NAME
ZConf::backends::ldap - This provides LDAP backend for ZConf.
VERSION
Version 0.1.0
METHODS
new
my $zconf=ZConf->(\%args);This initiates the ZConf object. If it can't be initiated, a value of undef is returned. The hash can contain various initization options.
When it is run for the first time, it creates a filesystem only config file.
args hash
sys
This turns system mode on. And sets it to the specified system name.
This is incompatible with the file option.
self
This is the copy of the ZConf object intiating it.
zconf
This is the variables found in the ~/.config/zconf.zml.
my $backend=ZConf::backends::ldap->new( \%args );
if($zconf->{error}){
warn('error: '.$zconf->error.":".$zconf->errorString);
}config2dn
This method converts the config name into part of a DN string. IT is largely only for internal use and is used by the LDAP backend.
my $partialDN = $zconf->config2dn("foo/bar");
if($zconf->error){
warn('error: '.$zconf->error.":".$zconf->errorString);
}configExists
This method methods exactly the same as configExists, but for the LDAP backend.
No config name checking is done to verify if it is a legit name or not as that is done in configExists. The same is true for calling errorBlank.
$zconf->configExistsLDAP("foo/bar")
if($zconf->error){
warn('error: '.$zconf->error.":".$zconf->errorString);
}createConfig
This methods just like createConfig, but is for the LDAP backend. This is not really meant for external use. The config name passed is not checked to see if it is legit or not.
$zconf->createConfigLDAP("foo/bar")
if($zconf->error){
warn('error: '.$zconf->error.":".$zconf->errorString);
};delConfig
This removes a config. Any sub configs will need to removes first. If any are present, this method will error.
#removes 'foo/bar'
$zconf->delConfig('foo/bar');
if($zconf->error){
warn('error: '.$zconf->error.":".$zconf->errorString);
}delSet
This deletes a specified set, for the LDAP backend.
Two arguements are required. The first one is the name of the config and the and the second is the name of the set.
$zconf->delSet("foo/bar", "someset");
if($zconf->error){
warn('error: '.$zconf->error.":".$zconf->errorString);
}getAvailableSets
This is exactly the same as getAvailableSets, but for the file back end. For the most part it is not intended to be called directly.
my @sets = $zconf->getAvailableSetsLDAP("foo/bar");
if($zconf->error){
warn('error: '.$zconf->error.":".$zconf->errorString);
}getConfigRevision
This fetches the revision for the speified config using the LDAP backend.
A return of undef means that the config has no sets created for it yet or it has not been read yet by 2.0.0 or newer.
my $revision=$zconf->getConfigRevision('some/config');
if($zconf->error){
warn('error: '.$zconf->error.":".$zconf->errorString);
}
if(!defined($revision)){
print "This config has had no sets added since being created or is from a old version of ZConf.\n";
}getSubConfigs
This gets any sub configs for a config. "" can be used to get a list of configs under the root.
One arguement is accepted and that is the config to look under.
#lets assume 'foo/bar' exists, this would return
my @subConfigs=$zconf->getSubConfigs("foo");
if($zconf->error){
warn('error: '.$zconf->error.":".$zconf->errorString);
}isConfigLocked
This checks if a config is locked or not for the LDAP backend.
One arguement is required and it is the name of the config.
The returned value is a boolean value.
my $locked=$zconf->isConfigLockedLDAP('some/config');
if($zconf->error){
warn('error: '.$zconf->error.":".$zconf->errorString);
}
if($locked){
print "The config is locked\n";
}LDAPconnect
This generates a Net::LDAP object based on the LDAP backend.
my $ldap=$zconf->LDAPconnect();
if($zconf->error){
warn('error: '.$zconf->error.":".$zconf->errorString);
}LDAPgetConfMessage
Gets a Net::LDAP::Message object that was created doing a search for the config with the scope set to base.
