Table of Contents
This package is the public functional YaST2 API to configure the Bind version 9
Gets the BIND time parameter and transforms it into seconds.
Gets the time in seconds and returns BIND time format with the highest possible time unit selected.
Returns list of general DNS forwarders.
Adds a new forwarder into the list of current forwarders.
Removes forwarder from the list of current forwarders.
Checks whether the current configuration is supported by functions for getting or changing configuration by this module. User should be warned that his configuration could get demaged if he change it by this module.
Returns hash with current logging channel.
Example 9.
my $channel = GetLoggingChannel();
if ($channel->{'destination'} eq 'syslog') {
print "logging to syslog is used";
} elsif ($channel->{'destination'} eq 'file') {
print
"logging to file is used\n".
" File: ".$channel->{'filename'}.
" Max. Versions: ".$channel->{'versions'}.
" Max. Size: ".$channel->{'size'};
}Returns hash with current logging channel.
Example 10.
if ($log_to_syslog) {
$success = SetLoggingChannel(
'destination' => 'syslog'
);
} else {
$success = SetLoggingChannel(
'destination' => 'file',
'filename' => '/var/log/named.log',
'versions' => '8',
'size' => '10M',
);
}Returns list of used logging categories.
Example 11.
my $categories = GetLoggingCategories();
foreach my $category (@{$categories}) {
print "Using category: ".$category."\n";
}Returns list of used logging categories.
Example 12.
my @categories = ('default', 'xfer-in');
my $success = SetLoggingCategories(\@categories);Returns hash of possible ACLs.
Example 13.
my $acls = GetACLs();
foreach $acl_name (keys %{$acls}) {
if (defined $acls->{$acl_name}->{'default'}) {
# names: 'any', 'none', 'localnets', 'localips'
print "Default: ".$acl_name."\n";
} else {
print
"Custom: ".$acl_name." ".
"Value: ".$acls->{$acl_name}->{'value'}."\n";
}
}Returns all DNS zones administered by this DNS server.
Example 14.
my $zones = GetZones();
foreach my $zone (keys %{$zones}) {
print
"Zone Name: ".$zone." ".
"Zone Type: ".$zones->{$zone}->{'type'}."\n"; # 'master' or 'slave'
}Returns list of master servers assigned to this slave zone. Master zones do not have any master servers defined.
Example 15.
my $zone = 'example.org';
foreach my $server @(GetZoneMasterServers($zone)) {
print "Zone ".$zone." uses ".$server." master server\n";
}Sets masterservers for slave zone.
Example 16.
my @masterservers = ('192.168.32.1','192.168.32.2');
my $zone = 'example.org';
my $success = SetZoneMasterServers($zone, \@masterservers);Function creates new DNS zone. Option 'masterserver' is needed for 'slave' zone.
Example 17.
# 'master' zone
$success = AddZone(
'example.org', # zone name
'master', # zone type
{} # without options
);
# 'slave' zone
$success = AddZone(
'example.org', # zone name
'slave', # zone type
{ # 'masterserver' must be defined for 'slave' zone
'masterserver' => '192.168.64.2'
}
);Function removes a zone.
Function returns list of ACLs used for Zone Transportation.
Example 19.
my $acls = GetZoneTransportACLs('example.org');
foreach my $acl_name (@{$acls}) {
print "ACL used: ".$acl_name."\n";
}Adds ACL into ACLs allowed for Zone Transportation. ACL must be known (default or custom).
Removes ACL from ACLs allowed for Zone Transportation. ACL must be known (default or custom).
Function returns list of Zone Name Servers. Only Zone base name servers are returned.
Function returns list of hashes of Zone Mail Servers. Only Zone base mail servers are returned.
Example 23.
my $mailservers = GetZoneMailServers('example.org');
foreach my $mailserver (@{$mailservers}) {
print
"Mail Server: ".$mailserver->{'name'}." ".
"Priority: ".$mailserver->{'priority'};
}Returns list of hashes with all zone records inside. Base Zone Name and Mail Servers are filtered out.
Example 24.
my $records = GetZoneRRs('example.org');
foreach my $record (@{$records}) {
print
"Record:\n".
" Key: ".$record->{'key'}."\n". # DNS Query
" Type: ".$record->{'type'}."\n". # Resource Record Type
" Value: ".$record->{'value'}."\n"; # DNS Reply
}Adds Zone Resource Record.
Example 25.
# absolute hostname
$success = AddZoneRR(
'example.org', # zone name
'A', # record type
'dhcp25.example.org.', # record key / DNS query
'192.168.2.25', # record value / DNS reply
);
# hostname relative to the zone name
$success = AddZoneRR(
'2.168.192.id-addr.arpa', # zone name
'PTR', # record type
'25', # record key / DNS query
'dhcp25.example.org.', # record value / DNS reply
);Removes Zone Resource Record.
Example 26.
# absolute hostname
$success = RemoveZoneRR(
'example.org', # zone name
'A', # record type
'dhcp25.example.org.', # record key / DNS query
'192.168.2.25', # record value / DNS reply
);
# hostname relative to the zone name
$success = RemoveZoneRR(
'2.168.192.id-addr.arpa', # zone name
'MX', # record type
'2.168.192.id-addr.arpa.', # record key / DNS query
'10 mx1.example.org.', # record value / DNS reply
);Adds zone nameserver into the zone.
Example 27.
# relative name of the nameserver to the zone name
$success = AddZoneNameServer('example.org','ns1');
# absolute name of the nameserver ended with a dot
$success = AddZoneNameServer('example.org','ns2.example.org.');Removes zone nameserver from the zone.
Example 28.
# relative name of the nameserver to the zone name
$success = RemoveZoneNameServer('example.org','ns2');
# absolute name of the nameserver ended with a dot
$success = RemoveZoneNameServer('example.org','ns1.example.org.');Adds zone nameserver into the zone.
Example 29.
# relative name of the mailserver to the zone name
$success = AddZoneMailServer('example.org','mx1',0);
# absolute name of the mailserver ended with a dot
$success = AddZoneMailServer('example.org','mx2.example.org.',5555);Removes zone mailserver from the zone.
Example 30.
# relative name of the mailserver to the zone name
$success = RemoveZoneMailServer('example.org','mx1',0);
# absolute name of the mailserver ended with a dot
$success = RemoveZoneMailServer('example.org','mx2.example.org.',5555);Adds zone nameserver into the zone.
Example 31.
# relative name of the mailserver to the zone name
my $SOA = GetZoneSOA('example.org');
foreach my $key ('minimum', 'expiry', 'serial', 'retry', 'refresh', 'mail', 'server', 'ttl') {
print $key."=".$SOA->{$key}."\n";
}Adds zone nameserver into the zone.
Example 32.
# relative name of the mailserver to the zone name
my $SOA = {
'minimum' => '1d1H',
'expiry' => '1W2d',
'serial' => '1998121001',
'retry' => '3600',
'refresh' => '3h5M4S',
'mail' => 'root.ns1.example.org.',
'server' => 'ns1.example.org.',
'ttl' => '2d1h',
};
my $success = SetZoneSOA('example.org', $SOA);Returns reverse zone for IPv4 if such zone is administered by this DNS server.
Returns reverse ip for IPv4.
Function adds forward and reverse records into the administered zones. Zones must be both defined and they must be 'master's for the zone.
Example 35.
$success = AddHost('example.org','dhcp25','192.168.58.25');
$success = AddHost('example.org','dhcp27.example.org.','192.168.58.27');Function removes forward and reverse records from the administered zones. Forward zone must be defined, reverse zone is not needed. Both zones must be administered by this DNS server ('master's);
Example 36.
$success = RemoveHost('example.org','dhcp25.example.org.','192.168.58.25');
$success = RemoveHost('example.org','dhcp27','192.168.58.27');Returns list of Zone Hosts which have the forward and also the reverse record administered by this DNS server. If zone is not set, all zones administered by this DNS server would be checked.
Example 37.
my $hosts = GetZoneHosts();
foreach my $host (@{$hosts}) {
print
"zone: ".$host->{'zone'}." ".
"hostname: ".$host->{'key'}." ".
"ipv4: ".$host->{'value'};
}Function returns list of zone forwarders.
This package is a part of the YaST2 mail modul.
This package is the public Yast2 API to the CA management.
Returns a list of available CAs
Example 41.
my $caList = YaPI::CaManagement->ReadCAList();
if(not defined $caList) {
#error
}
foreach my $ca (@$caList) {
print $ca."\n";
}Returns a list of lists of the available CAs containing the issuer caName.
Example 42.
my $caList = YaPI::CaManagement->ReadCATree();
if(not defined $caList) {
#error
}
print Data::Dumper->Dump([$ca])."\n";Create a new selfsigned root CA and creates the whole needed infrastructure.
Example 43.
my $data = {
'caName' => 'My_CA',
'keyPasswd' => 'system',
'commonName' => 'My CA',
'emailAddress' => 'my@example.com',
'keyLength' => '2048',
'days' => '3650',
'countryName' => 'US',
'localityName' => 'New York',
'organizationName' => 'My Inc.',
};
my $res = YaPI::CaManagement->AddRootCA($data);
if( not defined $res ) {
# error
} else {
print "OK\n";
}In $valueMap you can define the following keys:
Example 44.
use Data::Dumper;
my $data = {
'caName' => 'My_CA',
'certType' => 'client'
}
$certValueMap = YaPI::CaManagement->ReadCertificateDefaults($data)
if( not defined $certValueMap ) {
# error
} else {
print Data::Dumper->Dump([$certValueMap])."\n";
}Write the default values for the available certificate types. Keys which are not present, will be removed if they are available in the configuration file.
Example 45.
my $data = {
'caName' => 'My_CA',
'certType' => 'server',
'nsComment' => '"My Server Certificate"'
};
my $res = YaPI::CaManagement->WriteCertificateDefaults($data);
if( not defined $res ) {
# error
} else {
print "OK\n";
}
}Returns a CA certificate as plain text or parsed map.
Example 46.
use Data::Dumper;
foreach my $type ("parsed", "plain", "extended") {
my $data = {
'caName' => 'My_CA',
'type' => $type
};
my $res = YaPI::CaManagement->ReadCA($data);
if( not defined $res ) {
# error
} else {
print Data::Dumper->Dump([$res])."\n";
}
}Create a request for a special CA and returns the name.
