Interacting with directory services

Table of contents

Active directory example

bundle agent active_directory
{
  vars:
    # NOTE: Edit this to your domain, e.g. "corp", may also need more DC's after it
    "domain_name" string => "cftesting";
    "user_name" string => "Guest";

    # NOTE: We can also extract data from remote Domain Controllers
    dummy.DomainController::
      "domain_controller" string => "localhost";

      "userlist"
        slist => ldaplist(
          "ldap://$(domain_controller)",
          "CN=Users,DC=$(domain_name),DC=com",
          "(objectClass=user)",
          "sAMAccountName",
          "subtree",
          "none"
        );

  classes:
    dummy.DomainController::
      "gotuser"
        expression => ldaparray(
          "userinfo",
          "ldap://$(domain_controller)",
          "CN=$(user_name),CN=Users,DC=$(domain_name),DC=com",
          "(name=*)",
          "subtree",
          "none"
        );

  reports:
    dummy.DomainController::
      'Username is "$(userlist)"';

    dummy.gotuser::
      "Got user data; $(userinfo[name]) has logged on $(userinfo[logonCount]) times";
}

Active list users directory example

bundle agent ldap
{
  vars:
    "userlist"
      slist => ldaplist(
        "ldap://cf-win2003",
        "CN=Users,DC=domain,DC=cf-win2003",
        "(objectClass=user)",
        "sAMAccountName",
        "subtree",
        "none"
      );

  reports:
    'Username: "$(userlist)"';
}

Active directory show users example

bundle agent ldap
{
  classes:
    "gotdata"
      expression => ldaparray(
        "myarray",
        "ldap://cf-win2003",
        "CN=Test Pilot,CN=Users,DC=domain,DC=cf-win2003",
        "(name=*)",
        "subtree",
        "none"
      );

  reports:
    gotdata::
      "Got user data";

    !gotdata::
      "Did not get user data";
}

LDAP interactions

body common control
{
  bundlesequence => { "ldap", "followup" };
}
bundle agent ldap
{
  vars:
    # Get the first matching value for "uid"
    "value"
      string => ldapvalue(
        "ldap://eternity.iu.hio.no",
        "dc=cfengine,dc=com",
        "(sn=User)",
        "uid",
        "subtree",
        "none"
      );

    # Get all matching values for "uid" - should be a single record match
    "list"
      slist => ldaplist(
        "ldap://eternity.iu.hio.no",
        "dc=cfengine,dc=com",
        "(sn=User)",
        "uid",
        "subtree",
        "none"
      );

  classes:
    "gotdata"
      expression => ldaparray(
        "myarray",
        "ldap://eternity.iu.hio.no",
        "dc=cfengine,dc=com",
        "(uid=mark)",
        "subtree",
        "none"
      );

    "found"
      expression => regldap(
        "ldap://eternity.iu.hio.no",
        "dc=cfengine,dc=com",
        "(sn=User)",
        "uid",
        "subtree",
        "jon.*",
        "none"
      );

  reports:
    linux::
      "LDAP VALUE $(value) found";
      "LDAP LIST VALUE $(list)";

    gotdata::
      "Found specific entry data  ...$(ldap.myarray[uid]),$(ldap.myarray[gecos]), etc";

    found::
      "Matched regex";
}

bundle agent followup
{
  reports:
    linux::
      "Different bundle ...$(ldap.myarray[uid]),$(ldap.myarray[gecos]),...";
}

Interacting with directory services

Active directory example

Active list users directory example

Active directory show users example

LDAP interactions

Still need help?