5 Author: Jose Plana <jplana@gmail.com>
8 This lens tries to keep as close as possible to `man 5 nslcd.conf` where
12 This file is licenced under the LGPL v2+, like the rest of Augeas.
17 Sample usage of this lens in augtool:
20 > get /files/etc/nslcd.conf/threads
23 > set /files/etc/nslcd.conf/uri "ldaps://x.y.z"
26 > get /files/etc/nslcd.conf/cache
28 * change syslog level to debug
29 > set /files/etc/nslcd.conf/log "syslog debug"
31 * add/change filter for the passwd map
32 > set /files/etc/nslcd.conf/filter/passwd "(objectClass=posixGroup)"
34 * change the default search scope
35 > set /files/etc/nslcd.conf/scope[count( * )] "subtree"
37 * get the default search scope
38 > get /files/etc/nslcd.conf/scope[count( * )] "subtree"
40 * add/set a scope search value for a specific (host) map
41 > set /files/etc/nslcd.conf/scope[host]/host "subtree"
43 * get all default base search
44 > match /files/etc/nslcd.conf/base[count( * ) = 0]
46 * get the 3rd base search default value
47 > get /files/etc/nslcd.conf/base[3]
49 * add a new base search default value
50 > set /files/etc/nslcd.conf/base[last()+1] "dc=example,dc=com"
52 * change a base search default value to a new base value
53 > set /files/etc/nslcd.conf/base[self::* = "dc=example,dc=com"] "dc=test,dc=com"
55 * add/change a base search for a specific map (hosts)
56 > set /files/etc/nslcd.conf/base[hosts]/hosts "dc=hosts,dc=example,dc=com"
58 * add a base search for a specific map (passwd)
59 > set /files/etc/nslcd.conf/base[last()+1]/passwd "dc=users,dc=example,dc=com"
61 * remove all base search value for a map (rpc)
62 > rm /files/etc/nslcd.conf/base/rpc
64 * remove a specific search base value for a map (passwd)
65 > rm /files/etc/nslcd.conf/base/passwd[self::* = "dc=users,dc=example,dc=com"]
67 * get an attribute mapping value for a map
68 > get /files/etc/nslcd.conf/map/passwd/homeDirectory
70 * get all attribute values for a map
71 > match /files/etc/nslcd.conf/map/passwd/*
73 * set a specific attribute for a map
74 > set /files/etc/nslcd.conf/map/passwd/homeDirectory "\"${homeDirectory:-/home/$uid}\""
76 * add/change a specific attribute for a map (a map that might not be defined before)
77 > set /files/etc/nslcd.conf/map[shadow/userPassword]/shadow/userPassword "*"
79 * remove an attribute for a specific map
80 > rm /files/etc/nslcd.conf/map/shadow/userPassword
82 * remove all attributes for a specific map
83 > rm /files/etc/nslcd.conf/map/passwd/*
85 About: Configuration files
86 This lens applies to /etc/nslcd.conf. See <filter>.
89 The <Test_Nslcd> file contains various examples and tests.
96 (************************************************************************
97 * Group: USEFUL PRIMITIVES
98 *************************************************************************)
101 (* Group: Comments and empty lines *)
106 let empty = Util.empty
108 let spc = Util.del_ws_spc
110 let comma = Sep.comma
112 let comment = Util.comment
113 (* View: do_dquote *)