Example 47.
my $data = {
'caName' => 'My_CA',
'keyPasswd' => 'system',
'commonName' => 'My New Request',
'emailAddress' => 'my@example.com',
'keyLength' => '2048',
'days' => '365',
'countryName' => 'DE',
'localityName' => 'Nuremberg',
'stateOrProvinceName' => 'Bavaria',
'organizationName' => 'My Linux AG',
'nsComment' => "YaST Generated Certificate"
};
my $res = YaPI::CaManagement->AddRequest($data);
if( not defined $res ) {
# error
} else {
print "OK Name of the request is: '$res'\n";
}Issue a certificate and returns the name of the new certificate.
Example 48.
my $data = {
'caName' => 'My_CA',
'request' => $request,
'certType' => 'client',
'caPasswd' => 'system',
'days' => '365',
'crlDistributionPoints' => "URI:ldap://my.linux.tux/?cn=My_CA%2Cou=PKI%2Cdc=example%2Cdc=com",
'nsComment' => "YaST Generated Certificate",
};
my $res = YaPI::CaManagement->IssueCertificate($data);
if( not defined $res ) {
# error
} else {
print STDERR "OK: '$res'\n";
}Create a new Certificate and returns the name
Example 49.
my $data = {
'caName' => 'My_CA',
'certType' => 'client',
'keyPasswd' => 'system',
'caPasswd' => 'system',
'commonName' => 'John Doe',
'emailAddress' => 'John.Doe@example.com',
'keyLength' => '2048',
'days' => '365',
'countryName' => 'US',
'localityName' => 'New York',
'organizationalUnitName'=> 'IT',
'organizationName' => 'My Inc.',
'crlDistributionPoints' => "URI:ldap://ldap.example.com/?cn=My_CA%2Cou=PKI%2Cdc=example%2Cdc=com",
'nsComment' => "YaST Generated Certificate",
};
my $res = YaPI::CaManagement->AddCertificate($data);
if( not defined $res ) {
# error
} else {
print "OK: '$res'\n";
}Returns a list of maps with all certificates of the defined CA.
Example 50.
use Data::Dumper;
my $data = {
'caName' => 'My_CA',
'caPasswd' => 'system'
};
my $res = YaPI::CaManagement->ReadCertificateList($data);
if( not defined $res ) {
# error
} else {
my $certificateName = $res->[0]->{'certificate'};
print Data::Dumper->Dump([$res])."\n";
}Update the internal openssl database.
Example 51.
my $data = {
'caName' => 'My_CA',
'caPasswd' => 'system'
};
my $res = YaPI::CaManagement->UpdateDB($data);
if( not defined $res ) {
# error
} else {
print "OK \n";
}Returns a certificate as plain text or parsed map.
Example 52.
use Data::Dumper;
foreach my $type ("parsed", "plain", "extended") {
my $data = {
'caName' => 'My_CA',
'type' => $type,
'certificate' => $certName
};
my $res = YaPI::CaManagement->ReadCertificate($data);
if( not defined $res ) {
# error
} else {
print Data::Dumper->Dump([$res])."\n";
}
}Revoke a certificate.
Example 53.
my $data = {
'caName' => 'My_CA',
'caPasswd' => 'system',
'certificate' => $certName,
'crlReason' => 'keyCompromise'
};
my $res = YaPI::CaManagement->RevokeCertificate($data);
if( not defined $res ) {
# error
} else {
print "Revoke successful\n";
}Create a new CRL.
Example 54.
my $data = {
'caName' => 'My_CA',
'caPasswd' => 'system',
'days' => 8
};
my $res = YaPI::CaManagement->AddCRL($data);
if( not defined $res ) {
# error
} else {
print "AddCRL successful\n";
}Returns a CRL as plain text or parsed map.
Example 55.
use Data::Dumper;
foreach my $type ("parsed", "plain", "extended") {
my $data = {
'caName' => 'My_CA',
'type' => $type,
};
my $res = YaPI::CaManagement->ReadCRL($data);
if( not defined $res ) {
# error
} else {
print Data::Dumper->Dump([$res])."\n";
}
}Export a CA to a file or returns it in different formats.
Example 56.
PEM_CERT (export only the Certificate im PEM format) PEM_CERT_KEY (export the Certificate and the Key unencrypted in PEM Format) PEM_CERT_ENCKEY (export the Certificate and the Key encrypted in PEM Format) DER_CERT (export the Certificate in DER Format) PKCS12 (export the Certificate and the Key in PKCS12 Format) PKCS12_CHAIN (like PKCS12 + include the CA Chain )
Example 57.
foreach my $ef ("PEM_CERT", "PEM_CERT_KEY", "PEM_CERT_ENCKEY","DER_CERT", "PKCS12", "PKCS12_CHAIN") {
my $data = {
'caName' => 'My_CA',
'exportFormat' => $ef,
'caPasswd' => "system",
};
if($ef =~ /^PKCS12/) {
$data->{'P12Password'} = "p12pass";
}
my $res = YaPI::CaManagement->ExportCA($data);
if( not defined $res ) {
# error
} else {
if(! open(OUT, "> /tmp/certs/$ef")) {
print STDERR "OPEN_FAILED\n";
exit 1;
}
print OUT $res;
close OUT;
}
}Export a certificate to a file or returns it in different formats.
Example 58.
PEM_CERT (export only the Certificate im PEM format) PEM_CERT_KEY (export the Certificate and the Key unencrypted in PEM Format) PEM_CERT_ENCKEY (export the Certificate and the Key encrypted in PEM Format) DER_CERT (export the Certificate in DER Format) PKCS12 (export the Certificate and the Key in PKCS12 Format) PKCS12_CHAIN (like PKCS12 + include the CA Chain )
Example 59.
foreach my $ef ("PEM_CERT", "PEM_CERT_KEY", "PEM_CERT_ENCKEY","DER_CERT", "PKCS12", "PKCS12_CHAIN") {
my $data = {
'caName' => 'My_CA',
'certificate' => $certName,
'exportFormat' => $ef,
'keyPasswd' => "system",
};
if($ef =~ /^PKCS12/) {
$data->{'P12Password'} = "p12pass";
}
my $res = YaPI::CaManagement->ExportCertificate($data);
if( not defined $res ) {
# error
} else {
if(! open(OUT, "> /tmp/certs/$ef")) {
print STDERR "OPEN_FAILED\n";
exit 1;
}
print OUT $res;
close OUT;
}
}Export a CRL to a file or returns it in different formats.
Example 61.
foreach my $ef ("PEM", "DER") {
my $data = {
'caName' => 'My_CA',
'caPasswd' => 'system',
'exportFormat' => $ef,
};
my $res = YaPI::CaManagement->ExportCRL($data);
if( not defined $res ) {
# error
} else {
if(! open(OUT, "> /tmp/certs/CRL_$ef")) {
print STDERR "OPEN_FAILED\n";
}
print OUT $res;
close OUT;
}
}Verify a certificate.
Example 62.
$data = {
'caName' => 'My_CA',
'certificate' => $certName
};
my $Vret = YaPI::CaManagement->Verify($data);
if(not defined $Vret) {
# verification failed
} else {
print "OK \n";
}create a new CA signed by another CA.
Example 63.
my $data = {
'caName' => 'My_CA',
'newCaName' => 'My_New_Sub_CA',
'keyPasswd' => 'newPasswd',
'caPasswd' => 'system',
'commonName' => 'My CA New Sub CA',
'emailAddress' => 'my@example.com',
'keyLength' => '2048',
'days' => '3000',
'countryName' => 'US',
'localityName' => 'New York',
'organizationName' => 'My Inc.',
'basicConstraints' => 'CA:TRUE',
'crlDistributionPoints' => 'URI:http://my.example.com/',
};
my $res = YaPI::CaManagement->AddSubCA($data);
if( not defined $res ) {
# error
} else {
print "OK '$res'\n";
}Export a CA in a LDAP Directory.
Example 64.
my $data = {
caName => 'My_CA',
ldapHostname => 'myhost.example.com',
ldapPort => 389,
destinationDN => "cn=My_CA,ou=PKI,dc=suse,dc=de",
BindDN => "cn=Admin,dc=example,dc=com",
ldapPasswd => "system"
};
my $res = YaPI::CaManagement->ExportCAToLDAP($data);
if( not defined $res ) {
# error
} else {
print STDERR "OK\n";
}Export a CRL in a LDAP Directory
Example 65.
my $data = {
caName => 'My_CA',
ldapHostname => 'myhost.example.com',
ldapPort => 389,
destinationDN => "cn=My_CA,ou=PKI,dc=suse,dc=de",
BindDN => "cn=Admin,dc=example,dc=com",
ldapPasswd => "system"
};
my $res = YaPI::CaManagement->ExportCRLToLDAP($data);
if( not defined $res ) {
# error
} else {
print STDERR "OK\n";
}Return the defaults for export CA, CRL or certificates to LDAP. If an error ocured with code = LDAP_CONFIG_NEEDED, you have to call InitLDAPcaManagement() first.
Example 66.
use Data::Dumper;
my $data = {
'caName' => 'My_CA',
'type' => 'ca'
};
my $res = YaPI::CaManagement->ReadLDAPExportDefaults($data);Creates the default configuration structure in LDAP
Example 67.
my $data = {
'ldapPasswd' => 'system'
};
my $res = YaPI::CaManagement->InitLDAPcaManagement($data);
if( not defined $res ) {
# error
} else {
print "OK\n";
}Export a Certificate in a LDAP Directory. This function is designed for exporting user certificates. The destination entry must have the objectclass 'inetOrgPerson'.
Example 68.
my $data = {
caName => 'My_CA',
certificate => $certificateName,
ldapHostname => 'myhost.example.com',
ldapPort => 389,
destinationDN => "uid=me,ou=people,dc=suse,dc=de",
BindDN => "cn=Admin,dc=example,dc=com",
ldapPasswd => "system"
};
my $res = YaPI::CaManagement->ExportCertificateToLDAP($data);
if( not defined $res ) {
# error
} else {
print STDERR "OK\n";
}Delete a Certificate. This function removes also the request and the private key.
Example 69.
my $data = {
caName => 'My_CA',
certificate => $certificateName,
caPasswd => 'system'
};
my $res = YaPI::CaManagement->DeleteCertificate($data);
if( not defined $res ) {
# error
} else {
print STDERR "OK\n";
}Import a server certificate plus correspondenting CA and copy them to a place where other YaST modules look for such a common certificate.
Example 70.
my $data = {
inFile => '/media/floppy/YaST-Servercert.p12',
passwd => 'system'
};
my $res = YaPI::CaManagement->ImportCommonServerCertificate($data);
if( not defined $res ) {
# error
} else {
print STDERR "OK\n";
}Returns a certificate or CRL as plain text or parsed map.
