              ]
 177 (* View: key_value_line_regexp_opt_map
 178 A mapped configuration but the MAP value is optional as in scope [MAP] value`.
 179 *)
 180 let key_value_line_regexp_opt_map (kw:string) (sto:regexp) =
 181     ( key_value_line_regexp kw sto | mapped_entry kw sto )
 182
 183 (* View: map_entry
 184 A map entry as in `map MAP ATTRIBUTE NEWATTRIBUTE`.
 185 *)
 186 let map_entry                 = [ key "map" . spc
 187                                 . [ key map_names . spc
 188                                   . [  key key_name . spc . store Rx.no_spaces ]
 189                                   ] .eol
 190                                 ]
 191
 192 (* Group: Option definitions *)
 193
 194 (* View: Base entry *)
 195 let base_entry                = key_value_line_regexp_opt_map "base" ldap_dn
 196
 197 (* View: Scope entry *)
 198 let scope_entry               = key_value_line_regexp_opt_map "scope" ldap_scope
 199
 200 (* View: Filter entry *)
 201 let filter_entry              = mapped_entry "filter" ldap_filter
 202
 203 (* View: entries
 204 All the combined entries.
 205 *)
 206 let entries                   = map_entry
 207                               | base_entry
 208                               | scope_entry
 209                               | filter_entry
 210                               | simple_entry "threads"
 211                               | simple_entry "uid"
 212                               | simple_entry "gid"
 213                               | simple_entry_opt_list_value "uri" spc
 214                               | simple_entry "ldap_version"
 215                               | simple_entry "binddn"
 216                               | simple_entry "bindpw"
 217                               | simple_entry "rootpwmoddn"
 218                               | simple_entry "rootpwmodpw"
 219                               | simple_entry "sasl_mech"
 220                               | simple_entry "sasl_realm"
 221                               | simple_entry "sasl_authcid"
 222                               | simple_entry "sasl_authzid"
 223                               | simple_entry "sasl_secprops"
 224                               | simple_entry "sasl_canonicalize"
 225                               | simple_entry "krb5_ccname"
 226                               | simple_entry "deref"
 227                               | simple_entry "referrals"
 228                               | simple_entry "bind_timelimit"
 229                               | simple_entry "timelimit"
 230                               | simple_entry "idle_timelimit"
 231                               | simple_entry "reconnect_sleeptime"
 232                               | simple_entry "reconnect_retrytime"
 233                               | simple_entry "ssl"
 234                               | simple_entry "tls_reqcert"
 235                               | simple_entry "tls_cacertdir"
 236                               | simple_entry "tls_cacertfile"
 237                               | simple_entry "tls_randfile"
 238                               | simple_entry "tls_ciphers"
 239                               | simple_entry "tls_cert"
 240                               | simple_entry "tls_key"
 241                               | simple_entry "pagesize"
 242                               | simple_entry_opt_list_value "nss_initgroups_ignoreusers" comma
 243                               | simple_entry "nss_min_uid"
 244                               | simple_entry "nss_nested_groups"
 245                               | simple_entry "nss_getgrent_skipmembers"
 246                               | simple_entry "nss_disable_enumeration"
 247                               | simple_entry "validnames"
 248                               | simple_entry "ignorecase"
 249                               | simple_entry "pam_authz_search"
 250                               | simple_entry_quoted_value "pam_password_prohibit_message"
 251                               | simple_entry "reconnect_invalidate"
 252                               | simple_entry "cache"
 253                               | simple_entry "log"
 254                               | simple_entry "pam_authc_ppolicy"
 255
 256 (* View: lens *)
 257 let lns                       = (entries|empty|comment)+
 258
 259 (* View: filter *)
 260 let filter                    = incl "/etc/nslcd.conf"
 261                               . Util.stdexcl
 262
 263 let xfm                       = transform lns filter