Nslcd

Parses /etc/nslcd.conf

Author: Jose Plana jpl.nosp@m.ana@gmai.nosp@m.l.com

Summary
NslcdParses /etc/nslcd.conf
ReferenceThis lens tries to keep as close as possible to `man 5 nslcd.conf` where possible.
Lens Usage
Configuration filesThis lens applies to /etc/nslcd.conf.
ExamplesThe Test_Nslcd file contains various examples and tests.
USEFUL PRIMITIVES
Comments and empty lines
eol
empty
spc
comma
comment
do_dquote
opt_list
Ldap related valuesValues that need to be parsed.
ldap_rdn
ldap_dn
ldap_filter
ldap_scope
map_names
key_name
CONFIGURATION ENTRIES
Generic definitions
simple_entryThe simplest configuration option a key spc value.
simple_entry_quoted_valueSimple entry with quoted value
key_value_line_regexpA simple configuration option but specifying the regex for the value.
mapped_entryA mapped configuration as in `filter MAP option`.
key_value_line_regexp_opt_mapA mapped configuration but the MAP value is optional as in scope [MAP] value`.
map_entryA map entry as in `map MAP ATTRIBUTE NEWATTRIBUTE`.
Option definitions
Base entry
Scope entry
Filter entry
entriesAll the combined entries.
lens
filter

Reference

This lens tries to keep as close as possible to `man 5 nslcd.conf` where possible.

License This file is licenced under the LGPL v2+, like the rest of Augeas.

Lens Usage

Sample usage of this lens in augtool

  • get uid
get /files/etc/nslcd.conf/threads
  • set ldap URI
set /files/etc/nslcd.conf/uri "ldaps://x.y.z"
  • get cache values
get /files/etc/nslcd.conf/cache
  • change syslog level to debug
set /files/etc/nslcd.conf/log "syslog debug"
  • add/change filter for the passwd map
set /files/etc/nslcd.conf/filter/passwd "(objectClass=posixGroup)"
  • change the default search scope
set /files/etc/nslcd.conf/scope[count( * )] "subtree"
  • get the default search scope
get /files/etc/nslcd.conf/scope[count( * )] "subtree"
  • add/set a scope search value for a specific (host) map
set /files/etc/nslcd.conf/scope[host]/host "subtree"
  • get all default base search
match /files/etc/nslcd.conf/base[count( * ) = 0]
  • get the 3rd base search default value
get /files/etc/nslcd.conf/base[3]
  • add a new base search default value
set /files/etc/nslcd.conf/base[last()+1] "dc=example,dc=com"
  • change a base search default value to a new base value
set /files/etc/nslcd.conf/base[self::* = "dc=example,dc=com"] "dc=test,dc=com"
  • add/change a base search for a specific map (hosts)
set /files/etc/nslcd.conf/base[hosts]/hosts "dc=hosts,dc=example,dc=com"
  • add a base search for a specific map (passwd)
set /files/etc/nslcd.conf/base[last()+1]/passwd "dc=users,dc=example,dc=com"
  • remove all base search value for a map (rpc)
rm /files/etc/nslcd.conf/base/rpc
  • remove a specific search base value for a map (passwd)
rm /files/etc/nslcd.conf/base/passwd[self::* = "dc=users,dc=example,dc=com"]
  • get an attribute mapping value for a map
get /files/etc/nslcd.conf/map/passwd/homeDirectory
  • get all attribute values for a map
match /files/etc/nslcd.conf/map/passwd/*
  • set a specific attribute for a map
set /files/etc/nslcd.conf/map/passwd/homeDirectory "\"${homeDirectory:-/home/$uid}\""
  • add/change a specific attribute for a map (a map that might not be defined before)
set /files/etc/nslcd.conf/map[shadow/userPassword]/shadow/userPassword "*"
  • remove an attribute for a specific map
rm /files/etc/nslcd.conf/map/shadow/userPassword
  • remove all attributes for a specific map
rm /files/etc/nslcd.conf/map/passwd/*

Configuration files

This lens applies to /etc/nslcd.conf.  See filter.