Example 71.
use Data::Dumper;
foreach my $type ("parsed", "plain", "extended") {
my $data = {
'datatype' => "CERTIFICATE",
'inFile' => '/path/to/a/certificate.pem',
'inForm' => "PEM"
'type' => $type,
};
my $res = YaPI::CaManagement->ReadFile($data);
if( not defined $res ) {
# error
} else {
print Data::Dumper->Dump([$res])."\n";
}
}Returns a request as plain text or parsed map.
Example 72.
use Data::Dumper;
foreach my $type ("parsed", "plain", "extended") {
my $data = {
'caName' => 'My_CA',
'type' => $type,
'request' => $certName
};
my $res = YaPI::CaManagement->ReadRequest($data);
if( not defined $res ) {
# error
} else {
print Data::Dumper->Dump([$res])."\n";
}
}Returns a list of maps with all requests of the defined CA.
Example 73.
use Data::Dumper;
my $data = {
'caName' => 'My_CA'
};
my $res = YaPI::CaManagement->ReadRequestList($data);
if( not defined $res ) {
# error
} else {
my $requestName = $res->[0]->{'request'};
print Data::Dumper->Dump([$res])."\n";
}Import a request in a CA repository.
Example 74.
my $data = {
caName => 'My_CA',
inFile => '/media/floppy/my_request.pem',
importFormat => 'PEM'
};
my $res = YaPI::CaManagement->ImportRequest($data);
if( not defined $res ) {
# error
} else {
print STDERR "$res\n";
}Delete a Request. This function removes also the private key if one is available.
Example 75.
my $data = {
caName => 'My_CA',
request => $requestName,
caPasswd => 'system'
};
my $res = YaPI::CaManagement->DeleteRequest($data);
if( not defined $res ) {
# error
} else {
print STDERR "OK\n";
}Import a CA certificate and private key and creates a infrastructure.
Example 76.
my $data = {
caName => 'My_CA',
caCertificate => /path/to/cacert.pem,
caKey => /path/to/cacert.key,
caPasswd => "secret"
};
my $res = YaPI::CaManagement->ImportCA($data);
if( not defined $res ) {
# error
} else {
print STDERR "OK\n";
}In $valueMap you can define the following keys:
Example 78.
my $data = {
caName => 'My_CA',
caPasswd => 'system,
};
my $res = YaPI::CaManagement->DeleteCA($data);
if( not defined $res ) {
# error
} else {
print STDERR "OK\n";
}Read the default values for a CRL. In $valueMap you can define the following keys:
Example 79.
use Data::Dumper;
my $data = {
'caName' => 'My_CA'
}
$crlValueMap = YaPI::CaManagement->ReadCRLDefaults($data)
if( not defined $crlValueMap ) {
# error
} else {
print Data::Dumper->Dump([$crlValueMap])."\n";
}Write the default values for creating a CRL. Keys which are not present, will be removed if they are available in the configuration file except for the 'days' key.
Example 80.
my $data = {
'caName' => 'My_CA',
'days' => '7'
};
my $res = YaPI::CaManagement->WriteCRLDefaults($data);
if( not defined $res ) {
# error
} else {
print "OK\n";
}
}This package is the public YaST2 API to configure the ISC DHCP server
$ret = AddDeclaration ($config, $type, $id, $parent_type, $parent_id);
$ret = SetDeclarationParent ($config, $type, $id, $new_parent_type, $new_parent_id);
$ret = SetDeclarationOptions ({}, $config, $type, $id, $options);
$directives = GetDeclarationDirectives ($config, $type, $id);
$ret = SetDeclarationDirectives ($config, $type, $id, $directives);
Immediatelly stops the DHCP service. Returns nonzero if operation succeeded, zero if operation failed.
Example 81.
my $status = StopDhcpService ({});
if ($status == 0)
{
print "Stopping DHCP server failed";
}
else
{
print "Stopping DHCP server succeeded";
}Immediatelly starts the DHCP service. Returns nonzero if operation succeeded, zero if operation failed.
Example 82.
my $status = StartDhcpService ({});
if ($status == 0)
{
print "Starting DHCP server failed";
}
else
{
print "Starting DHCP server succeeded";
}Check if DHCP service is running. Returns nonzero if service is running, zero otherwise.
Example 83.
my $status = GetDhcpServiceStatus ({});
if ($status == 0)
{
print "DHCP server is not running";
}
else
{
print "DHCP server is running";
}Add a new empty DHCP declaration. $type is one of subnet, host, group, pool, shared-network. $id is identification of the declaration (eg. host name for the host, $address netmask $netmask for subnet declaration. $parent_type and $parent_id specify the declaration within that the new declaration shall be created.
Example 84.
my $type = "host";
my $id = "client";
my $ret = AddDeclaration ({}, $type, $id, "", "");
Deletes specified declaration including its whole subtree.
Returns the parent of specified declaration. It is returned as a hash with keys "type" and "id".
Example 86.
my $type = "host";
my $id = "client";
my $parent = GetDeclarationParent ({}, $type, $id);
if (! defined ($parent))
{
print "Specified declaration not found"
}
else
{
my $par_type = $parent->{"type"};
my $par_id = $parent->{"id"};
print "Parent type: $par_type";
print "Parent id: $par_id;
}Sets specified parent to the specified declaration (moves it in the tree). The declaration is moved with its complete subtree.
Example 87.
my $type = "host";
my $id = "client";
my $ret = SetDeclarationParent ({}, $type, $id, "", "");Get all children of a declaration.
Example 88.
my $children = GetChildrenOfDeclaration ({}, "subnet", "192.168.0.0 netmask 255.255.255.0");
if (! defined ($children))
{
print "Specified declaration not found";
}
else
{
foreach my $child (@{$children}) {
my $type = $child->{"type"};
my $id = $child->{"id"};
print "Have child $type $id";
}
}Get all options of the specified declaration.
Example 89.
my $options = GetDeclarationOptions ({}, "subnet", "192.168.0.0 netmask 255.255.255.0");
if (! defined ($options))
{
print "Specified declaration not found";
}
else
{
foreach my $option (@{$options}) {
my $key = $option->{"key"};
my $value = $option->{"value"};
print "Have option $key with value $value";
}
}Sets all options of specified declaration. The options argument has the same structure as return value of the GetDeclarationOptions function.
Example 90.
my $options = [
{
"key" => "domain-name-servers",
"value" => "ns1.internal.example.org ns2.internal.example.org",
},
{
"key" => "domain-name",
"value" => "\"internal.example.org\"",
},
]
$success = SetDeclarationOptions ("host", "client", $options);Get all directives of the specified declaration.
Example 91.
my $directives = GetDeclarationDirectives ({}, "subnet", "192.168.0.0 netmask 255.255.255.0");
if (! defined ($directives))
{
print "Specified declaration not found";
}
else
{
foreach my $directive (@{$directives}) {
my $key = $option->{"key"};
my $value = $option->{"value"};
print "Have directive $key with value $value";
}
}Sets all directives of specified declaration. The directives argument has the same structure as return value of the GetDeclarationDirectives function.
Example 92.
my $directives = [
{
"key" => "default-lease-time",
"value" => "600",
},
{
"key" => "max-lease-time",
"value" => "7200",
},
]
$success = SetDeclarationDirectives ({}, "host", "client", $directives);This package is the public YaST2 API to configure the Bind version 9
Immediatelly stops the DNS service. Returns nonzero if operation succeeded, zero if operation failed.
Example 94.
my $status = StopDnsService ({});
if ($status == 0)
{
print "Stopping DNS server failed";
}
else
{
print "Stopping DNS server succeeded";
}Immediatelly starts the DNS service. Returns nonzero if operation succeeded, zero if operation failed.
Example 95.
my $status = StartDnsService ({});
if ($status == 0)
{
print "Starting DNS server failed";
}
else
{
print "Starting DNS server succeeded";
}Check if DNS service is running. Returns nonzero if service is running, zero otherwise.
Example 96.
my $status = GetDnsServiceStatus ({});
if ($status == 0)
{
print "DNS server is not running";
}
else
{
print "DNS server is running";
}Reads all global options of the DNS server.
Example 97.
my $options = ReadGlobalOptions ({});
if (! defined ($options))
{
print "Reading options failed";
}
else
{
foreach my $option (@{$options}) {
my $key = $option->{"key"};
my $value = $option->{"value"};
print "Have global option $key with value $value";
}
}Writes all global options of the DNS server. The taken argument has the same structure as return value of ReadGlobalOptions function.
Example 98.
my $options = [
{
"key" => "dump-file",
"value" => "\"/var/log/named_dump.db\"",
},
{
"key" => "statistics-file",
"value" => "\"/var/log/named.stats\"",
},
]
$success = WriteGlobalOptions ({}, $options);Reads all zones of the DNS server.
Example 99.
my $zones = ReadZones ({});
if (! defined ($zones))
{
print ("Could not read zones");
}
else
{
my $count = @{$zones};
print "Maintaining $count zones";
}Writes all zones to the DNS server, removes zones that are not mentioned in the argument. The structrure of the argument is clear from the example below.
Example 100.
my $zones = [
{
'options' => [
{
'value' => 'master',
'key' => 'type'
},
{
'value' => '"localhost.zone"',
'key' => 'file'
}
],
'zone' => 'localhost',
'ttl' => '1W',
'records' => [
{
'value' => '127.0.0.1',
'type' => 'A',
'key' => 'localhost.'
},
{
'value' => '@',
'type' => 'NS',
'key' => 'localhost.'
}
],
'file' => 'localhost.zone',
'type' => 'master',
'soa' => {
'minimum' => '1W',
'expiry' => '6W',
'serial' => 2004012701,
'zone' => '@',
'retry' => '4H',
'refresh' => '2D',
'mail' => 'root',
'server' => '@'
}
}
];
WriteZones ({}, $zones);This package is the public Yast2 API to configure the apache2.
This function returns a reference to a list of strings of all host ids. Even without any virtual host, there is always the "default" host id for the default host. On error, undef is returned and the Error() function can be used to get the error hash.
Example 101.
my $list = GetHostsList();
if( not defined($list) ) {
return Error();
}
foreach my $hostid ( @$list ) {
print "ID: $hostid\n";
}Example 104.
