NAME
OSS::LDAPops - Perform operations on user accounts, groups and netgroups stored in an LDAP directory
SYSNOPSIS
#Define config hash
$GLOBAL::config =
{
LDAPHOST => 'ldap01.mydomain.net',
BINDDN => 'uid=webportal, ou=writeaccess, dc=auth, dc=mydomain,dc=net',
BASEDN => 'dc=auth,dc=mydomain,dc=net',
NISDOMAIN => 'auth.mydomain.net',
PASSWORD => 'xyzzy',
};
#Instantiate new object and connect to server
my($ldapopsobj) = OSS::LDAPops->new($GLOBAL::config);
if (ref($ldapopsobj) !~ m/OSS::LDAPops/ ) {die("Error instantiating object: $ldapopsobj")};
my($ret);
my(@retu);
#Bind server
$ldapopsobj->bind;
@retu = $ldapopsobj->searchuser($ARGV[1]);
die($retu[0]) if (($retu[0] ne undef) and (ref($retu[0]) !~ m/Net::LDAP::Entry/) );
foreach my $entry (@retu) {$entry->dump; }
#if($ret) {die($ret);};
exit;
DESCRIPTION
This module manipulates user, group and netgroup objects within an LDAP directory.
Also included is ldapops.pl. This script implements a command-line utility using OSS::LDAPops.
netgroupcache.pl is also included. This uses OSS::LDAPops to create a local cache of LDAP-backed netgroups in /etc/netgroup.
AUTHOR
Simon <simon@hacknix.net>
ASSUMPTIONS ABOUT THE DIRECTORY
This module and associated sripts make some assumptions about how your directory is configured. these include:
Storage of maxuid
Conventions for use of netgroups
nis.schema is patched to allow equalityMatch on nisNetgroupTriple objects
For more information on directory configuration, and a complete HOWTO which follows this model from installation through to implementation and host configuration, please see:
<TODO: check back soon>
METHODS
This section describes the methods that are implemented and their use.
new
#Define config hash
$GLOBAL::config =
{
LDAPHOST => 'ldap01.mydomain.net',
BINDDN => 'uid=webportal, ou=writeaccess, dc=auth, dc=lastminute,dc=com',
BASEDN => 'dc=auth,dc=mydomain,dc=net',
NISDOMAIN => 'auth.mydomain.net',
PASSWORD => 'xyzzy',
};
#Instantiate new object and connect to server
my($ldapopsobj) = OSS::LDAPops->new($GLOBAL::config);
if (ref($ldapopsobj) !~ m/OSS::LDAPops/ ) {die("Error instantiating object: $ldapopsobj")};
Instantiates an object and connects to the LDAP server. Returns an object on success and false on error.
bind
Bind to LDAP server with supplied credentials.
No arguments are accepted as the pre-supplied config values are used.
groupexists
Check to see if a group exists.
$obj->groupexists(<group>);
Returns 0 when the group does not exist. Returns 2 when the group does exists. Returns a text string on error.
userexists
Check if user exists.
$obj->userexists(<user>);
Returns 0 when the group does not exist. Returns 2 when the group does exists. Returns a text string on error.
searchuser
Search for a users entry in the directory.
$obj->searchuser(<userid>);
(the wildcard * can be used)
Returns an array of Net::LDAP:Entry objects on success Returns false on no results. Returns an error string on error.
searchnetgroup
Search for a netgroup entry in the directory.
#$obj->searchnetgroup(<group>);
(the wildcard * can be used)
Returns an array of Net::LDAP:Entry objects on success Returns false on no results. Returns an error string on error.
addhost
Add a host entry to the directory
$obj->addhost(<hostname>);
Returns a text string on error Returns false on success
addhostgroup
Add a host group entry to the directory
$obj->addhostgroup(<hostname>);
Returns a text string on error Returns false on success
addusergroup
Add a user group entry to the directory
$obj->addusergroup(<groupname>);
Returns a text string on error Returns false on success
adduser
Add a user entry to the directory
$obj->adduser(<username>);
Returns a text string on error Returns false on success
updatepw
Add a user entry to the directory
$obj->updatepw(<username>,<password>,<force reset on login [1|0]>);
Returns a text string on error Returns false on success
addusertoug
Add a user entry to a user group
$obj->addusertoug(<username>,<group>);
Returns a text string on error Returns false on success
deluserfromug
Del a user from a user gorup
$obj->deluserfromug(<username>,<group>);
Returns a text string on error Returns false on success
addhosttohg
Add a host to a host group
$obj->addhosttohg(<host>,<group>);
Returns a text string on error Returns false on success
delhostfromhg
Delete host from host group
$obj->delhostfromhg(<host>,<group>);
Returns a text string on error Returns false on success
addusertohug
add user to host user group
$obj->addusertohug(<host>,<group>);
Returns a text string on error Returns false on success
deluserfromhug
delete user from host user group
$obj->deluserfromhug(<host>,<group>);
Returns a text string on error Returns false on success
addgrouptogroup
Add a group to a group
$obj->addggrouptogroup(<ug|hg>,<host>,<group>);
Returns a text string on error Returns false on success
delgroupfromgroup
delete group from group
$obj->delgroupfromgroup(<ug|hg>,<host>,<group>);
Returns a text string on error Returns false on success
deletedn
Delete an entry by DN (use with caution)
Used to remove users and groups by DN
WARNING: it's possible to damage the tree stucture this way!!!! get it right!!
$obj=>deletedn($dn);
Returns a text string on error. Returns false on success