Examples

The Test_Nslcd file contains various examples and tests.

USEFUL PRIMITIVES

Comments and empty lines

eol

let eol = Util.eol

empty

let empty = Util.empty

spc

let spc = Util.del_ws_spc

comma

let comma = Sep.comma

comment

let comment = Util.comment

do_dquote

let do_dquote = Quote.do_dquote

opt_list

let opt_list = Build.opt_list

Ldap related values

Values that need to be parsed.

ldap_rdn

let ldap_rdn = /[A-Za-z][A-Za-z]+=[A-Za-z0-9_.-]+/

ldap_dn

let ldap_dn = ldap_rdn . (/(,)?/ . ldap_rdn)*

ldap_filter

let ldap_filter = /\(.*\)/

ldap_scope

let ldap_scope = /sub(tree)?|one(level)?|base/

map_names

let map_names = /alias(es)?/ | /ether(s)?/ | /group/ | /host(s)?/ | /netgroup/ | /network(s)?/ | /passwd/ | /protocol(s)?/ | /rpc/ | /service(s)?/ | /shadow/

key_name

let key_name = /[^ #\n\t\/][^ #\n\t\/]+/

CONFIGURATION ENTRIES

Generic definitions

simple_entry

let simple_entry (kw:string) = Build.key_ws_value kw

The simplest configuration option a key spc value.  As in `gid id`

simple_entry_quoted_value

let simple_entry_quoted_value (kw:string) = Build.key_value_line kw spc (do_dquote (store /.*/))

Simple entry with quoted value

key_value_line_regexp

let key_value_line_regexp (kw:string) (sto:regexp) = Build.key_value_line kw spc (store sto)

A simple configuration option but specifying the regex for the value.

mapped_entry

let mapped_entry (kw:string) (sto:regexp) = [ key kw . spc . Build.key_value_line map_names spc (store sto) ]

A mapped configuration as in `filter MAP option`.

key_value_line_regexp_opt_map

let key_value_line_regexp_opt_map (kw:string) (sto:regexp) = ( key_value_line_regexp kw sto | mapped_entry kw sto )

A mapped configuration but the MAP value is optional as in scope [MAP] value`.

map_entry

let map_entry = [ key "map" . spc . [ key map_names . spc . [ key key_name . spc . store Rx.no_spaces ] ] .eol ]

A map entry as in `map MAP ATTRIBUTE NEWATTRIBUTE`.

Option definitions

Base entry

Scope entry

Filter entry

entries

let entries = map_entry | base_entry | scope_entry | filter_entry | simple_entry "threads" | simple_entry "uid" | simple_entry "gid" | simple_entry_opt_list_value "uri" spc | simple_entry "ldap_version" | simple_entry "binddn" | simple_entry "bindpw" | simple_entry "rootpwmoddn" | simple_entry "rootpwmodpw" | simple_entry "sasl_mech" | simple_entry "sasl_realm" | simple_entry "sasl_authcid" | simple_entry "sasl_authzid" | simple_entry "sasl_secprops" | simple_entry "sasl_canonicalize" | simple_entry "krb5_ccname" | simple_entry "deref" | simple_entry "referrals" | simple_entry "bind_timelimit" | simple_entry "timelimit" | simple_entry "idle_timelimit" | simple_entry "reconnect_sleeptime" | simple_entry "reconnect_retrytime" | simple_entry "ssl" | simple_entry "tls_reqcert" | simple_entry "tls_cacertdir" | simple_entry "tls_cacertfile" | simple_entry "tls_randfile" | simple_entry "tls_ciphers" | simple_entry "tls_cert" | simple_entry "tls_key" | simple_entry "pagesize" | simple_entry_opt_list_value "nss_initgroups_ignoreusers" comma | simple_entry "nss_min_uid" | simple_entry "nss_nested_groups" | simple_entry "nss_getgrent_skipmembers" | simple_entry "nss_disable_enumeration" | simple_entry "validnames" | simple_entry "ignorecase" | simple_entry "pam_authz_search" | simple_entry_quoted_value "pam_password_prohibit_message" | simple_entry "reconnect_invalidate" | simple_entry "cache" | simple_entry "log" | simple_entry "pam_authc_ppolicy"