$pemData = ReadServerCert($hostID);
if( $pemData and open( CERT, "> /tmp/cert.pem" ) ) {
print CERT $pemData;
close(CERT);
$text = `openssl x509 -in /tmp/cert.pem -text -noout`;
}This function returns a reference to a host data list. The format of the Host data list is described above. In case of an error (for example, if there is no host with such an id) undef is returned.
Example 105.
# dumping all configured hosts
my $hostList = GetHostsList();
if( not defined $hostList ) {
# error
}
foreach my $hostid ( @$hostList ) {
my @host = GetHost( $hostid );
print "# dumping $hostid\n";
foreach my $directive ( @host ) {
print $directive->{OVERHEAD}."\n";
print $directive->{KEY}.' '.$directive->{VALUE}."\n";
}
}Example 108.
$pemData = ReadServerCert($hostID);
if( $pemData and open( CERT, "> /tmp/cert.pem" ) ) {
print CERT $pemData;
close(CERT);
$text = `openssl x509 -in /tmp/cert.pem -text -noout`;
}This function modifies the host with $hostid. The complete host data will be replaced with $hostdata.
Example 109.
# turn off SSL and setting a comment in config file
my @host = GetHost( $hostid );
foreach my $directive ( @host ) {
if( $directive->{KEY} eq 'SSL' ) {
$directive->{VALUE} = 2;
$directive->{OVERHEAD} = "# customer wants SSL to be required\n";
}
}
ModifyHost( $hostid, \@host );Example 110.
my @hostData = GetHost( $hostid );
replaceKey( 'SSL', { KEY => 'SSL', VALUE => 1 }, \@hostData );
replaceKey( 'ServerAdmin', { KEY => 'ServerAdmin', VALUE => 'my@my.dom' }, \@hostData );
ModifyHost( $hostid, \@hostData );
sub replaceKey {
my $key = shift;
my $new = shift;
my $hostData = shift;
my $found = 0;
foreach( @$hostData ) {
if( $_->{KEY} eq $new->{KEY} ) {
$new->{OVERHEAD} = $_ ->{OVERHEAD} unless( exists($new->{OVERHEAD}) );
$_ = $new;
$found = 1;
last;
}
}
push( @$hostData, $new ) unless( $found );
return 1;
}Example 113.
$pemData = ReadServerCert($hostID);
if( $pemData and open( CERT, "> /tmp/cert.pem" ) ) {
print CERT $pemData;
close(CERT);
$text = `openssl x509 -in /tmp/cert.pem -text -noout`;
}This function creates a host with $hostid. $hostdata is the host data array.
Example 114.
my @newHost = (
{ KEY => "ServerName", VALUE => 'createTest2.suse.de' },
{ KEY => "VirtualByName", VALUE => 1 },
{ KEY => "ServerAdmin", VALUE => 'no@one.de' }
);
CreateHost( '192.168.1.2/createTest2.suse.de', \@temp );Example 117.
$pemData = ReadServerCert($hostID);
if( $pemData and open( CERT, "> /tmp/cert.pem" ) ) {
print CERT $pemData;
close(CERT);
$text = `openssl x509 -in /tmp/cert.pem -text -noout`;
}This function removes the host with $hostid. If the hostid is not found, undef is returned.
Example 120.
$pemData = ReadServerCert($hostID);
if( $pemData and open( CERT, "> /tmp/cert.pem" ) ) {
print CERT $pemData;
close(CERT);
$text = `openssl x509 -in /tmp/cert.pem -text -noout`;
}this function returns a reference to an array of strings. The list contains all active apache2 module names. This is more or less just the content of the sysconfig variable "APACHE_MODULES" from /etc/sysconfig/apache2.
Example 121.
my $modules = GetModuleList();
if( $modules ) {
foreach my $mod_name ( @$modules ) {
print "active module: $mod_name\n";
}
}Example 124.
$pemData = ReadServerCert($hostID);
if( $pemData and open( CERT, "> /tmp/cert.pem" ) ) {
print CERT $pemData;
close(CERT);
$text = `openssl x509 -in /tmp/cert.pem -text -noout`;
}this function returns a reference to an array of hashes. Each has has the following keys:
Example 125.
# list all modules with enabled/disabled state
my $knownMods = GetKnownModules();
my $activeMods = GetModuleList();
my %activeMods = ();
@activeMods{@$activeMods} = ();
foreach my $km ( @$knownMods ) {
my $state = (grep(/^$km$/, @$activeMods))?('on'):('off');
delete($activeMods{$km});
print "$km->{name} = $state\n";
}
# list active unknown mods now
foreach my $m ( keys(%activeMods ) ) {
print "$m = on\n";
}Example 128.
$pemData = ReadServerCert($hostID);
if( $pemData and open( CERT, "> /tmp/cert.pem" ) ) {
print CERT $pemData;
close(CERT);
$text = `openssl x509 -in /tmp/cert.pem -text -noout`;
}with this function you can turn on and off modules of the apache2 $modulelist is an array reference to a list of modulenames. This modifes more or less just the content of the sysconfig variable "APACHE_MODULES" from /etc/sysconfig/apache2. Unknown modules are allowed too but they will be appendet to the end of the list.
Example 132.
$pemData = ReadServerCert($hostID);
if( $pemData and open( CERT, "> /tmp/cert.pem" ) ) {
print CERT $pemData;
close(CERT);
$text = `openssl x509 -in /tmp/cert.pem -text -noout`;
}this functions returns a reference to an array that contains hashes with information about all known module selections. One hash has the following keys:
Example 133.
my $knownSelList = GetKnownModuleSelections();
foreach my $kms ( @$knownSelList ) {
print "$kms->{id} = $kms->{summary}\n";
}Example 136.
$pemData = ReadServerCert($hostID);
if( $pemData and open( CERT, "> /tmp/cert.pem" ) ) {
print CERT $pemData;
close(CERT);
$text = `openssl x509 -in /tmp/cert.pem -text -noout`;
}this function returns a reference to an array that contains strings with the names of the active module selections.
Example 137.
my $selList = GetModuleSelectionsList();
print "active selections: ".join(',', @$selList)."\n";Example 140.
$pemData = ReadServerCert($hostID);
if( $pemData and open( CERT, "> /tmp/cert.pem" ) ) {
print CERT $pemData;
close(CERT);
$text = `openssl x509 -in /tmp/cert.pem -text -noout`;
}this function modifies the module selection list. You can turn on and off module selections with the boolean $status. Changing the selections will directly influence the module list.
Example 141.
ModifyModuleSelectionList( ['perl-scripting', 'debug'],1 ); ModifyModuleSelectionList( ['php4-scripting'], 0 );
Example 144.
$pemData = ReadServerCert($hostID);
if( $pemData and open( CERT, "> /tmp/cert.pem" ) ) {
print CERT $pemData;
close(CERT);
$text = `openssl x509 -in /tmp/cert.pem -text -noout`;
}with this function you can turn on and off the apache2 runlevel script. Turning off means, no apache2 start at boot time.
Example 145.
ModifyService(0); # turn apache2 off at boot time ModifyService(1); # turn apache2 on at boot time
Example 148.
$pemData = ReadServerCert($hostID);
if( $pemData and open( CERT, "> /tmp/cert.pem" ) ) {
print CERT $pemData;
close(CERT);
$text = `openssl x509 -in /tmp/cert.pem -text -noout`;
}with this function you can start and stop the apache2 service.
Example 149.
SwitchService( 0 ); # turning off the apache2 service SwitchService( 1 ); # turning on the apache2 service
Example 152.
$pemData = ReadServerCert($hostID);
if( $pemData and open( CERT, "> /tmp/cert.pem" ) ) {
print CERT $pemData;
close(CERT);
$text = `openssl x509 -in /tmp/cert.pem -text -noout`;
}with this function you can reload the apache2 service
Example 156.
$pemData = ReadServerCert($hostID);
if( $pemData and open( CERT, "> /tmp/cert.pem" ) ) {
print CERT $pemData;
close(CERT);
$text = `openssl x509 -in /tmp/cert.pem -text -noout`;
}with this function you can read out the state of the apache2 runlevel script (starting apache2 at boot time).
Example 160.
$pemData = ReadServerCert($hostID);
if( $pemData and open( CERT, "> /tmp/cert.pem" ) ) {
print CERT $pemData;
close(CERT);
$text = `openssl x509 -in /tmp/cert.pem -text -noout`;
}with this function you can configure the addresses and ports the webserver is listening on. $fromPort and $toPort can have the same value. $listen must be a network interface of the host but can be an empty string for 'all' interfaces. The $doFirewall boolean indicates if the SuSEFirewall2 shall be configured for the settings.
Example 161.
CreateListen( 80, 80, '127.0.0.1', 0 ); # localhost without firewall setup CreateListen( 443, 443, '', 1 ); # HTTPS on all interfaces CreateListen( 80, 80, '192.168.0.1', 1 ); # internal+firewall setup
Example 164.
$pemData = ReadServerCert($hostID);
if( $pemData and open( CERT, "> /tmp/cert.pem" ) ) {
print CERT $pemData;
close(CERT);
$text = `openssl x509 -in /tmp/cert.pem -text -noout`;
}with this function you can delete an address and port the webserver is listening on. $fromPort and $toPort can have the same value. $listen must be a network interface of the host but can be an empty string for 'all' interfaces. If the listen parameter can't be found, undef is returned. The $doFirewall boolean indicates if the SuSEFirewall2 shall be configured for the settings.
Example 165.
DeleteListen( 80, 80, '127.0.0.1', 0 ); # localhost without firewall setup DeleteListen( 443, 443, '', 1 ); # HTTPS on all interfaces DeleteListen( 80, 80, '192.168.0.1', 1 ); # internal+firewall setup
Example 168.
$pemData = ReadServerCert($hostID);
if( $pemData and open( CERT, "> /tmp/cert.pem" ) ) {
print CERT $pemData;
close(CERT);
$text = `openssl x509 -in /tmp/cert.pem -text -noout`;
}this function returns a list of hashes with the current listen data. Each hash has the following keys:
Example 169.
my $listenList = GetCurrentListen();
foreach my $ld ( @$listenList ) {
print "Listening on: ".$ld->{ADDRESS}."/".$ld->{PORT}."\n";
}Example 172.
$pemData = ReadServerCert($hostID);
if( $pemData and open( CERT, "> /tmp/cert.pem" ) ) {
print CERT $pemData;
close(CERT);
$text = `openssl x509 -in /tmp/cert.pem -text -noout`;
}this function returns a list of strings with the needed RPM packages for this service.
Example 173.
my $packList = GetServicePackages();
foreach my $pack ( @$packList ) {
print "$pack needs to be installed to run this service\n";
}Example 176.
