puppet/user/scripts/update-classes.rb

require 'set'
require 'uri'
require 'ldap'

basedn = ''
conn = ''

File.readlines('/etc/openldap/ldap.conf').each do |line|
    line = line.strip
    next if line.empty?
    next if line.start_with?('#')
    line = line.split
    if line[0] == 'BASE'
        basedn = line[1]
    elsif line[0] == 'URI'
        line.shift
        line.each do |uri|
            uri = URI.parse(uri)
            begin
                if uri.scheme == 'ldaps'
                    uri.port = 636 unless uri.port
                    conn = LDAP::SSLConn.new(uri.host, uri.port)
                else
                    uri.port = 389 unless uri.port
                    conn = LDAP::Conn.new(uri.host, uri.port)
                end
                conn.bind
                break
            rescue LDAP::ResultError
                next
            end
        end
    end
end

user_pp = []
group_pp = []

groups = {}

conn.search(basedn, LDAP::LDAP_SCOPE_SUBTREE,
            'objectClass=posixAccount', ['uid', 'gidNumber']) do |entry|
    dn = entry.get_dn
    uid = entry['uid'][0]

    # skip samba machine accounts
    next if uid.include?('?')

    gids = Set.new

    # find primary group
    filter = '(&(objectClass=posixGroup)(gidNumber=%s))' % entry['gidNumber'][0]
    conn.search(basedn, LDAP::LDAP_SCOPE_SUBTREE, filter, ['cn']) do |group|
        gid = group['cn'][0]
        gids << gid
        groups[gid] = Set.new unless groups.has_key?(gid)
        groups[gid] << uid
    end

    # find supplementary groups
    filter = '(&(objectClass=posixGroup)(|(uniqueMember=%s)(memberUid=%s)))' % [ dn, uid ]
    conn.search(basedn, LDAP::LDAP_SCOPE_SUBTREE, filter, ['cn']) do |group|
        gid = group['cn'][0]
        gids << gid
        groups[gid] = Set.new unless groups.has_key?(gid)
        groups[gid] << uid
    end

    user_pp << "class user::user::%s inherits user::virtual {\n\n" % uid
    user_pp << "    realize(User::Add[\"%s\"])\n" % uid
    gids.sort.each do |gid|
        user_pp << "    realize(Group[\"%s\"])\n" % gid
    end
    user_pp << "\n}\n\n"
end

groups.each do |gid, uids|
    next if uids.length == 1 and uids.include?(gid)
    group_pp << "class user::group::%s {\n\n" % gid
    uids.sort.each do |uid|
        group_pp << "    include user::user::%s\n" % uid
    end
    group_pp << "\n}\n\n"
end

puts user_pp if ARGV.include?("-u")
puts group_pp if ARGV.include?("-g")