Defined Type: openldap::server::access_wrapper
- Defined in:
- manifests/server/access_wrapper.pp
Overview
Define openldap::server::access_wrapper
Generate access from a given hash.
Parameters
- suffix
-
Default: $name Mandatory. The suffix to apply acls
- acl
-
Default: Mandatory. Array of Hash in the form { <what> => <access>, … }
example:
$acl = [ { 'to *' => [ 'by dn.base="cn=replicator,dc=suretecsystems,dc=com" write', 'by * break' ], }, { 'to dn.base=""' => [ 'by * read', ], }, { 'to dn.base="cn=Subschema"' => [ 'by * read', ], }, { 'to dn.subtree="cn=Monitor"' => [ 'by dn.exact="uid=admin,dc=suretecsystems,dc=com" write', 'by users read', 'by * none', ], }, { 'to *' => [ 'by self write', 'by * none', ] }, ]
48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 |
# File 'manifests/server/access_wrapper.pp', line 48
define openldap::server::access_wrapper (
Array[Hash[Pattern[/\Ato\s/], Array[Openldap::Access_rule], 1, 1]] $acl,
String[1] $suffix = $name,
) {
# Parse ACL
# lint:ignore:strict_indent
$acl_yaml = inline_template(@("RUBY"))
<%=
position = -1
@acl.map do |acl|
acl.map do |to, access|
position = position + 1
{
"#{position} on #{@suffix}" => {
"position" => position,
"what" => to[/\Ato (.*)/, 1],
"access" => access,
"suffix" => "#{@suffix}",
}
}
end
end.flatten.reduce({}, :update).to_yaml
%>
| RUBY
# lint:endignore
$hash = parseyaml($acl_yaml)
$hash_keys = keys($hash)
openldap::server::iterate_access { $hash_keys :
hash => $hash,
}
}
|