$pemData = ReadServerCert($hostID);
if( $pemData and open( CERT, "> /tmp/cert.pem" ) ) {
print CERT $pemData;
close(CERT);
$text = `openssl x509 -in /tmp/cert.pem -text -noout`;
}this function returns a list of strings with the needed RPM pacakges for all activated apache2 modules.
Example 177.
my $packList = GetModulePackages();
foreach my $pack ( @$packList ) {
print "$pack needs to be installed to run the selected modules\n";
}Example 180.
$pemData = ReadServerCert($hostID);
if( $pemData and open( CERT, "> /tmp/cert.pem" ) ) {
print CERT $pemData;
close(CERT);
$text = `openssl x509 -in /tmp/cert.pem -text -noout`;
}returns a string with the apache2 server flags like "-DSSL"
Example 184.
$pemData = ReadServerCert($hostID);
if( $pemData and open( CERT, "> /tmp/cert.pem" ) ) {
print CERT $pemData;
close(CERT);
$text = `openssl x509 -in /tmp/cert.pem -text -noout`;
}Put into $params any server flags ("Defines") that you want to hand over to httpd at start time, or other command line flags. This could be -D SSL, for example. Or -DSTATUS.
Example 188.
$pemData = ReadServerCert($hostID);
if( $pemData and open( CERT, "> /tmp/cert.pem" ) ) {
print CERT $pemData;
close(CERT);
$text = `openssl x509 -in /tmp/cert.pem -text -noout`;
}this function writes the server certificate for the host with $hostID to the right place and sets the SSLCertificateFile directive to the right path. The certificate must be in PEM format and it can contain the private key too. If there is a private key in the PEM data, the SSLCertificateKeyFile directive is set too. The key can also be set via WriteServerKey. If the $pemData is undefined, an old certificate gets deleted and SSLCertificateFile directive gets dropped. Writing the server certificate does not turn on SSL automatically. On failure, undef is returned. The path for writing the certificate is /etc/apache2/ssl.crt the filename is $hostname-cert.pem
Example 189.
WriteServerCert('*:443', $pemData);
$host = GetHost('*:443');
replaceKey( 'SSL', { KEY => 'SSL', VALUE => 1 }, $host );
ModifyHost('*:443', $host);Example 192.
$pemData = ReadServerCert($hostID);
if( $pemData and open( CERT, "> /tmp/cert.pem" ) ) {
print CERT $pemData;
close(CERT);
$text = `openssl x509 -in /tmp/cert.pem -text -noout`;
}this function writes the server key for the host with $hostID to the right place and sets the SSLCertificateKeyFile directive to the right path. The key must be in PEM format and it can contain the certificate too. If there is a certificate in the PEM data, the SSLCertificateFile directive is set too. The certificate can also be set via WriteServerCert. If the $pemData is undefined, an old key gets deleted and SSLCertificateKeyFile directive gets dropped. Writing the server key does not turn on SSL automatically. On failure, undef is returned. The path for writing the keyfile is /etc/apache2/ssl.key the filename is $hostname-key.pem
this function writes the server CA for the host with $hostID to the right place and sets the SSLCACertificateFile directive to the right path. The CA must be in PEM format. If the $pemData is undefined, an old CA file gets deleted and SSLCACertificateFile directive gets dropped. Writing the server CA does not turn on SSL automatically. On failure, undef is returned. The path for writing the ca certificate file is /etc/apache2/ssl.crt the filename is $hostname-cacert.pem
this function returns the server certificate PEM data. Even if the key is stored in the same file, just the certificate part is returned. On failure, undef is returned.
Example 195.
$pemData = ReadServerCert($hostID);
if( $pemData and open( CERT, "> /tmp/cert.pem" ) ) {
print CERT $pemData;
close(CERT);
$text = `openssl x509 -in /tmp/cert.pem -text -noout`;
}this function returns the server key in PEM format. Even if the certificate is stored in the same file, just the private key part is returned. On failure, undef is returned.
This package is the public Yast2 API to managing a LDAP Server.
Returns a List of databases (suffix).
Example 198.
use Data::Dumper;
my $res = YaPI::LdapServer->ReadDatabaseList();
if( not defined $res ) {
# error
} else {
print "OK: \n";
print STDERR Data::Dumper->Dump([$res])."\n";
}Creates a new database section in the configuration file, start or restart the LDAP Server and add the base object. If the database exists, nothing is done and undef is returned.
Example 199.
* database: The database type (required) * suffix: The suffix (required) * directory: The Directory where the database files are(bdb/ldbm) (required) * createdatabasedir: If true the directory for the database will be created (optional; default false) * rootdn: The Root DN * passwd: The plain Root Password (requires rootdn) * cryptmethod: The crypt method; allowed values are (CRYPT, SMD5, SHA, SSHA, PLAIN); default is 'SSHA' * cachesize: The cachesize(bdb/ldbm) (optional; default 10000) * checkpoint: The checkpoint(bdb) (optional; default 1024 5)
Example 200.
my $hash = {
database => 'bdb',
suffix => 'dc=example,dc=com',
rootdn => "cn=Admin,dc=example,dc=com",
passwd => "system",
cryptmethod => 'SMD5',
directory => "/var/lib/ldap/db1",
};
my $res = YaPI::LdapServer->AddDatabase($hash);
if( not defined $res ) {
# error
} else {
print "OK: \n";
}Edit the database section with the suffix $suffix in the configuration file. Only save parameter are supported.
Example 201.
* rootdn: The Root DN * passwd: The Root Password * cryptmethod: The crypt method; allowed values are (CRYPT, SMD5, SHA, SSHA, PLAIN); default is 'SSHA' * cachesize: The cachesize(bdb/ldbm) * checkpoint: The checkpoint(bdb)
Example 202.
my $hash = { suffix => "dc=example,dc=com",
rootdn => "cn=Administrator,dc=example,dc=com",
rootpw => "example",
cryptmethod => "CRYPT"
};
my $res = YaPI::LdapServer->EditDatabase($hash);
if( not defined $res ) {
# error
} else {
print "OK: \n";
}Read the database section with the suffix $suffix.
Example 203.
* database: The database type * suffix: The suffix * rootdn: The Root DN * passwd: The Root Password * directory: The Directory where the database files are(bdb/ldbm) * cachesize: The cachesize(bdb/ldbm) * checkpoint: The checkpoint(bdb)
Example 204.
use Data::Dumper;
my $res = YaPI::LdapServer->ReadDatabase('"dc=example,dc=com"');
if( not defined $res ) {
# error
} else {
print "OK: \n";
print STDERR Data::Dumper->Dump([$res])."\n";
}Returns a List of Maps with all index statements for this database. The "keys" are:
Example 205.
* 'attr', an attribute or an attribute list * 'param', a number of special index parameters * 'md5', a MD5 sum of this index. This numer is needed for EditIndex and DeleteIndex
Example 206.
use Data::Dumper;
my $res = YaPI::LdapServer->ReadIndex('"dc=example,dc=com"');
if( not defined $res ) {
# error
} else {
print "OK: \n";
print STDERR Data::Dumper->Dump([$res])."\n";
}Add a new index statement %indexMap to the database section $suffix.
Example 207.
* 'attr', an attribute or an attribute list * 'param', a number of special index parameters
Example 208.
my $newIndex = {
'attr' => "uid,cn",
'param' => "eq"
};
my $res = YaPI::LdapServer->AddIndex("dc=example,dc=com", $newIndex);
if( not defined $res ) {
# error
} else {
print "OK: \n";
}Replace the index $index_md5 in the database section $suffix by the new index statement %indexMap.
Example 209.
* 'attr', an attribute or an attribute list * 'param', a number of special index parameters
Example 210.
my $newIndex = {
'attr' => "uid,cn",
'param' => "eq"
};
my $res = YaPI::LdapServer->EditIndex("dc=example,dc=com", "eacc11456b6c2ae4e1aef0fa287e02b0",
$newIndex);
if( not defined $res ) {
# error
} else {
print "OK: \n";
}Delete the index $index_md5 statement in the database section $suffix.
Example 211.
my $res = YaPI::LdapServer->DeleteIndex("dc=example,dc=com", "338a980b4eebe87365a4077067ce1559");
if( not defined $res ) {
# error
} else {
print "OK: \n";
}Regenerate indices based upon the current contents of a database determined by $suffix. This function stops the ldapserver, call slapindex and start the ldapserver again.
Example 212.
my $res = YaPI::LdapServer->RecreateIndex("dc=example,dc=com");
if( not defined $res ) {
# error
} else {
print "OK: \n";
}Returns a list of all included schema files in the order they appear in the config files.
Example 213.
use Data::Dumper;
my $res = YaPI::LdapServer->ReadSchemaIncludeList();
if( not defined $res ) {
# error
} else {
print "OK: \n";
print STDERR Data::Dumper->Dump([$res])."\n";
}Writes all schema includes preserving order.
Example 214.
my $schemas = [
'/etc/openldap/schema/core.schema',
'/etc/openldap/schema/cosine.schema',
'/etc/openldap/schema/inetorgperson.schema',
'/etc/openldap/schema/rfc2307bis.schema',
'/etc/openldap/schema/yast2userconfig.schema',
'/etc/openldap/schema/samba3.schema'
];
my $res = YaPI::LdapServer->WriteSchemaIncludeList($schemas);
if( not defined $res ) {
# error
} else {
print "OK: \n";
}Returns a list of allow statements.
Example 215.
use Data::Dumper;
my $res = YaPI::LdapServer->ReadAllowList();
if( not defined $res ) {
# error
} else {
print "OK: \n";
print STDERR Data::Dumper->Dump([$res])."\n";
}Replaces the complete allow option with the specified feature list.
Example 216.
my @list = ( "bind_v2" );
$res = YaPI::LdapServer->WriteAllowList( \@list );
if( not defined $res ) {
# error
} else {
print "OK: \n";
}Read the loglevel bitmask.
Example 217.
my $res = YaPI::LdapServer->ReadLoglevel();
if( not defined $res ) {
} else {
print "OK: \n";
print STDERR Data::Dumper->Dump([$res])."\n";
}Set the given loglevel bit to 1 in the current bitmask.
Example 218.
my $res = YaPI::LdapServer->AddLoglevel( 0x04 );
if( not defined $res ) {
# error
} else {
print "OK: \n";
}Set the given loglevel bit to 0 in the current bitmask.