114 let do_dquote = Quote.do_dquote
116 let opt_list = Build.opt_list
118 (* Group: Ldap related values
119 Values that need to be parsed.
122 (* Variable: ldap_rdn *)
123 let ldap_rdn = /[A-Za-z][A-Za-z]+=[A-Za-z0-9_.-]+/
124 (* Variable: ldap_dn *)
125 let ldap_dn = ldap_rdn . (/(,)?/ . ldap_rdn)*
126 (* Variable: ldap_filter *)
127 let ldap_filter = /\(.*\)/
128 (* Variable: ldap_scope *)
129 let ldap_scope = /sub(tree)?|one(level)?|base/
130 (* Variable: map_names *)
131 let map_names = /alias(es)?/
142 (* Variable: key_name *)
143 let key_name = /[^ #\n\t\/][^ #\n\t\/]+/
146 (************************************************************************
147 * Group: CONFIGURATION ENTRIES
148 *************************************************************************)
150 (* Group: Generic definitions *)
152 (* View: simple_entry
153 The simplest configuration option a key spc value. As in `gid id`
155 let simple_entry (kw:string) = Build.key_ws_value kw
157 (* View: simple_entry_quoted_value
158 Simple entry with quoted value
160 let simple_entry_quoted_value (kw:string) = Build.key_value_line kw spc (do_dquote (store /.*/))
162 (* View simple_entry_opt_list_comma_value
163 Simple entry that contains a optional list separated by commas
165 let simple_entry_opt_list_value (kw:string) (lsep:lens) = Build.key_value_line kw spc (opt_list [ seq kw . store /[^, \t\n\r]+/ ] (lsep))
166 (* View: key_value_line_regexp
167 A simple configuration option but specifying the regex for the value.
169 let key_value_line_regexp (kw:string) (sto:regexp) = Build.key_value_line kw spc (store sto)
171 (* View: mapped_entry
172 A mapped configuration as in `filter MAP option`.
174 let mapped_entry (kw:string) (sto:regexp) = [ key kw . spc
175 . Build.key_value_line map_names spc (store sto)
177 (* View: key_value_line_regexp_opt_map
178 A mapped configuration but the MAP value is optional as in scope [MAP] value`.
180 let key_value_line_regexp_opt_map (kw:string) (sto:regexp) =
181 ( key_value_line_regexp kw sto | mapped_entry kw sto )
184 A map entry as in `map MAP ATTRIBUTE NEWATTRIBUTE`.
186 let map_entry = [ key "map" . spc
187 . [ key map_names . spc
188 . [ key key_name . spc . store Rx.no_spaces ]
192 (* Group: Option definitions *)
194 (* View: Base entry *)
195 let base_entry = key_value_line_regexp_opt_map "base" ldap_dn
197 (* View: Scope entry *)
198 let scope_entry = key_value_line_regexp_opt_map "scope" ldap_scope
200 (* View: Filter entry *)
201 let filter_entry = mapped_entry "filter" ldap_filter
204 All the combined entries.
206 let entries = map_entry
210 | simple_entry "threads"
213 | simple_entry_opt_list_value "uri" spc
214 | simple_entry "ldap_version"
215 | simple_entry "binddn"
216 | simple_entry "bindpw"
217 | simple_entry "rootpwmoddn"
218 | simple_entry "rootpwmodpw"
219 | simple_entry "sasl_mech"
220 | simple_entry "sasl_realm"
221 | simple_entry "sasl_authcid"
222 | simple_entry "sasl_authzid"
223 | simple_entry "sasl_secprops"
224 | simple_entry "sasl_canonicalize"
225 | simple_entry "krb5_ccname"
226 | simple_entry "deref"
227 | simple_entry "referrals"
228 | simple_entry "bind_timelimit"
229 | simple_entry "timelimit"
230 | simple_entry "idle_timelimit"
231 | simple_entry "reconnect_sleeptime"
232 | simple_entry "reconnect_retrytime"
234 | simple_entry "tls_reqcert"
235 | simple_entry "tls_cacertdir"
236 | simple_entry "tls_cacertfile"
237 | simple_entry "tls_randfile"
238 | simple_entry "tls_ciphers"
239 | simple_entry "tls_cert"
240 | simple_entry "tls_key"
241 | simple_entry "pagesize"
242 | simple_entry_opt_list_value "nss_initgroups_ignoreusers" comma
243 | simple_entry "nss_min_uid"
244 | simple_entry "nss_nested_groups"
245 | simple_entry "nss_getgrent_skipmembers"
246 | simple_entry "nss_disable_enumeration"
247 | simple_entry "validnames"
248 | simple_entry "ignorecase"
249 | simple_entry "pam_authz_search"
250 | simple_entry_quoted_value "pam_password_prohibit_message"
251 | simple_entry "reconnect_invalidate"
252 | simple_entry "cache"
254 | simple_entry "pam_authc_ppolicy"
257 let lns = (entries|empty|comment)+
260 let filter = incl "/etc/nslcd.conf"
263 let xfm = transform lns filter