NAME

OSS::LDAPops - Perform operations on user accounts, groups and netgroups stored in an LDAP directory

SYSNOPSIS

#Define config hash
$GLOBAL::config = 
{
	LDAPHOST	=>	'ldap01.mydomain.net',
	BINDDN		=>	'uid=webportal, ou=writeaccess, dc=auth, dc=mydomain,dc=net',
	BASEDN		=> 	'dc=auth,dc=mydomain,dc=net',
	NISDOMAIN	=>	'auth.mydomain.net',
	PASSWORD	=>	'xyzzy',
};
#Instantiate new object and connect to server
my($ldapopsobj) = OSS::LDAPops->new($GLOBAL::config);
if (ref($ldapopsobj) !~ m/OSS::LDAPops/ ) {die("Error instantiating object: $ldapopsobj")}; 
my($ret);
my(@retu);

#Bind server
$ldapopsobj->bind;
@retu = $ldapopsobj->searchuser($ARGV[1]);
die($retu[0]) if (($retu[0] ne undef) and (ref($retu[0]) !~ m/Net::LDAP::Entry/) );
foreach my $entry (@retu) {$entry->dump; }
#if($ret) {die($ret);};
exit;

DESCRIPTION

This module manipulates user, group and netgroup objects within an LDAP directory.

Also included is ldapops.pl. This script implements a command-line utility using OSS::LDAPops.

netgroupcache.pl is also included. This uses OSS::LDAPops to create a local cache of LDAP-backed netgroups in /etc/netgroup.

AUTHOR

Simon <simon@hacknix.net>

ASSUMPTIONS ABOUT THE DIRECTORY

This module and associated sripts make some assumptions about how your directory is configured. these include:

  • Storage of maxuid

  • Conventions for use of netgroups

  • nis.schema is patched to allow equalityMatch on nisNetgroupTriple objects

For more information on directory configuration, and a complete HOWTO which follows this model from installation through to implementation and host configuration, please see:

<TODO: check back soon>

METHODS

This section describes the methods that are implemented and their use.

new

#Define config hash
$GLOBAL::config = 
{
	LDAPHOST	=>	'ldap01.mydomain.net',
	BINDDN		=>	'uid=webportal, ou=writeaccess, dc=auth, dc=lastminute,dc=com',
	BASEDN		=> 	'dc=auth,dc=mydomain,dc=net',
	NISDOMAIN	=>	'auth.mydomain.net',
	PASSWORD	=>	'xyzzy',
};
#Instantiate new object and connect to server
my($ldapopsobj) = OSS::LDAPops->new($GLOBAL::config);
if (ref($ldapopsobj) !~ m/OSS::LDAPops/ ) {die("Error instantiating object: $ldapopsobj")}; 

Instantiates an object and connects to the LDAP server. Returns an object on success and false on error.

bind

Bind to LDAP server with supplied credentials.

No arguments are accepted as the pre-supplied config values are used.

groupexists

Check to see if a group exists.

$obj->groupexists(<group>);

Returns 0 when the group does not exist. Returns 2 when the group does exists. Returns a text string on error.

userexists

Check if user exists.

$obj->userexists(<user>);

Returns 0 when the group does not exist. Returns 2 when the group does exists. Returns a text string on error.

searchuser

Search for a users entry in the directory.

$obj->searchuser(<userid>);

(the wildcard * can be used)

Returns an array of Net::LDAP:Entry objects on success Returns false on no results. Returns an error string on error.

searchnetgroup

Search for a netgroup entry in the directory.

#$obj->searchnetgroup(<group>);

(the wildcard * can be used)

Returns an array of Net::LDAP:Entry objects on success Returns false on no results. Returns an error string on error.

addhost

Add a host entry to the directory

$obj->addhost(<hostname>);

Returns a text string on error Returns false on success

addhostgroup

Add a host group entry to the directory

$obj->addhostgroup(<hostname>);

Returns a text string on error Returns false on success

addusergroup

Add a user group entry to the directory

$obj->addusergroup(<groupname>);

Returns a text string on error Returns false on success

adduser

Add a user entry to the directory

$obj->adduser(<username>);

Returns a text string on error Returns false on success

updatepw

Add a user entry to the directory

$obj->updatepw(<username>,<password>,<force reset on login [1|0]>);

Returns a text string on error Returns false on success

addusertoug

Add a user entry to a user group

$obj->addusertoug(<username>,<group>);

Returns a text string on error Returns false on success

deluserfromug

Del a user from a user gorup

$obj->deluserfromug(<username>,<group>);

Returns a text string on error Returns false on success

addhosttohg

Add a host to a host group

$obj->addhosttohg(<host>,<group>);

Returns a text string on error Returns false on success

delhostfromhg

Delete host from host group

$obj->delhostfromhg(<host>,<group>);

Returns a text string on error Returns false on success

addusertohug

add user to host user group

$obj->addusertohug(<host>,<group>);

Returns a text string on error Returns false on success

deluserfromhug

delete user from host user group

$obj->deluserfromhug(<host>,<group>);

Returns a text string on error Returns false on success

addgrouptogroup

Add a group to a group

$obj->addggrouptogroup(<ug|hg>,<host>,<group>);

Returns a text string on error Returns false on success

delgroupfromgroup

delete group from group

$obj->delgroupfromgroup(<ug|hg>,<host>,<group>);

Returns a text string on error Returns false on success

deletedn

Delete an entry by DN (use with caution)

Used to remove users and groups by DN

WARNING: it's possible to damage the tree stucture this way!!!! get it right!!

$obj=>deletedn($dn);

Returns a text string on error. Returns false on success