Example 219.
my $res = YaPI::LdapServer->DeleteLoglevel( 0x04 );
if( not defined $res ) {
} else {
print "OK: \n";
}Replaces the loglevel bitmask.
Example 220.
my $res = YaPI::LdapServer->WriteLoglevel( 0x06 );
if( not defined $res ) {
} else {
print "OK: \n";
}with this function you can turn on and off the LDAP server runlevel script. Turning off means, no LDAP server start at boot time.
Example 221.
ModifyService(0); # turn LDAP server off at boot time ModifyService(1); # turn LDAP server on at boot time
with this function you can start and stop the LDAP server service.
Example 222.
SwitchService( 0 ); # turning off the LDAP server service SwitchService( 1 ); # turning on the LDAP server service
with this function you can read out the state of the LDAP server runlevel script (starting LDAP server at boot time).
Return the current TLS settings
Example 224.
* TLSCipherSuite: cipher suite parameter * TLSCACertificateFile: Specifies the file that contains certificates for all of the Certificate Authorities that slapd will recognize. * TLSCACertificatePath: Specifies the path of a directory that contains Certificate Authority certificates in separate individual files. Usually only one of this or the TLSCACertificateFile is used. * TLSCertificateFile: Specifies the file that contains the slapd server certificate. * TLSCertificateKeyFile: Specifies the file that contains the slapd server private key. * TLSVerifyClient: Specifies what checks to perform on client certificates in an incoming TLS session.
Example 225.
use Data::Dumper;
my $res = YaPI::LdapServer->ReadTLS();
if( not defined $res ) {
# error
} else {
print "OK: \n";
print STDERR Data::Dumper->Dump([$res])."\n";
}Edit the TLS options in the configuration file.
Example 226.
* TLSCipherSuite: cipher suite parameter * TLSCACertificateFile: Specifies the file that contains certificates for all of the Certificate Authorities that slapd will recognize. * TLSCACertificatePath: Specifies the path of a directory that contains Certificate Authority certificates in separate individual files. Usually only one of this or the TLSCACertificateFile is used. * TLSCertificateFile: Specifies the file that contains the slapd server certificate. * TLSCertificateKeyFile: Specifies the file that contains the slapd server private key. * TLSVerifyClient: Specifies what checks to perform on client certificates in an incoming TLS session.
Example 227.
my $hash = {
TLSCipherSuite => "HIGH:MEDIUM:+SSLv2",
TLSCertificateFile => "/etc/ssl/server_crt.pem",
TLSCertificateKeyFile => "/etc/ssl/server_key.pem",
TLSCACertificateFile => "/etc/ssl/ca.pem",
TLSVerifyClient => "never"
};
my $res = YaPI::LdapServer->WriteTLS($hash);
if( not defined $res ) {
# error
} else {
print "OK: \n";
}Check, if a server certificate is available which can be used for more then one service. Such common certificate is saved at '/etc/ssl/servercerts/servercert.pem'.
Example 228.
my $res = YaPI::LdapServer->CheckCommonServerCertificate();
if( not defined $res ) {
# error
} else {
print "Available \n" if($res);
print "Not Avalable \n" if(!res);
}Configure the LDAP server to use the common server certificate.
Example 229.
my $res = YaPI::LdapServer->ConfigureCommonServerCertificate();
if( not defined $res ) {
# error
} else {
print "OK: \n";
}Import certificates and configure TLS for the LDAP Server.
Example 230.
my $hash = {
ServerCertificateFile => '/path/to/the/certificate.pem',
ServerKeyFile => '/path/to/the/key.pem',
CACertificatesFile => '/path/to/the/CAcertificate.pem',
}
my $res = YaPI::LdapServer->ImportCertificates($hash);
if( not defined $res ) {
# error
} else {
print "OK: \n";
}This function reads the OPENLDAP_REGISTER_SLP entry in /etc/sysconfig/openldap. It returns 'true' if it reads 'yes' and 'false' if it reads 'no'.
This package is the public Yast2 API to configure the postfix. Representation of the configuration of mail-server. Input and output routines.
EXAMPLE:
Example 233.
Dump the mail-server Global Settings to a single hash
Return hash Dumped settings (later acceptable by WriteGlobalSettings ())
$GlobalSettings is a pointer to a hash containing the basic settings of
the mail server.
%GlobalSettings = (
'Changed' => 0,
Shows if the hash was changed. Possible values are 0 (no) or 1 (yes).
'MaximumMailSize' => 0,
Shows the maximum message size in bytes, the mail server will accept
to deliver. Setting this value 0 means there is no limit.
'Banner' => '$myhostname ESMTP $mail_name'
The smtpd_banner parameter specifies the text that follows the 220
code in the SMTP server's greeting banner. Some people like to see
the mail version advertised. By default, Postfix shows no version.
You MUST specify $myhostname at the start of the text. That is an
RFC requirement. Postfix itself does not care.
'Interfaces' => ''
The inet_interfaces parameter specifies the network interface
addresses that this mail system receives mail on. By default,
the software claims all active interfaces on the machine. The
parameter also controls delivery of mail to user@[ip.address]
'SendingMail' => {
In this hash you can define the type of delivery of outgoing emails.
'Type' => '',
Shows the type of the delivery of the outgoing mails. Possible
values are:
DNS : Delivery via DNS lookup of the MX records of the
destination domain.
relayhost : Delivery using a relay host
NONE : There is no delivery of outgoing mails. In this case
some other funcions are not avaiable. For example
setting of mail transport.
'TLS' => '',
If delivery via DNS is used you can set how TLS will be used
for security. Possible values are:
NONE : don't use TLS.
MAY : TLS will used when offered by the server.
MUST : Only connection with TLS will be accepted.
MUST_NOPEERMATCH : Only connection with TLS will be accepted, but
no strict peername checking accours.
'RelayHost' => {
If the type of delivery of outgoing emails is set to "relayhost",
then you have to define the relyhost in this hash.
'Name' => '',
DNS name or IP address of the relay host.
'Auth' => 0,
Sets if SASL authentication will be used for the relayhost.
Possible values are: 0 (no) and 1 (yes).
'Account' => '',
The account name of the SASL account.
'Password' => ''
The SASL account password
}
}
);Write the mail-server Global Settings from a single hash @param settings The YCP structure to be imported. @return boolean True on success
Example 235.
my $AdminPassword = "VerySecure";
my %GlobalSettings = (
'Changed' => 1,
'MaximumMailSize' => 10485760,
'Banner' => '$myhostname ESMTP $mail_name',
'SendingMail' => {
'Type' => 'relayhost',
'TLS' => 'MUST',
'RelayHost' => {
'Name' => 'mail.domain.de',
'Auth' => 1,
'Account' => 'user',
'Password' => 'password'
}
}
);
if( ! WriteGlobalSettings(\%GlobalSettings,$AdminPassword) ) {
print "ERROR in WriteGlobalSettings\n";
}EXAMPLE:
Example 236.
Dump the mail-server Mail Transport to a single hash @return hash Dumped settings (later acceptable by WriteCanonical ())
EXAMPLE:
Example 237.
Dump the mail-server Mail Transport to a single hash
@return hash Dumped settings (later acceptable by WriteMailTransport ())
$MailTransports is a pointer to a hash containing the mail transport
definitions.
%MailTransports = (
'Changed' => 0,
Shows if the hash was changed. Possible values are 0 (no) or 1 (yes).
'Transports' => [],
Poiter to an array containing the mail transport table entries.
'TLSSites' => {},
Poiter to an hash containing the mail transport TLS per site table entries.
'SASLAccounts' => {},
Poiter to an hash containing the client side authentication accounts.
);
Each element of the arry 'Transports' has following syntax:
%Transport = (
'Destination' => '',
This field contains a search pattern for the mail destination.
Patterns are tried in the order as listed below:
user+extension@domain
Mail for user+extension@domain is delivered through
transport to nexthop.
user@domain
Mail for user@domain is delivered through transport
to nexthop.
domain
Mail for domain is delivered through transport to
nexthop.
.domain
Mail for any subdomain of domain is delivered
through transport to nexthop. This applies only
when the string transport_maps is not listed in the
parent_domain_matches_subdomains configuration set-
ting. Otherwise, a domain name matches itself and
its subdomains.
Note 1: the special pattern * represents any address (i.e.
it functions as the wild-card pattern).
Note 2: the null recipient address is looked up as
$empty_address_recipient@$myhostname (default: mailer-dae-
mon@hostname).
'Nexthop' => '',
This field has the format transport:nexthop and shows how
the mails for the corresponding destination will be
delivered.
The transport field specifies the name of a mail delivery
transport (the first name of a mail delivery service entry
in the Postfix master.cf file).
The interpretation of the nexthop field is transport
dependent. In the case of SMTP, specify host:service for a
non-default server port, and use [host] or [host]:port in
order to disable MX (mail exchanger) DNS lookups. The []
form is required when you specify an IP address instead of
a hostname.
A null transport and null nexthop result means "do not
change": use the delivery transport and nexthop informa-
tion that would be used when the entire transport table
did not exist.
A non-null transport field with a null nexthop field
resets the nexthop information to the recipient domain.
A null transport field with non-null nexthop field does
not modify the transport information.
For a detailed description have a look in man 5 trnsport.
);
%TLSSites = {
'TLSSite' => ''
The name or IP of the mail server (nexthop).
'TLSMode' => '',
You can set how TLS will be used for security. Possible values are:
NONE : don't use TLS.
MAY : TLS will used when offered by the server.
MUST : Only connection with TLS will be accepted.
MUST_NOPEERMATCH : Only connection with TLS will be accepted, but
no strict peername checking accours.
};
%SASLAccounts = {
'Server1' => ['Account1','Password1'],
'Server2' => ['Account2','Password2']
}
Example 238.
my $AdminPassword = "VerySecure";
my $MailTransorts = [];
if (! $MailTransorts = ReadMailTransports($AdminPassword) ) {
print "ERROR in ReadMailTransports\n";
} else {
foreach my $Transport (@{$MailTransports->{'Transports'}}){
print "Destination=> $Transport->{'Destination'}\n";
print " Nexthop=> $Transport->{'Nexthop'}\n";
}
foreach my $TLSSite (keys %{$MailTransports->{'TLSSites'}}){
print "TLSSite: $TLSSite => ";
print "TLSMode: $MailTransports->{'TLSSites'}->{$TLSSite}\n";
}
foreach my $SASLAccount (keys %{$MailTransports->{'SASLAccounts'}}){
print "Nexthop: $SASLAccount => ";
print "Account: $MailTransports->{'SASLAccounts'}->{$SASLAccount}->[0] ";
print "Passord: $MailTransports->{'SASLAccounts'}->{$SASLAccount}->[1]\n";
}
}EXAMPLE:
Example 239.