#gets it for 'foo/bar'
my $mesg=$zconf->LDAPgetConfMessage('foo/bar');
#gets it using $ldap for the connection
my $mesg=$zconf->LDAPgetConfMessage('foo/bar', $ldap);
if($zconf->error){
warn('error: '.$zconf->error.":".$zconf->errorString);
}LDAPgetConfMessageOne
Gets a Net::LDAP::Message object that was created doing a search for the config with the scope set to one.
#gets it for 'foo/bar'
my $mesg=$zconf->LDAPgetConfMessageOne('foo/bar');
#gets it using $ldap for the connection
my $mesg=$zconf->LDAPgetConfMessageOne('foo/bar', $ldap);
if($zconf->error){
warn('error: '.$zconf->error.":".$zconf->errorString);
}LDAPgetConfEntry
Gets a Net::LDAP::Message object that was created doing a search for the config with the scope set to base.
It returns undef if it is not found.
#gets it for 'foo/bar'
my $entry=$zconf->LDAPgetConfEntry('foo/bar');
#gets it using $ldap for the connection
my $entry=$zconf->LDAPgetConfEntry('foo/bar', $ldap);
if($zconf->error){
warn('error: '.$zconf->error.":".$zconf->errorString);
}read
readFile methods just like read, but is mainly intended for internal use only. This reads the config from the LDAP backend.
hash args
config
The config to load.
override
This specifies if override should be ran not.
If this is not specified, it defaults to 1, true.
set
The set for that config to load.
$zconf->readLDAP({config=>"foo/bar"})
if($zconf->error){
warn('error: '.$zconf->error.":".$zconf->errorString);
}readChooser
This methods just like readChooser, but methods on the LDAP backend and only really intended for internal use.
my $chooser = $zconf->readChooserLDAP("foo/bar");
if($zconf->error){
warn('error: '.$zconf->error.":".$zconf->errorString);
}setExists
This checks if the specified set exists.
Two arguements are required. The first arguement is the name of the config. The second arguement is the name of the set. If no set is specified, the default set is used. This is done by calling 'defaultSetExists'.
my $return=$zconf->setExists("foo/bar", "fubar");
if($zconf->error){
warn('error: '.$zconf->error.":".$zconf->errorString);
}else{
if($return){
print "It exists.\n";
}
}setLockConfig
This unlocks or logs a config for the LDAP backend.
Two arguements are taken. The first is a the config name, required, and the second is if it should be locked or unlocked
#lock 'some/config'
$zconf->setLockConfigLDAP('some/config', 1);
if($zconf->{error}){
warn('error: '.$zconf->error.":".$zconf->errorString);
}
#unlock 'some/config'
$zconf->setLockConfigLDAP('some/config', 0);
if($zconf->{error}){
warn('error: '.$zconf->error.":".$zconf->errorString);
}
#unlock 'some/config'
$zconf->setLockConfigLDAP('some/config');
if($zconf->{error}){
warn('error: '.$zconf->error.":".$zconf->errorString);
}writeChooser
This method is a internal method and largely meant to only be called writeChooser, which it methods the same as. It works on the LDAP backend.
$zconf->writeChooserLDAP("foo/bar", $chooserString)
if($zconf->error){
warn('error: '.$zconf->error.":".$zconf->errorString);
}writeSetFromHash
This takes a hash and writes it to a config for the file backend. It takes two arguements, both of which are hashes.
The first hash contains
The second hash is the hash to be written to the config.
args hash
config
The config to write it to.
This is required.
set
This is the set name to use.
If not defined, the one will be choosen.
revision
This is the revision string to use.
This is primarily meant for internal usage and is suggested that you don't touch this unless you really know what you are doing.
$zconf->writeSetFromHashLDAP({config=>"foo/bar"}, \%hash);
if($zconf->error){
warn('error: '.$zconf->error.":".$zconf->errorString);
}writeSetFromLoadedConfig
This method writes a loaded config to a to a set, for the LDAP backend.
One arguement is required.
args hash
config
The config to write it to.
