|
#!/usr/bin/ruby -Ku
|
|
|
|
#--
|
|
# LdapShadows, a Medium-level LDAP Access Library and Tool.
|
|
# Copyright (c) 2009 Marc Dequènes (Duck) <Duck@DuckCorp.org>
|
|
#
|
|
# This program is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
#++
|
|
|
|
# to allow in-place run for test
|
|
$: << File.join(File.dirname(__FILE__), "..", "lib")
|
|
|
|
require 'ldap_shadows'
|
|
require 'ldap_shadows/display_utils'
|
|
require 'yaml'
|
|
require 'cmdparse2'
|
|
|
|
include LdapShadows
|
|
|
|
|
|
config_str = IO.read(File.join(LdapShadows::Config::CFG_DIR, "test.conf"))
|
|
config = YAML.load(config_str)
|
|
config_str_prv_filelist = [
|
|
File.join(ENV['HOME'], ".shadowwalker"),
|
|
File.join(LdapShadows::Config::CFG_DIR, "private.conf")
|
|
]
|
|
config_str_prv_filelist.each do |file|
|
|
if File.exists?(file)
|
|
config_str_prv = IO.read(file)
|
|
config.merge!(YAML.load(config_str_prv))
|
|
break
|
|
end
|
|
end
|
|
config.recursive_symbolize_keys!
|
|
ActiveLdap::Base.setup_connection(config[:ldap])
|
|
|
|
$program_options = {}
|
|
|
|
cmdparser = CmdParse::CommandParser.new(true)
|
|
cmdparser.banner = PRODUCT
|
|
cmdparser.program_name = File.basename(__FILE__)
|
|
cmdparser.program_version = VERSION.split(".")
|
|
|
|
cmdparser.options = CmdParse::OptionParserWrapper.new do |opt|
|
|
opt.separator "Global options:"
|
|
opt.on("--debug", "Output debug info without being formated") {|t| $program_options[:debug] = true }
|
|
opt.on("--expert", "Output extra info for expert users") {|t| $program_options[:expert] = true }
|
|
opt.on("--handles", "Output with handles (objects/field/... keys used for manipulations)") {|t| $program_options[:handles] = true }
|
|
end
|
|
|
|
cmdparser.add_command(CmdParse::HelpCommand.new)
|
|
cmdparser.add_command(CmdParse::VersionCommand.new)
|
|
|
|
ldapctl = Controller.new
|
|
ldapctl.set_global_config(config[:presentation])
|
|
config[:aspects].each_pair do |aspect_name, aspect_data|
|
|
ldapctl.set_aspect(aspect_name, aspect_data)
|
|
end
|
|
config[:objects].each_pair do |obj_name, obj_data|
|
|
ldapctl.load_object(obj_name, obj_data)
|
|
end
|
|
ldapctl.load_relations
|
|
|
|
cmd = CmdParse::Command.new('list', false)
|
|
cmd.short_desc = "list objects"
|
|
cmd.set_execution_block do |args|
|
|
if args.size != 1
|
|
STDERR.puts "syntax error: no object name given"
|
|
exit 1
|
|
end
|
|
|
|
obj_hdl = args.shift.singularize
|
|
obj_klass = ldapctl.find_klass(obj_hdl)
|
|
if obj_klass.nil?
|
|
STDERR.puts "No such object '#{obj_hdl}'."
|
|
exit 2
|
|
end
|
|
|
|
obj_human_name = Translator.translate_object_name(obj_hdl)
|
|
Display.display_item_list("List of " + obj_human_name.pluralize, obj_klass.find(:all))
|
|
end
|
|
cmdparser.add_command(cmd)
|
|
|
|
cmd = CmdParse::Command.new('show', false)
|
|
cmd.short_desc = "show object information"
|
|
cmd.set_execution_block do |args|
|
|
if args.size < 1
|
|
STDERR.puts "syntax error: no object name given"
|
|
exit 1
|
|
end
|
|
if args.size < 2
|
|
STDERR.puts "syntax error: no item name given"
|
|
exit 1
|
|
end
|
|
|
|
obj_hdl = args.shift
|
|
obj_klass = ldapctl.find_klass(obj_hdl)
|
|
if obj_klass.nil?
|
|
STDERR.puts "No such object '#{obj_hdl}'."