Write the mail server Mail Transport from a single hash. WARNING! All transport defintions not contained in the hash will be removed from the tranport table.
Example 240.
my $AdminPassword = "VerySecure";
my %MailTransports = (
'Changed' => '1',
'Transports' => []
);
my %Transport = (
'Destination' => 'dom.ain',
'Transport' => 'smtp',
'Nexthop' => '[mail.dom.ain]',
'TLS' => 'MUST',
'Auth' => 1,
'Account' => 'user',
'Password' => 'passwd'
);
push @($MailTransports{Transports}), %Transport;
%Transport = (
'Destination' => 'my-domain.de',
'Nexthop' => 'uucp:[mail.my-domain.de]',
'TLS' => 'NONE',
'Auth' => '0'
);
push @($MailTransports{Transports}), %Transport;
%Transport = (
'Destination' => 'my-old-domain.de',
'Nexthop' => "error:I've droped this domain"
);
push @($MailTransports{Transports}), %Transport;
if( ! WriteMailTransports(\%Transports,$AdminPassword) ) {
print "ERROR in WriteMailTransport\n";
}EXAMPLE:
Example 241.
Dump the mail-server prevention to a single hash
@return hash Dumped settings (later acceptable by WriteMailPrevention())
Postfix offers a variety of parameters that limit the delivery of
unsolicited commercial email (UCE).
By default, the Postfix SMTP server will accept mail only from or to the
local network or domain, or to domains that are hosted by Postfix, so that
your system can't be used as a mail relay to forward bulk mail from random strangers.
There is a lot of combination of the postfix configuration parameter
you can set. To make the setup easier we have defined three kind of predefined
settings:
off:
1. Accept connections from all clients even if the client IP address has no
PTR (address to name) record in the DNS.
2. Accept all eMails has RCPT a local destination or the client is in the
local network.
3. Mail adresses via access table can be rejected.
medium:
1. Accept connections from all clients even if the client IP address has no
PTR (address to name) record in the DNS.
2. Accept all eMails has RCPT a local destination and the sender domain is
a valid domain. Furthermore mails from clients from local network will
be accepted.
3.
hard:
$MailPrevention is a pointer to a hash containing the mail server
basic prevention settings. This hash has following structure:
my %MailPrevention = (
'Changed' => 0,
Shows if the hash was changed. Possible values are 0 (no) or 1 (yes).
'BasicProtection' => 'hard',
'RBLList' => [],
'AccessList' => [],
'VirusScanning' => 1
);
AccessList is a pointer to an array of %AccessEntry hashes.
my %AccessEntry = ( 'ClientAddress' => '',
'ClientAccess' => ''
);Example 242.
my $AdminPassword = "VerySecure";
my $MailPrevention = [];
if( $MailPrevention = ReadMailPrevention($AdminPassword) ) {
print "Basic BasicProtection : $MailPrevention->{BasicProtection}\n";
foreach(@{$MailPrevention->{RBLList}}) {
print "Used RBL Server: $_\n";
}
foreach(@{$MailPrevention->{AccessList}}) {
print "Access for $_{MailClient} is $_{MailAction}\n";
}
if($MailPrevention->{VirusScanning}){
print "Virus scanning is activated\n";
} else {
print "Virus scanning isn't activated\n";
}
} else {
print "ERROR in ReadMailPrevention\n";
}Reads the LDAP Configuration: The LDAP Base The LDAP Base for the User Configuration The LDAP Base for the Group Configuration The LDAP Base for the DNS Configuration The LDAP Base for the MAIL Configuration The LDAP Template for the MAIL Configuration If the last there does not exist this will be created.
Example 243.
Dump the mail-server server side relay settings to a single hash
@return hash Dumped settings (later acceptable by WriteMailRelaying ())
$MailRelaying is a pointer to a hash containing the mail server
relay settings. This hash has following structure:
%MailRelaying = (
'Changed' => 0,
Shows if the hash was changed. Possible values are 0 (no) or 1 (yes).
'TrustedNetworks' => [],
An array of trusted networks/hosts addresses
'RequireSASL' => 1,
Show if SASL authentication is required for sending external eMails.
'SMTPDTLSMode' => 'use',
Shows how TLS will be used for smtpd connection.
Avaiable values are:
'none' : no TLS will be used.
'use' : TLS will be used if the client wants.
'enfoce' : TLS must be used.
'auth_only' : TLS will be used only for SASL authentication.
'UserRestriction' => 0
If UserRestriction is set, there is possible to make user/group based
restrictions for sending and getting eMails. Strickt authotentication
is requiered. To do so an 2nd interface for sending eMails for internal
clients will be set up. The system administrator have to care that the
other interface (external interface) can not be accessed from the internal
clients
);
Reads the LDAP Configuration: The LDAP Base The LDAP Base for the User Configuration The LDAP Base for the Group Configuration The LDAP Base for the DNS Configuration The LDAP Base for the MAIL Configuration The LDAP Template for the MAIL Configuration If the last there does not exist this will be created.
Example 244.
$ldapMap = {
'ldap_server' => ...,
'ldap_port' => ...,
'bind_pw' => ...,
'bind_dn' => ...,
'mail_config_dn' => ...,
'dns_config_dn' => ...,
'user_config_dn' => ...,
'group_config_dn'=> ...,
}Funktion to reset the mail server configuration: Needed Parameters are: $AdminPassword the Adminstrator Psssword
Example 245.
Sets Maximum Mail Size to 10MB
Sets Sending Mail Type to DNS
Sets Mail Server Basic Protection to off
Sets Mail Local Delivery Type to local
Sets up the needed LDAP lookup tables
Sets the postfix variables:
mydestination
masquerade_classes
masquerade_exceptionsThis package is the public Yast2 API to configure the Samba server.
Returns the current status of smb and nmb services. True means the services are both started in at least on runlevel. On error, undef is returned and the Error() function can be used to get the error hash.
This function determines role of a server in the SMB network. The return values can be unknown, standalone, bdc and pdc. On error, undef is returned and the Error() function can be used to get the error hash.
Modifies the status of the service. If the parameter is true, smb and nmb services are enabled in the default runlevels, if there were not enabled already in at least single runlevel. False will turn off the service in all runlevels. On error, undef is returned and the Error() function can be used to get the error hash.
Configures the global settings of a server to behave like a backup domain controller. The primary domain controller is setup by the argument. On error, undef is returned and the Error() function can be used to get the error hash.
Configures the global settings of a server to behave like a primary domain controller. On error, undef is returned and the Error() function can be used to get the error hash.
Configures the global settings of a server to behave like a standalone server not taking part in any domain. On error, undef is returned and the Error() function can be used to get the error hash.
Returns the configured description of the server. On error, undef is returned and the Error() function can be used to get the error hash.
Configures the description of the server shown in clients. On error, undef is returned and the Error() function can be used to get the error hash.
Returns a list of configured SAM backends. On error, undef is returned and the Error() function can be used to get the error hash.
Returns a list of options specified for the given SAM. The structure of the options is sam-type specific. On error, undef is returned and the Error() function can be used to get the error hash.
Modifies the configuration of the given sam. The structure of the hash must follow the structure as specified for GetSAMConfiguration. On error, undef is returned and the Error() function can be used to get the error hash.
Sets the SAM as default one, meaning that adding a new user will be done using this SAM. On error, undef is returned and the Error() function can be used to get the error hash.
Creates a new SAM using the given name and configuration. The structure of the hash must follow the structure as specified for GetSAMConfiguration. On error, undef is returned and the Error() function can be used to get the error hash.
Deletes the specified sam. It is not possible to Delete the default one. On error, undef is returned and the Error() function can be used to get the error hash.
Enables/disables the given share. On error, undef is returned and the Error() function can be used to get the error hash.
Returns true if the given stare is enabled, false if disabled. On error, undef is returned and the Error() function can be used to get the error hash.
Creates a new share with the given name and initial options. On error, undef is returned and the Error() function can be used to get the error hash.
Deletes the given share. On error, undef is returned and the Error() function can be used to get the error hash.
Modifies the given share to use the given options. On error, undef is returned and the Error() function can be used to get the error hash.
Returns a hash describing the given share. On error, undef is returned and the Error() function can be used to get the error hash.
Returns a list of all shares configured to provide a directory, including special-purpose shares like homes and netlogon. On error, undef is returned and the Error() function can be used to get the error hash.
Enables a special-purpose share for sharing homes of a user. If the share does not exist, a default template is used. On error, undef is returned and the Error() function can be used to get the error hash.
Enables a special-purpose share for login scripts. If the share does not exist, a default template is used. On error, undef is returned and the Error() function can be used to get the error hash.
Returns a list of all printers configured to be shared. On error, undef is returned and the Error() function can be used to get the error hash.
This package is the public YaST2 API for Users/Groups management
Creates new user. User attributes are described in $data_hash, $config_hash describes special configuration data.
Example 246.
Possible parameters for $config hash:
"type" Type of user (string). Possible values:
"local","system","ldap","nis". ("nis" is not available
for adding)
Specific parameters of $config hash, related to LDAP users (all keys
are optional, there should exist reasonable default values based on
current LDAP configuration):
"bind_dn"
DN of LDAP administrator, used to bind to LDAP server
(string)
"bind_pw"
Password for LDAP administrator (string)
"anonymous_bind"
If this key is present, there will be done created an
anonymous connection to LDAP server (if it is allowed).
"member_attribute"
Name of LDAP attribute, defining the membership in LDAP
groups (possible values: "member", "uniquemember"). The
default value is in /etc/ldap.conf (nss_map_attribute).
"user_attributes"
List of attributes to be returned by an LDAP search for
user (list of strings). If empty, all non-empty
attributes will be returned as a result of search.
"user_filter"
Filter for restricting LDAP searches (string).
The default value is stored as "susesearchfilter" in
LDAP configuration.
"user_base"
DN of LDAP base where the users are stored (string). By
default, the value of "susedefaultbase" stored in LDAP
configuration is used.
"user_scope"
The scope used for LDAP searches for users. Possible
values are 0 (base), 1(one), 2(sub). Default is 2.
"plugins"
List of plugins which should be applied for user
(list of strings). General plugin for LDAP users,
("UsersPluginLDAPAll") is always available, others are
part of modules which has to be installed before their
usage (yast2-samba-server, yast2-mail-server).