All the combined entries.

lens

filter

Provides unit tests and examples for the Nslcd lens.
let eol = Util.eol
let empty = Util.empty
let spc = Util.del_ws_spc
let comma = Sep.comma
let comment = Util.comment
let do_dquote = Quote.do_dquote
let opt_list = Build.opt_list
let ldap_rdn = /[A-Za-z][A-Za-z]+=[A-Za-z0-9_.-]+/
let ldap_dn = ldap_rdn . (/(,)?/ . ldap_rdn)*
let ldap_filter = /\(.*\)/
let ldap_scope = /sub(tree)?|one(level)?|base/
let map_names = /alias(es)?/ | /ether(s)?/ | /group/ | /host(s)?/ | /netgroup/ | /network(s)?/ | /passwd/ | /protocol(s)?/ | /rpc/ | /service(s)?/ | /shadow/
let key_name = /[^ #\n\t\/][^ #\n\t\/]+/
let simple_entry (kw:string) = Build.key_ws_value kw
The simplest configuration option a key spc value.
let simple_entry_quoted_value (kw:string) = Build.key_value_line kw spc (do_dquote (store /.*/))
Simple entry with quoted value
let key_value_line_regexp (kw:string) (sto:regexp) = Build.key_value_line kw spc (store sto)
A simple configuration option but specifying the regex for the value.
let mapped_entry (kw:string) (sto:regexp) = [ key kw . spc . Build.key_value_line map_names spc (store sto) ]
A mapped configuration as in `filter MAP option`.
let key_value_line_regexp_opt_map (kw:string) (sto:regexp) = ( key_value_line_regexp kw sto | mapped_entry kw sto )
A mapped configuration but the MAP value is optional as in scope [MAP] value`.
let map_entry = [ key "map" . spc . [ key map_names . spc . [ key key_name . spc . store Rx.no_spaces ] ] .eol ]
A map entry as in `map MAP ATTRIBUTE NEWATTRIBUTE`.
let entries = map_entry | base_entry | scope_entry | filter_entry | simple_entry "threads" | simple_entry "uid" | simple_entry "gid" | simple_entry_opt_list_value "uri" spc | simple_entry "ldap_version" | simple_entry "binddn" | simple_entry "bindpw" | simple_entry "rootpwmoddn" | simple_entry "rootpwmodpw" | simple_entry "sasl_mech" | simple_entry "sasl_realm" | simple_entry "sasl_authcid" | simple_entry "sasl_authzid" | simple_entry "sasl_secprops" | simple_entry "sasl_canonicalize" | simple_entry "krb5_ccname" | simple_entry "deref" | simple_entry "referrals" | simple_entry "bind_timelimit" | simple_entry "timelimit" | simple_entry "idle_timelimit" | simple_entry "reconnect_sleeptime" | simple_entry "reconnect_retrytime" | simple_entry "ssl" | simple_entry "tls_reqcert" | simple_entry "tls_cacertdir" | simple_entry "tls_cacertfile" | simple_entry "tls_randfile" | simple_entry "tls_ciphers" | simple_entry "tls_cert" | simple_entry "tls_key" | simple_entry "pagesize" | simple_entry_opt_list_value "nss_initgroups_ignoreusers" comma | simple_entry "nss_min_uid" | simple_entry "nss_nested_groups" | simple_entry "nss_getgrent_skipmembers" | simple_entry "nss_disable_enumeration" | simple_entry "validnames" | simple_entry "ignorecase" | simple_entry "pam_authz_search" | simple_entry_quoted_value "pam_password_prohibit_message" | simple_entry "reconnect_invalidate" | simple_entry "cache" | simple_entry "log" | simple_entry "pam_authc_ppolicy"
All the combined entries.
Close