This is required.
set
This is the set name to use.
If not defined, the one will be choosen.
revision
This is the revision string to use.
This is primarily meant for internal usage and is suggested that you don't touch this unless you really know what you are doing.
$zconf->writeSetFromLoadedConfigLDAP({config=>"foo/bar"});
if(defined($zconf->error)){
warn('error: '.$zconf->error.":".$zconf->errorString);
}writeSetFromZML
This writes a config set from a ZML object.
One arguement is required.
args hash
config
The config to write it to.
This is required.
set
This is the set name to use.
If not defined, the one will be choosen.
zml
This is the ZML object to use.
revision
This is the revision string to use.
This is primarily meant for internal usage and is suggested that you don't touch this unless you really know what you are doing.
$zconf->writeSetFromZML({config=>"foo/bar", zml=>$zml});
if(defined($zconf->error)){
warn('error: '.$zconf->error.":".$zconf->errorString);
}ERROR HANDLING/CODES
This module uses Error::Helper for error handling. Below are the error codes returned by the error method.
1
config name contains ,
2
config name contains /.
3
config name contains //
4
config name contains ../
5
config name contains /..
6
config name contains ^./
7
config name ends in /
8
config name starts with /
9
could not sync to file
10
config name contains a \n
11
LDAP entry already exists
12
config does not exist
13
Expected LDAP DN not found
14
ZML dump failed.
15
ZML object not passed.
16
Unable to create some of the required DN entries.
18
No variable name specified.
19
config key starts with a ' '
20
LDAP entry has no sets
21
set not found for config
22
LDAPmakepathSimple failed
23
skilling variable as it is not a legit name
24
set is not defined
25
Config is undefined.
26
Config not loaded.
27
Set name is not a legit name.
28
ZML->parse error.
29
Could not unlink the unlink the set.
30
The sets exist for the specified config.
31
Did not find a matching set.
32
Unable to choose a set.
33
Unable to remove the config as it has sub configs.
34
LDAP connection error
35
Can't use system mode and file together.
36
Could not create '/var/db/zconf'. This is a permanent error.
37
Could not create '/var/db/zconf/<sys name>'. This is a permanent error.
38
Sys name matched /\//.
39
Sys name matched /\./.
40
No chooser string specified.
41
No comment specified.
42
No meta specified.
43
Failed to open the revision file for the set.
44
Failed to open or unlink lock file.
45
Config is locked.
46
LDAP entry update failed.
47
No ZConf object passed.
48
No zconf.zml var hash passed.
ERROR CHECKING
This can be done by checking $zconf->{error} to see if it is defined. If it is defined, The number it contains is the corresponding error code. A description of the error can also be found in $zconf->{errorString}, which is set to "" when there is no error.
zconf.zml
The default is 'xdf_config_home/zconf.zml', which is generally '~/.config/zconf.zml'. See perldoc ZML for more information on the file format. The keys are listed below.
zconf.zml LDAP backend keys
backend
This should be set to 'ldap' to use this backend.
LDAPprofileChooser
This is a chooser string that chooses what LDAP profile to use. If this is not present, 'default' will be used for the profile.
ldap/<profile>/bind
This is the DN to bind to the server as.
ldap/<profile>/cafile
When verifying the server's certificate, either set capath to the pathname of the directory containing CA certificates, or set cafile to the filename containing the certificate of the CA who signed the server's certificate. These certificates must all be in PEM format.
ldap/<profile>/capath
The directory in 'capath' must contain certificates named using the hash value of the certificates' subject names. To generate these names, use OpenSSL like this in Unix:
ln -s cacert.pem `openssl x509 -hash -noout < cacert.pem`.0(assuming that the certificate of the CA is in cacert.pem.)
ldap/<profile>/checkcrl
If capath has been configured, then it will also be searched for certificate revocation lists (CRLs) when verifying the server's certificate. The CRLs' names must follow the form hash.rnum where hash is the hash over the issuer's DN and num is a number starting with 0.
ldap/<profile>/clientcert
This client cert to use.
ldap/<profile>/clientkey
The client key to use.
