New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add replacement ldapquery::search function #47
Conversation
@@ -16,6 +16,7 @@ | |||
Optional[server] => String[1], |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a single server .
The module supports multiple servers as
ldap.hosts = [[ldap1.ex.org,389], [ldap2.ex.org, 389]]
if reworking would be good.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That type is only used in the legacy dispatch. The new one accepts a Hash (that I might tighten down to a Struct), where you can set hosts
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm going to work on the docs and examples this morning. Hopefully it'll become clearer.
8faf8be
to
673d581
Compare
dispatch :query do | ||
param 'Optional[String[1]]', :base | ||
param 'Optional[String[1]]', :filter | ||
param 'Array[String[1],1]', :attributes | ||
optional_param 'LDAPArgs', :ldap_args | ||
optional_param 'Enum["sub","base","single"]', :scope | ||
optional_param 'Integer[1]', :search_timeout | ||
return_type 'Array' | ||
end |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
From my personal view i do not get why that loading of the new config file and extended value support must be hidden beneath a new dispatch. Also that optional base and filter are not optional_param is strange for me.
ldapquery::query(undef, undef, ['uid'])
looks strange.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wanted to retain the current interface alongside the new one. Some people might have calls to the function spread out across multiple manifests and forcing them to refactor them all at once isn't as friendly as publishing a version that works with both. The dispatches have to be unambiguous for this to work.
I'd imagine most people will only put their connection details in the config file and almost always also use a filter. I made undef
allowable for completeness.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes sure but why not simply using the "old" one and add there the new feature set?
I not really see any breaking change in doing it since in the end both use the same search function. Only the way from where defaults are coming differ.
So the kind of thing i wanted to do with #40.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think there needs to be a way of distinguishing what config file the code should use. I really didn't want a function that tried to use both. In the original options hash, only server
was relevant to connecting to ldap, base
and scope
are really search arguments. And do I merge server
with host
and hosts
? Having ldap_args being fed directly (after converting somethings to symbols as required), to the ruby ldap search
method allows for any/all options to be specified without us trying to magically set anything based on a combination of other settings.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe it would be cleaner to just put the new code in openldap::search
instead? (although I still think we just drop the original implementation at some point and not hack more stuff into it). And maybe it's not necessary to allow undef
for base
and filter
. Imposing that all calls have the first 3 arguments (base, filter, attributes) wouldn't be a hardship on users and might make your code look less magic and more readable.
47d523c
to
94c7756
Compare
Hi, Any chance of finishing this off , have written against this branch and its working well. The idea of creating a new function Am using it like: $_filter = "(&(objectClass=group)(|${_egroups.map | $_eg | { "(CN=${_eg})" }.join()}))"
$_results = ldapquery::query(
'OU=e-groups,OU=Workgroups,DC=example,DC=ch',
$_filter,
['member'],
{
'hosts' => [
['ldap.example.ch', 389],
['ldap-critical.example.ch', 389],
],
'scope' => 'sub'
},
) which is fine I'd say. If the connection parameters came from a file f we certainly have more than one ldap server so that location path needs to be a configuration. I would just leave loading from a yaml or hiera as exercise for the reader. |
845f588
to
a076ef0
Compare
@traylenator I've just got around to picking this up again. Decided the best approach is probably just a new function instead of messing around with multiple dispatches etc. Just doing a bit more testing locally, then I'll take this off draft. |
Sourcing ldap server configuration options from puppet.conf was conflating their original purpose, and a future release of Puppet may even remove these options. It's still desirable to be able to set defaults for the function from a file, but a dedicated yaml file is far more flexible than an ini file. In this commit, a new `ldapquery::search` function is added with a new implementation. The old version is kept, but marked as DEPRECATED.
a076ef0
to
91922b3
Compare
Thanks - had it mind to look at. |
Sourcing ldap server configuration options from puppet.conf was conflating their original purpose, and a future release of Puppet may even remove these options.
It's still desirable to be able to set defaults for the function from a file, but a dedicated yaml file is far more flexible than an ini file.
In this commit, a new
ldapquery::search
function is added with a new implementation. The old version is kept, but marked as DEPRECATED.