CipUX::Storage (3pm)

version 3.4.0.2

  use CipUX::Storage;

The CipUX Storage abstraction layer is a generic abstract class, which can be used to access \s-1LDAP\s0 servers via Perl by issuing simple actions and via shell command line interface. It was tested with openLDAP version 3. The layer is capable of operating on different sets of \s-1LDAP\s0 nodes. A set of nodes might be defined by an \s-1LDAP\s0 objectClass or \s-1LDAP\s0 attribute. Example: cipuxAccount or posixAccount. The number of objects inside a set might be ranged from one to many. The abstraction layer performs a method on a set of nodes. Valid methods are: 'get', 'set', 'get-all', 'set-all' on \s-1LDAP\s0 attribute values and 'add', 'delete', 'rename' on \s-1LDAP\s0 nodes.

It provides the functions get_value, set_value to modify \s-1LDAP\s0 attribute values. The function add_node, delete_node and rename_node for adding, deleting and renaming \s-1LDAP\s0 objects.

The following functions will be exported by CipUX::Storage.

\s-1BUILD\s0

This is the constructor, see new.

use CipUX::Storage;

use base qw(CipUX::Storage);

my $storage = CipUX::Storage->new();

\s-1DEMOLISH\s0

This is the destructor.

get_value

The get_value queries the \s-1LDAP\s0 and returns one ore more values depending on the parameter 'scope'.

Syntax:

eval {

my $object = 'ckuelker'; my $attribute = 'cipuxFirstname'; my $type = 'all_user_node'; $value_hr = $ldap->get_value({ scope=>'one', type=>$type, obj=>$object, attr_ar=>[$attribute] }); } or croak "ERROR: can't get value: $@!" if $@;

returns one value:

%$ret_hr = ( 'ckuelker' => { 'cipuxFirstname' => ['Christian'], } );

eval {

my $object = ''; my $attribute = 'cipuxFirstname'; my $type = 'all_user_node'; $value_hr = $ldap->get_value({ scope=>'all', type=>$type, obj=>$object, attr_ar=>[$attribute] }); } or croak "ERROR: can't get value: $@!" if $@;

%$ret_hr = ( 'ckuelker' => { 'cipuxFirstname' => ['Christian'], 'cipuxLastname' => ['Kuelker'], }, 'xoswald' => { 'cipuxFirstname' => ['Xavier'], 'cipuxLastname' => ['Oswald'], },

);

Return values

%ret = ( 'ckuelker' => { 'cipuxFirstname' => ['Christian'], 'cipuxLastname' => ['Kuelker'], }

set_value

Sets a value for a given object in the \s-1LDAP\s0 database.

my $rslt = set_value( { obj=>$obj, attr_ar=>$attr_ar, changes=>$changes, scope=>$scope, escope=>$escope, type=>$type } ;

obj: object attr_ar: reference to an array of LDAP attributes and values changes: scope: 'one|all' set/modify value escope: 'one|all|none' erase scope type:

Modify Syntax

my $msg = $ldap->modify( $dn, changes => [ # add sn=Baggins add => [ sn => 'Baggins' ], # delete all fax numbers delete => [ faxNumber => []], # delete phone number 911 delete => [ telephoneNumber => ['911']], # change email address replace => [ mail => '[email protected]'] ] );

add_node

Adds an \s-1LDAP\s0 node to the \s-1LDAP\s0 database.

my $rslt = $cipux->add_node({obj=>$obj, type=>$type, attr_hr=>$attr_hr});

obj : The object to be added type: kind of object to be added attr_hr: Hash reference with 'ldap_attribute=>value' structure

$rslt: is the reslult from Net::LDAP add

delete_node

Deletes an \s-1LDAP\s0 node from the \s-1LDAP\s0 database.

my $rslt = $cipux->delete_node( { obj=>$obj, type=>$type } );

obj : The object to be added type: kind of object to be added

$rslt: is the result from Net::LDAP delete

rename_node

Rename an \s-1LDAP\s0 node of the \s-1LDAP\s0 database.

my $rslt = $cipux->rename_node({obj=>$obj, type=>$type, value=>$value });

obj : The object to be added type: kind of object to be added value: The new name

$rslt: is the result from Net::LDAP rename

_ldap_start

Binds to the \s-1LDAP\s0 server.

my %access = (); $access_cfg{ident $self}->{uri} = 'ldap://localhost'; $access_cfg{ident $self}->{bind_dn} = 'cn=admin,dc=nodomain'; $access_cfg{ident $self}->{password} = 'secret'; my $ldap = $cipux->_ldap_start();

$ldap: is the LDAP Perl object returned from Net::LDAP.

_ldap_start

Unbinds from the \s-1LDAP\s0 server.

my $msg = $cipux->_ldap_end( { ldap=>$ldap} );

$msg: is the message returned from Net::LDAP.

list_storage_type

Lists all CipUX \s-1LDAP\s0 nodes entities, sorted.

my $list_ar = $cipux->list_type( { ldap=>$ldap} );

$list_ar: reference to an array of sorted CipUX LDAP entities.

_ldap_struct

Parses cipux-storage.perl with for object, type, filter of a given scope. It also performs some simple validation of that file.

my $ldap_structure_hr = $cipux->_ldap_struct( { obj=>$obj, type=>$type, scope=>$scope, filter=>$filter });

$ldap_structure_hr: returns a structure hash reference

oid_number_supremum

Searches the storage database for uidNumber and gidNumber. It returns the one number above the largest number or the minimum number in the number range for users and groups.

To perform the search it uses get_value (the storage layer itself).

get_sid

Retrieve sambaSID and return it if successful

cipux-access.ini

The CipUX access configuration has the following entries:

[ldap] uri = ldaps://ldap bind_dn = cn=cipuxroot,dc=nodomain base_dn = ou=CipUX,dc=nodomain password = secret system = debian customer =

cipux_storage.perl

The storage structure configuration might look like this:

$cfg = { 'structure' => { all_group_node => { desc => 'access to all CN group objects', struc_rdn => 'ou=Group', dn_attr => 'cn', filter => '(cn=?)', }, all_user_node => { desc => 'access to all system UID objects', struc_rdn => 'ou=User', dn_attr => 'uid', filter => '(uid=?)', }, course_group_node => { desc => 'access to all system GID objects', struc_rdn => 'ou=Group', dn_attr => 'cn', filter => '&(cn=?)(groupType=public)', }, }, }

\s-1TODO\s0

See cipux-access.ini and cipux-storage.perl man page for details on configuration. CipUX::Storage do not use the environment for configuration.

Carp Class::Std CipUX Data::Dumper English Net::LDAP Log::Log4perl Readonly utf8 version

Not known.

Not known.

See the CipUX web page and the manual at <http://www.cipux.org>

See the mailing list http://sympa.cipworx.org/wws/info/cipux-devel <http://sympa.cipworx.org/wws/info/cipux-devel>

Christian Kuelker <[email protected]>

Copyright (C) 2007 - 2009 by Christian Kuelker

This program is free software; you can redistribute it and/or modify it under the terms of the \s-1GNU\s0 General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but \s-1WITHOUT\s0 \s-1ANY\s0 \s-1WARRANTY\s0; without even the implied warranty of \s-1MERCHANTABILITY\s0 or \s-1FITNESS\s0 \s-1FOR\s0 A \s-1PARTICULAR\s0 \s-1PURPOSE\s0. See the \s-1GNU\s0 General Public License for more details.

You should have received a copy of the \s-1GNU\s0 General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, \s-1MA\s0 02111-1307 \s-1USA\s0