(*
Module: Nslcd
Parses /etc/nslcd.conf
Author: Jose Plana <jplana@gmail.com>
About: Reference
This lens tries to keep as close as possible to `man 5 nslcd.conf` where
possible.
License
This file is licenced under the LGPL v2+, like the rest of Augeas.
About: Lens Usage
Sample usage of this lens in augtool:
* get uid
> get /files/etc/nslcd.conf/threads
* set ldap URI
> set /files/etc/nslcd.conf/uri "ldaps://x.y.z"
* get cache values
> get /files/etc/nslcd.conf/cache
* change syslog level to debug
> set /files/etc/nslcd.conf/log "syslog debug"
* add/change filter for the passwd map
> set /files/etc/nslcd.conf/filter/passwd "(objectClass=posixGroup)"
* change the default search scope
> set /files/etc/nslcd.conf/scope[count( * )] "subtree"
* get the default search scope
> get /files/etc/nslcd.conf/scope[count( * )] "subtree"
* add/set a scope search value for a specific (host) map
> set /files/etc/nslcd.conf/scope[host]/host "subtree"
* get all default base search
> match /files/etc/nslcd.conf/base[count( * ) = 0]
* get the 3rd base search default value
> get /files/etc/nslcd.conf/base[3]
* add a new base search default value
> set /files/etc/nslcd.conf/base[last()+1] "dc=example,dc=com"
* change a base search default value to a new base value
> set /files/etc/nslcd.conf/base[self::* = "dc=example,dc=com"] "dc=test,dc=com"
* add/change a base search for a specific map (hosts)
> set /files/etc/nslcd.conf/base[hosts]/hosts "dc=hosts,dc=example,dc=com"
* add a base search for a specific map (passwd)
> set /files/etc/nslcd.conf/base[last()+1]/passwd "dc=users,dc=example,dc=com"
* remove all base search value for a map (rpc)
> rm /files/etc/nslcd.conf/base/rpc
* remove a specific search base value for a map (passwd)
> rm /files/etc/nslcd.conf/base/passwd[self::* = "dc=users,dc=example,dc=com"]
* get an attribute mapping value for a map
> get /files/etc/nslcd.conf/map/passwd/homeDirectory
* get all attribute values for a map
> match /files/etc/nslcd.conf/map/passwd/*
* set a specific attribute for a map
> set /files/etc/nslcd.conf/map/passwd/homeDirectory "\"${homeDirectory:-/home/$uid}\""
* add/change a specific attribute for a map (a map that might not be defined before)
> set /files/etc/nslcd.conf/map[shadow/userPassword]/shadow/userPassword "*"
* remove an attribute for a specific map
> rm /files/etc/nslcd.conf/map/shadow/userPassword
* remove all attributes for a specific map
> rm /files/etc/nslcd.conf/map/passwd/*
About: Configuration files
This lens applies to /etc/nslcd.conf. See <filter>.
About: Examples
The <Test_Nslcd> file contains various examples and tests.
*)
module Nslcd =
autoload xfm
(************************************************************************
* Group: USEFUL PRIMITIVES
*************************************************************************)
(* Group: Comments and empty lines *)
(* View: eol *)
let eol = Util.eol
(* View: empty *)
let empty = Util.empty
(* View: spc *)
let spc = Util.del_ws_spc
(* View: comma *)
let comma = Sep.comma
(* View: comment *)
let comment = Util.comment
(* View: do_dquote *)
let do_dquote = Quote.do_dquote
(* View: opt_list *)
let opt_list = Build.opt_list
(* Group: Ldap related values
Values that need to be parsed.
