logstash-filter-LDAPresolve 0.1.1 → 0.1.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +14 -0
- data/lib/logstash/filters/LDAPresolve.rb +10 -6
- data/logstash-filter-LDAPresolve.gemspec +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: de57dc6b5130f9fd6c2cf254692aef06a80baebf
|
|
4
|
+
data.tar.gz: db27910914b47e409ab783633fce0da877c51fa9
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 43a16fe0a4786385b9b18d3e439f403a3a8b6f02902e23a712ecf599367c21f667361ab3e6196e972b550f048662a60c2607267314ec2f1628cc3c69ef520d72
|
|
7
|
+
data.tar.gz: aa19a0e86dbf5cff46c1d0c6ef7df4d503f6235a91b03d913be565de2f6b54c5515cc710f69261d75772f4b1ed8fe318fb6ae989a97c361fd7310b899f1bb823
|
data/README.md
CHANGED
|
@@ -104,6 +104,20 @@ LDAPresolve {
|
|
|
104
104
|
}
|
|
105
105
|
```
|
|
106
106
|
|
|
107
|
+
uidNumber can be dynamic and include parts of the event using the %{field} syntax.
|
|
108
|
+
eg assume we have the uidNumber previously stored in the envent's field 'uid'
|
|
109
|
+
We can then use
|
|
110
|
+
```sh
|
|
111
|
+
LDAPresolve {
|
|
112
|
+
uidNumber => "%{uid}"
|
|
113
|
+
host => "ldap.somewhere.org"
|
|
114
|
+
userdn => "ou=users,dc=somewhere,dc=org"
|
|
115
|
+
groupdn => "ou=groups,dc=somewhere,dc=org"
|
|
116
|
+
}
|
|
117
|
+
|
|
118
|
+
```
|
|
119
|
+
|
|
120
|
+
|
|
107
121
|
#### auxiliary arguments
|
|
108
122
|
|
|
109
123
|
if your LDAP server use another port than the (339) default one
|
|
@@ -36,7 +36,7 @@ require "logstash/namespace"
|
|
|
36
36
|
# [source, ruby]
|
|
37
37
|
# filter {
|
|
38
38
|
# LDAPresolve {
|
|
39
|
-
# uidNumber => uidNumber to resolve
|
|
39
|
+
# uidNumber => uidNumber to resolve, you can also use "%{field name}" syntax
|
|
40
40
|
# host => "my.LDAP.Server"
|
|
41
41
|
# userdn => "Domain Name to search for users information"
|
|
42
42
|
# groupdn => "Domain Name to search for group information"
|
|
@@ -123,24 +123,28 @@ class LogStash::Filters::LDAPresolve < LogStash::Filters::Base
|
|
|
123
123
|
|
|
124
124
|
public
|
|
125
125
|
def filter(event)
|
|
126
|
+
# extract uid value from event
|
|
127
|
+
uid2resolve = event.sprintf(@uidNumber)
|
|
128
|
+
|
|
129
|
+
#STDERR.puts "UID:#{uid2resolve}"
|
|
126
130
|
exitstatus = @SUCCESS
|
|
127
131
|
##--- first check cache for provided uidNumber
|
|
128
132
|
cached = false
|
|
129
133
|
if @useCache
|
|
130
|
-
cached = cached?(
|
|
134
|
+
cached = cached?(uid2resolve)
|
|
131
135
|
end
|
|
132
136
|
|
|
133
137
|
if cached
|
|
134
138
|
login, user , group = cached
|
|
135
139
|
else
|
|
136
|
-
@logger.info("prompt LDAP for #{
|
|
140
|
+
@logger.info("prompt LDAP for #{uid2resolve} informations")
|
|
137
141
|
if use_ssl
|
|
138
142
|
conn = LDAP::SSLConn.new(host=@host, port=@ldaps_port)
|
|
139
143
|
else
|
|
140
144
|
conn = LDAP::Conn.new(host=@host, port=@ldap_port)
|
|
141
145
|
end
|
|
142
146
|
|
|
143
|
-
res = ldapsearch(conn,
|
|
147
|
+
res = ldapsearch(conn, uid2resolve)
|
|
144
148
|
user = res['user']
|
|
145
149
|
group = res['group']
|
|
146
150
|
login = res['login']
|
|
@@ -148,7 +152,7 @@ class LogStash::Filters::LDAPresolve < LogStash::Filters::Base
|
|
|
148
152
|
errmsg = res['err']
|
|
149
153
|
|
|
150
154
|
##--- cache infos.
|
|
151
|
-
cacheUID(
|
|
155
|
+
cacheUID(uid2resolve, login, user, group)
|
|
152
156
|
end
|
|
153
157
|
|
|
154
158
|
##--- finaly change event to embed login, user and group information
|
|
@@ -206,7 +210,7 @@ class LogStash::Filters::LDAPresolve < LogStash::Filters::Base
|
|
|
206
210
|
scope = LDAP::LDAP_SCOPE_SUBTREE
|
|
207
211
|
##--- search LDAP for the user name
|
|
208
212
|
begin
|
|
209
|
-
conn.search(@userdn, scope, "(& (objectclass=posixAccount) (uidNumber=#{
|
|
213
|
+
conn.search(@userdn, scope, "(& (objectclass=posixAccount) (uidNumber=#{uidNumber}))", @userattrs) { |entry|
|
|
210
214
|
|
|
211
215
|
# convert entry object to hash for easier manipulation
|
|
212
216
|
hashEntry = {}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
s.name = 'logstash-filter-LDAPresolve'
|
|
3
|
-
s.version = '0.1.
|
|
3
|
+
s.version = '0.1.2'
|
|
4
4
|
s.licenses = ['Apache License (2.0)']
|
|
5
5
|
s.summary = "This filter adds infodrmation fields from LDAP server based on the provided uid."
|
|
6
6
|
s.description = "This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program"
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-filter-LDAPresolve
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Eric Deveaud
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-07-
|
|
11
|
+
date: 2015-07-15 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: logstash-core
|