Encrypted keys are not currently supported at this time.
ldap/<profile>/homeDN
This is the home DN of the user in question. The user needs be able to write to it. ZConf will attempt to create 'ou=zconf,ou=.config,$homeDN' for operating out of.
ldap/<profile>/host
This is the server to use for LDAP connections.
ldap/<profile>/password
This is the password to use for when connecting to the server.
ldap/<profile>/passwordfile
Read the password from this file. If both this and password is set, then this will write over it.
ldap/<profile>/starttls
This is if it should use starttls or not. It defaults to undefined, 'false'.
ldap/<profile>/SSLciphers
This is a list of ciphers to accept. The string is in the standard OpenSSL format. The default value is 'ALL'.
ldap/<profile>/SSLversion
This is the SSL versions accepted.
'sslv2', 'sslv3', 'sslv2/3', or 'tlsv1' are the possible values. The default is 'tlsv1'.
ldap/<profile>/TLSverify
The verify mode for TLS. The default is 'none'.
ZConf LDAP Schema
# 1.3.6.1.4.1.26481 Zane C. Bowers
# .2 ldap
# .7 zconf
# .0 zconfData
# .1 zconfChooser
# .2 zconfSet
# .3 zconfRev
# .4 zconfLock
attributeType ( 1.3.6.1.4.1.26481.2.7.0
NAME 'zconfData'
DESC 'Data attribute for a zconf entry.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
EQUALITY caseExactMatch
)
attributeType ( 1.3.6.1.4.1.26481.2.7.1
NAME 'zconfChooser'
DESC 'Chooser attribute for a zconf entry.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
EQUALITY caseExactMatch
)
attributeType ( 1.3.6.1.4.1.26481.2.7.2
NAME 'zconfSet'
DESC 'A zconf set name available in a entry.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
EQUALITY caseExactMatch
)
attributeType ( 1.3.6.1.4.1.26481.2.7.3
NAME 'zconfRev'
DESC 'The revision number for a ZConf config. Bumped with each update.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
EQUALITY caseExactMatch
)
attributeType ( 1.3.6.1.4.1.26481.2.7.4
NAME 'zconfLock'
DESC 'If this is present, this config is locked.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
EQUALITY caseExactMatch
)
objectclass ( 1.3.6.1.4.1.26481.2.7
NAME 'zconf'
DESC 'A zconf entry.'
MAY ( cn $ zconfData $ zconfChooser $ zconfSet $ zconfRev $ zconfLock )
)SYSTEM MODE
This is for deamons or the like. This will read '/var/db/zconf/$sys/zconf.zml' for it's options and store the file backend stuff in '/var/db/zconf/$sys/'.
It will create '/var/db/zconf' or the sys directory, but not '/var/db'.
UTILITIES
There are several scripts installed with this module. Please see the perldocs for the utilities listed below.
zcchooser-edit
zcchooser-get
zcchooser-run
zcchooser-set
zccreate
zcget
zcls
zcrm
zcset
zcvdel
zcvlsAUTHOR
Zane C. Bowers-Hadley, <vvelox at vvelox.net>
BUGS
Please report any bugs or feature requests to bug-zconf at rt.cpan.org, or through the web interface at http://rt.cpan.org/NoAuth/ReportBug.html?Queue=ZConf. I will be notified, and then you'll automatically be notified of progress on your bug as I make changes.
SUPPORT
You can find documentation for this module with the perldoc command.
perldoc ZConfYou can also look for information at:
RT: CPAN's request tracker
AnnoCPAN: Annotated CPAN documentation
CPAN Ratings
Search CPAN
Subversion Repository
ACKNOWLEDGEMENTS
COPYRIGHT & LICENSE
Copyright 2011 Zane C. Bowers-Hadley, all rights reserved.
This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.