|
|
exit 2
|
|
end
|
|
|
|
item_hdl = args.shift
|
|
begin
|
|
item = obj_klass.find(item_hdl, :attributes => ["*", "+"])
|
|
rescue ActiveLdap::EntryNotFound
|
|
STDERR.puts "No such item '#{obj_hdl}/#{item_hdl}'"
|
|
exit 2
|
|
end
|
|
|
|
Display.display_item(item, $program_options)
|
|
end
|
|
cmdparser.add_command(cmd)
|
|
|
|
cmd = CmdParse::Command.new('tree', false)
|
|
cmd.short_desc = "show skeleton objects tree"
|
|
cmd.set_execution_block do |args|
|
|
puts "Tree:"
|
|
|
|
base_dn = ActiveLdap::DistinguishedName.parse(LdapObject.base)
|
|
|
|
gconfig = ldapctl.get_global_config()
|
|
if gconfig.has_key?(:tree_objects)
|
|
tree = {}
|
|
|
|
gconfig[:tree_objects].each do |obj_hdl|
|
|
obj_klass = ldapctl.find_klass(obj_hdl)
|
|
raise "object '#{obj_hdl}' not defined" unless obj_klass
|
|
|
|
obj_klass.find(:all).each do |obj|
|
|
ptree = tree
|
|
pdn = nil
|
|
(obj.dn_obj - base_dn).to_s.split(',').reverse.each do |pdn|
|
|
ptree[pdn] = {} unless ptree.has_key?(pdn)
|
|
ptree = ptree[pdn]
|
|
end
|
|
ptree = nil
|
|
end
|
|
end
|
|
tree = {base_dn => tree}
|
|
|
|
Display.display_hash_tree(tree, 0)
|
|
end
|
|
end
|
|
cmdparser.add_command(cmd)
|
|
|
|
cmd = CmdParse::Command.new('mod', false)
|
|
cmd.short_desc = "Modify attributes of an object"
|
|
cmd.set_execution_block do |args|
|
|
if args.size < 1
|
|
STDERR.puts "syntax error: no object name given"
|
|
exit 1
|
|
end
|
|
if args.size < 2
|
|
STDERR.puts "syntax error: no item name given"
|
|
exit 1
|
|
end
|
|
|
|
obj_hdl = args.shift
|
|
obj_klass = ldapctl.find_klass(obj_hdl)
|
|
if obj_klass.nil?
|
|
STDERR.puts "No such object '#{obj_hdl}'."
|
|
exit 2
|
|
end
|
|
|
|
item_hdl = args.shift
|
|
begin
|
|
item = obj_klass.find(item_hdl, :attributes => ["*",])
|
|
rescue ActiveLdap::EntryNotFound
|
|
STDERR.puts "No such item '#{obj_hdl}/#{item_hdl}'"
|
|
exit 2
|
|
end
|
|
|
|
puts "COIN"
|
|
p args
|
|
args.each do |mod_info|
|
|
mod_info =~ /^([a-zA-Z]+)(=|\+=|-=)(.*)$/
|
|
key = $1
|
|
op = $2
|
|
val = $3
|
|
p "key: #{key}"
|
|
p "op: #{op}"
|
|
p "val: #{val}"
|
|
|
|
# TODO: manage relations (harder)
|
|
|
|
if key.nil?
|
|
STDERR.puts "Syntax error in modification parameters: invalid field name"
|
|
exit 1
|
|
end
|
|
unless item.has_attribute?(key)
|
|
STDERR.puts "No such field '#{key}' in object '#{obj_hdl}'"
|
|
exit 2
|
|
end
|
|
|
|
attr_info = ActiveLdap::Base.schema.attribute(key)
|
|
if attr_info.read_only?
|
|
STDERR.puts "The field '#{key}' cannot be modified (read only), skipping."
|
|
next
|
|
end
|
|
|
|
old_val = item.send(key)
|
|
old_val = [old_val] unless old_val.is_a? Array
|
|
|
|
# if val is nil or the latest value is removed, then the atribute is removed from the object
|
|
case op
|
|
when '='
|
|
new_val = [val]
|
|
when '+='
|
|
if attr_info.single_value?
|
|
STDERR.puts "The field '#{key}' cannot hold more than one value."
|
|
exit 3
|
|
end
|
|
new_val = old_val << val
|
|
when '-='
|
|
new_val = old_val - [val]
|
|
else
|
|
STDERR.puts "Syntax error in modification parameters: wrong operator"
|
|
exit 1
|
|
end
|
|
|
|
item.send(key + "=", new_val)
|
|
end
|
|
|
|
p item.valid?
|
|
p item.modified_attributes
|
|
begin
|
|
item.save!
|
|
rescue ActiveLdap::OperationNotPermitted => e
|
|
STDERR.puts "You don't have enough rights to modify--at least--one of these attributes."
|
|
exit 3
|
|
rescue ActiveLdap::LdapError => e
|
|
STDERR.puts "LDAP error: " + e.to_s
|
|
exit 3
|
|
rescue ActiveLdap::EntryInvalid => e
|
|
STDERR.puts e.to_s
|
|
exit 3
|
|
end
|
|
|
|
puts "Modification done"
|
|
end
|
|
cmdparser.add_command(cmd)
|
|
|
|
cmdparser.parse
|
|
|
|
# ActiveLdap bugs:
|
|
# - fetching operational attributes in an object used for modification cause
|
|
# collect_modified_attributes() to catch them by mistake and triggers an
|
|
# ActiveLdap::LdapError::ConstraintViolation exception
|