/ 
OSS-LDAPops-1.022
River stage zero No dependents
/ OSS::LDAPops

NAME

OSS::LDAPops - Perform operations on user accounts, groups and netgroups stored in an LDAP directory

SYSNOPSIS

#Define config hash
$GLOBAL::config = 
{
	LDAPHOST	=>	'ldap01.mydomain.net',
	BINDDN		=>	'uid=webportal, ou=writeaccess, dc=auth, dc=mydomain,dc=net',
	BASEDN		=> 	'dc=auth,dc=mydomain,dc=net',
	NISDOMAIN	=>	'auth.mydomain.net',
	PASSWORD	=>	'xyzzy',
};
#Instantiate new object and connect to server
my($ldapopsobj) = OSS::LDAPops->new($GLOBAL::config);
if (ref($ldapopsobj) !~ m/OSS::LDAPops/ ) {die("Error instantiating object: $ldapopsobj")}; 
my($ret);
my(@retu);

#Bind server
$ldapopsobj->bind;
@retu = $ldapopsobj->searchuser($ARGV[1]);
die($retu[0]) if (($retu[0] ne undef) and (ref($retu[0]) !~ m/Net::LDAP::Entry/) );
foreach my $entry (@retu) {$entry->dump; }
#if($ret) {die($ret);};
exit;

DESCRIPTION

This module manipulates user, group and netgroup objects within an LDAP directory.

Also included is ldapops.pl. This script implements a command-line utility using OSS::LDAPops.

netgroupcache.pl is also included. This uses OSS::LDAPops to create a local cache of LDAP-backed netgroups in /etc/netgroup.

AUTHOR

Simon <simon@hacknix.net>

ASSUMPTIONS ABOUT THE DIRECTORY

This module and associated sripts make some assumptions about how your directory is configured. these include:

  • Storage of maxuid

  • Conventions for use of netgroups

  • nis.schema is patched to allow equalityMatch on nisNetgroupTriple objects

For more information on directory configuration, and a complete HOWTO which follows this model from installation through to implementation and host configuration, please see:

<TODO: check back soon>

METHODS

This section describes the methods that are implemented and their use.

new

#Define config hash
$GLOBAL::config = 
{
	LDAPHOST	=>	'ldap01.mydomain.net',
	BINDDN		=>	'uid=webportal, ou=writeaccess, dc=auth, dc=lastminute,dc=com',
	BASEDN		=> 	'dc=auth,dc=mydomain,dc=net',
	NISDOMAIN	=>	'auth.mydomain.net',
	PASSWORD	=>	'xyzzy',
};
#Instantiate new object and connect to server
my($ldapopsobj) = OSS::LDAPops->new($GLOBAL::config);
if (ref($ldapopsobj) !~ m/OSS::LDAPops/ ) {die("Error instantiating object: $ldapopsobj")};

Instantiates an object and connects to the LDAP server. Returns an object on success and false on error.

bind

#Bind to LDAP server with supplied credentials. 
#
#No arguments are accepted as the pre-supplied config
#values are used.

groupexists

Check to see if a group exists.

$obj->groupexists(<group>);

Returns 0 when the group does not exist. Returns 2 when the group does exists. Returns a text string on error.

userexists

Check if user exists.

$obj->userexists(<user>);

Returns 0 when the group does not exist. Returns 2 when the group does exists. Returns a text string on error.

searchuser

Search for a users entry in the directory.

$obj->searchuser(<userid>);

(the wildcard * can be used)

Returns an array of Net::LDAP:Entry objects on success Returns false on no results. Returns an error string on error.

searchnetgroup

Search for a netgroup entry in the directory.

#$obj->searchnetgroup(<group>);

(the wildcard * can be used)

Returns an array of Net::LDAP:Entry objects on success Returns false on no results. Returns an error string on error.

addhost

Add a host entry to the directory

$obj->addhost(<hostname>);

Returns a text string on error Returns false on success

addhostgroup

Add a host group entry to the directory

$obj->addhostgroup(<hostname>);

Returns a text string on error Returns false on success

addusergroup

Add a user group entry to the directory

$obj->addusergroup(<groupname>);

Returns a text string on error Returns false on success

adduser

Add a user entry to the directory

$obj->adduser(<username>);

Returns a text string on error Returns false on success

updatepw

Add a user entry to the directory

$obj->updatepw(<username>,<password>,<force reset on login [1|0]>);

Returns a text string on error Returns false on success

addusertoug

Add a user entry to a user group

$obj->addusertoug(<username>,<group>);

Returns a text string on error Returns false on success

deluserfromug

Del a user from a user gorup

$obj->deluserfromug(<username>,<group>);

Returns a text string on error Returns false on success

addhosttohg

Add a host to a host group

$obj->addhosttohg(<host>,<group>);

Returns a text string on error Returns false on success

delhostfromhg

Delete host from host group

$obj->delhostfromhg(<host>,<group>);

Returns a text string on error Returns false on success

addusertohug

add user to host user group

$obj->addusertohug(<host>,<group>);

Returns a text string on error Returns false on success

deluserfromhug

delete user from host user group

$obj->deluserfromhug(<host>,<group>);

Returns a text string on error Returns false on success

addgrouptogroup

Add a group to a group

$obj->addggrouptogroup(<ug|hg>,<host>,<group>);

Returns a text string on error Returns false on success

delgroupfromgroup

delete group from group

$obj->delgroupfromgroup(<ug|hg>,<host>,<group>);

Returns a text string on error Returns false on success

deletedn

Delete an entry by DN (use with caution)

Used to remove users and groups by DN

WARNING: it's possible to damage the tree stucture this way!!!! get it right!!

$obj=>deletedn($dn);

Returns a text string on error. Returns false on success