*)
(* Variable: ldap_rdn *)
let ldap_rdn = /[A-Za-z][A-Za-z]+=[A-Za-z0-9_.-]+/
(* Variable: ldap_dn *)
let ldap_dn = ldap_rdn . (/(,)?/ . ldap_rdn)*
(* Variable: ldap_filter *)
let ldap_filter = /\(.*\)/
(* Variable: ldap_scope *)
let ldap_scope = /sub(tree)?|one(level)?|base/
(* Variable: map_names *)
let map_names = /alias(es)?/
| /ether(s)?/
| /group/
| /host(s)?/
| /netgroup/
| /network(s)?/
| /passwd/
| /protocol(s)?/
| /rpc/
| /service(s)?/
| /shadow/
(* Variable: key_name *)
let key_name = /[^ #\n\t\/][^ #\n\t\/]+/
(************************************************************************
* Group: CONFIGURATION ENTRIES
*************************************************************************)
(* Group: Generic definitions *)
(* View: simple_entry
The simplest configuration option a key spc value. As in `gid id`
*)
let simple_entry (kw:string) = Build.key_ws_value kw
(* View: simple_entry_quoted_value
Simple entry with quoted value
*)
let simple_entry_quoted_value (kw:string) = Build.key_value_line kw spc (do_dquote (store /.*/))
(* View simple_entry_opt_list_comma_value
Simple entry that contains a optional list separated by commas
*)
let simple_entry_opt_list_value (kw:string) (lsep:lens) = Build.key_value_line kw spc (opt_list [ seq kw . store /[^, \t\n\r]+/ ] (lsep))
(* View: key_value_line_regexp
A simple configuration option but specifying the regex for the value.
*)
let key_value_line_regexp (kw:string) (sto:regexp) = Build.key_value_line kw spc (store sto)
(* View: mapped_entry
A mapped configuration as in `filter MAP option`.
*)
let mapped_entry (kw:string) (sto:regexp) = [ key kw . spc
. Build.key_value_line map_names spc (store sto)
]
(* View: key_value_line_regexp_opt_map
A mapped configuration but the MAP value is optional as in scope [MAP] value`.
*)
let key_value_line_regexp_opt_map (kw:string) (sto:regexp) =
( key_value_line_regexp kw sto | mapped_entry kw sto )
(* View: map_entry
A map entry as in `map MAP ATTRIBUTE NEWATTRIBUTE`.
*)
let map_entry = [ key "map" . spc
. [ key map_names . spc
. [ key key_name . spc . store Rx.no_spaces ]
] .eol
]
(* Group: Option definitions *)
(* View: Base entry *)
let base_entry = key_value_line_regexp_opt_map "base" ldap_dn
(* View: Scope entry *)
let scope_entry = key_value_line_regexp_opt_map "scope" ldap_scope
(* View: Filter entry *)
let filter_entry = mapped_entry "filter" ldap_filter
(* View: entries
All the combined entries.
*)
let entries = map_entry
| base_entry
| scope_entry
| filter_entry
| simple_entry "threads"
| simple_entry "uid"
| simple_entry "gid"
| simple_entry_opt_list_value "uri" spc
| simple_entry "ldap_version"
| simple_entry "binddn"
| simple_entry "bindpw"
| simple_entry "rootpwmoddn"
| simple_entry "rootpwmodpw"
| simple_entry "sasl_mech"
| simple_entry "sasl_realm"
| simple_entry "sasl_authcid"
| simple_entry "sasl_authzid"
| simple_entry "sasl_secprops"
| simple_entry "sasl_canonicalize"
| simple_entry "krb5_ccname"
| simple_entry "deref"
| simple_entry "referrals"
| simple_entry "bind_timelimit"
| simple_entry "timelimit"
| simple_entry "idle_timelimit"
| simple_entry "reconnect_sleeptime"
| simple_entry "reconnect_retrytime"
| simple_entry "ssl"
| simple_entry "tls_reqcert"
| simple_entry "tls_cacertdir"
| simple_entry "tls_cacertfile"
| simple_entry "tls_randfile"
| simple_entry "tls_ciphers"
| simple_entry "tls_cert"
| simple_entry "tls_key"
| simple_entry "pagesize"
| simple_entry_opt_list_value "nss_initgroups_ignoreusers" comma
| simple_entry "nss_min_uid"
| simple_entry "nss_nested_groups"
| simple_entry "nss_getgrent_skipmembers"
| simple_entry "nss_disable_enumeration"
| simple_entry "validnames"
| simple_entry "ignorecase"
| simple_entry "pam_authz_search"
| simple_entry_quoted_value "pam_password_prohibit_message"
| simple_entry "reconnect_invalidate"
| simple_entry "cache"
| simple_entry "log"
| simple_entry "pam_authc_ppolicy"
(* View: lens *)
let lns = (entries|empty|comment)+
(* View: filter *)
let filter = incl "/etc/nslcd.conf"
. Util.stdexcl
let xfm = transform lns filter