"user_plugins"
Same as "plugins".
Values mentioned above are common for all $config hashes in the
functions for handling user. Additionally, there is a special value
which is defined only for UserAdd:
"create_home"
If this is set to 0, the home directory for new user
won't be created.
Possible parameters for $data hash:
"uid" Login name
"cn" Full name
"userpassword" User's password
"homedirectory" Users's home directory
"loginshell" User's login shell
"gidnumber" GID of user's default group
"grouplist" Hash (of type { <group_name> => 1 }) with groups
this user should be member of.
"shadowinactive" Days after password expires that account is disabled
"shadowexpire" Days since Jan 1, 1970 that account is disabled
"shadowwarning" Days before password is to expire that user is warned
"shadowmin" Days before password may be changed
"shadowmax" Days after which password must be changed
"shadowflag" (last value at line in /etc/shadow)
"shadowlastchange" Days since Jan 1, 1970 that password was last changed
<ldap_attribute> For LDAP users, any attribute supported by
users's object class can be here.Example 247.
my $config = { "type" => "ldap",
"plugins" => [ "UsersPluginLDAPAll" ],
"bind_dn" => "uid=admin,dc=example,dc=com",
};
my $data = { "uid" => "ll",
"uidnumber" => 1111,
"userpassword" => "qqqqq"
"givenName" => "l",
"cn" => [ "ll" ]
"description" => [ "first", "second" ],
};
# create new LDAP user
my $error = UserAdd ($config, $data);
# create new local user 'hh'; use all available defaults
UserAdd ({}, { "uid" => "hh" });Example 248.
You can see on example that LDAP attributes could be passed either as list of value or as strings, which is just the same case as a list with one value.
Modifies existing user. User attributes which should be changed are described in $data_hash, $config_hash describes special configuration data, especially user identification.
Example 249.
Special values for $config hash: additinally to the values always
available (see L<UserAdd>), $config must contains one of the key
used to identify the user which should be modified:
"dn" Distinguished name (DN) - only for LDAP user
"uid" User name (which is value of "uid" for LDAP user)
"uidnumber" UID number ("uidnumber" value for LDAP user)
For values in $data hash, see L<UserAdd>.Example 250.
my $config = { "type" => "ldap",
"uidnumber" => 500
};
my $data = { "userpassword" => "wwwww"
};
# changes a password of LDAP user (identified with id)
my $error = UserModify ($config, $data);
# change GID value of local user (identified with name)
$error = UserModify ({ "uid" => "hh" }, { "gidnumber" => 5555 });Adds a new feature (plugin) to the given user.
Example 251.
$config hash can contain data always available (see L<UserAdd>)
and the data used for user identification (see L<UserModify>).
Additionally, it has to contain the value for
"plugins" List of plugins which should be added to the user.Example 252.
my $config = { "type" => "ldap",
"plugins" => [ "UsersPluginSambaAccount" ],
"bind_dn" => "uid=admin,dc=example,dc=com",
"uid" => "ll"
};
# adds 'SambaAccount' plugin to the user
my $error = UserFeatureAdd ($config);Deletes a new feature (plugin) to the given user.
Example 254.
my $config = { "type" => "ldap",
"plugins" => [
"UsersPluginSambaAccount",
"UsersPluginMail"
],
"uid" => "ll"
};
# removes 'SambaAccount' and 'Mail' plugin from the user
my $error = UserFeatureDelete ($config);Deletes existing user. Identification of user selected for delete is stored in $config_hash.
Example 255.
For general values of $config hash, see L<UserAdd>.
For parameters necessary to identify the user, see L<UserModify>.
Additinally, there is special parameter for
"delete_home" Integer: For 1, home directory of selected user
will be deleted. Default value is 0 (false).Example 256.
my $config = { "type" => "ldap",
"dn" => "uid=ll,dc=example,dc=com",
"delete_home" => YaST::YCP::Boolean (1)
};
# deletes LDAP user together with its home directory
my $error = UserDelete ($config);
$error = UserDelete ({ "uid" => "hh", "type" => "local" });Disables existing user to log in. Identification of user selected for delete is stored in $config_hash.
Example 257.
For general values of $config hash, see L<UserAdd>.
For parameters necessary to identify the user, see L<UserModify>.Example 258.
my $config = { "type" => "ldap",
"uidnumber" => 500,
};
# disables LDAP user (as it is defined its plugins)
my $error = UserDisable ($config);Enables existing user to log in. Identification of user selected for delete is stored in $config_hash.
Example 259.
For general values of $config hash, see L<UserAdd>.
For parameters necessary to identify the user, see L<UserModify>.Example 260.
my $config = { "type" => "ldap",
"uidnumber" => 500,
};
# enables LDAP user (in a default way, defined for LDAP users)
my $error = UserEnable ($config);Returns a map describing selected user.
Example 261.
For general values of $config hash, see L<UserAdd>.
For parameters necessary to identify the user, see L<UserModify>.Example 262.
my $config = { "type" => "ldap",
"user_attributes" => [ "uid", "uidnumber", "cn" ],
"uidnumber" => 500
};
# searches for LDAP user with uidnumber 500 and returns the hash with given
# attributes
my $user = UserGet ($config);
$config = { "type" => "ldap",
"uid" => "my_user",
"user_base" => "ou=people,dc=example,dc=com",
"bind_dn" => "uid=admin,dc=example,dc=com",
};
# searches for LDAP user with uid "my_user" in given search base and
# returns the hash with all user's non-empty attributes
$user = UserGet ($config);Returns a hash describing the set of users. By default, the hash is indexed by UID number, unless statet otherwise in $config_hash.
Example 263.
For general values of $config hash, see L<UserAdd>.
Additionally, there is a special key
"index" The name of the key, which should be used as a index
in the return hash.Example 264.
my $config = { "type" => "ldap",
"user_attributes" => [ "uid", "uidnumber", "cn" ],
"user_base" => "ou=people,dc=example,dc=com",
"user_scope" => YaST::YCP::Integer (2),
"user_filter" => [ "objectclass=posixAccount" ]
"index" => "dn"
};
# searches for LDAP users in given search base and returns the hash
# indexed by DN's with the hash values containing users with given attributes
my $users = UsersGet ($config);Creates new group. Group attributes are described in $data_hash, $config_hash describes special configuration data.
Example 265.
Possible parameters for $config hash:
"type" Type of group (string). Possible values:
"local","system","ldap","nis". ("nis" is not available
for adding)
Specific parameters of $config hash, related to LDAP groups (all keys
are optional, there should exist reasonable default values based on
current LDAP configuration):
"bind_dn"
DN of LDAP administrator, used to bind to LDAP server
(string)
"bind_pw"
Password for LDAP administrator (string)
"anonymous_bind"
If this key is present, there will be done created an
anonymous connection to LDAP server (if it is allowed).
"member_attribute"
Name of LDAP attribute, defining the membership in LDAP
groups (possible values: "member", "uniquemember"). The
default value is in /etc/ldap.conf (nss_map_attribute).
"group_attributes"
List of attributes to be returned by an LDAP search for
group (list of strings). If empty, all non-empty
attributes will be returned as a result of search.
"group_base"
DN of LDAP base where the groups are stored (string). By
default, the value of "susedefaultbase" stored in LDAP
configuration is used.
"group_filter"
Filter for restricting LDAP searches (string).
The default value is stored as "susesearchfilter" in
LDAP configuration.
"group_scope"
The scope used for LDAP searches for groups. Possible
values are 0 (base), 1(one), 2(sub). Default is 2.
"group_plugins"
List of plugins which should be applied for group
(list of strings). General plugin for LDAP groups,
("UsersPluginLDAPAll") is always available, others are
part of modules which has to be installed before their
usage (yast2-samba-server, yast2-mail-server).
Possible parameters for $data hash:
"gidnumber" GID number of the group
"cn" Group name
"userpassword" Password for the group.
"userlist" Hash (of type { <username> => 1 }) with
the users that should be members of this group.
Optionally, this could be also the list of
user names.
<member_attribute> For LDAP groups, correct member attribute (
"member"/"uniquemember") has to be used instead
of "userlist". It could be list of user names or
hash with DN's of the members.
<ldap_attribute> Any LDAP attribute supported by groups's object classExample 266.
my $config = { "type" => "ldap",
"group_plugins" => [ "GroupsPluginsLDAPAll" ],
"bind_dn" => "uid=admin,dc=example,dc=com",
"group_base" => "ou=groups,dc=example,dc=com"
};
my $data = { "gidnumber" => 5555,
"cn" => "lgroup",
"member" => {
"uid=test,ou=people,dc=example,dc=com" => 1,
"uid=ll,ou=people,dc=example,dc=com" => 1
}
};
# create new LDAP group
my $error = GroupAdd ($config, $data);
# create new system group
GroupAdd ({ "type" => "system" }, {
"cn" => "ggg",
"userlist" => {
"root" => 1,
"hh" => 1
}
);Modifies existing group. Group attributes which should be changed are described in $data_hash, $config_hash describes special configuration data, especially group identification.
Example 267.
For general values of $config hash, see L<GroupAdd>.
Additinally, $config must contain one of the key used to identify
the group which should be modified:
"dn" Distingueshed name (only for of LDAP group)
"cn" Group name (or value of "cn" attribute for LDAP group).
"gidnumber" GID number (value of "gidnumber" for LDAP group).Example 268.
# change GID value of local group (identified with name)
my $error = GroupModify ({ "cn" => "users" }, { "gidnumber" => 101 });
my $config = { "type" => "ldap",
"gidnumber" => 5555
};
my $data = { "member" => [
"uid=test,ou=people,dc=example,dc=com",
"uid=ll,ou=people,dc=example,dc=com",
"uid=admin,dc=example,dc=com"
]
};
# changes a member attribute of LDAP group (identified with id)
$error = GroupModify ($config, $data);
Example 269.
You can see on example that "member" attribute could be passed either as an array (which could one expect for LDAP attribute) or as hash, (which is used by YaST for internal representation) as shown in example for GroupAdd () function. YaST always takes care of it and does the necessary conversions.
Adds a new member to the given group. User is described in $user_hash, group identification is passwd in $config_hash. User must exist.
Example 270.
For general values of $config hash, see L<GroupAdd>.
For parameters necessary to identify the group, see L<GroupModify>.
$user_hash must include the information necessary to identify the
user. This has to be one of these keys:
"dn" Distinguished name (DN) [only for LDAP users]
"uid" User name (which is "uid" attribute for LDAP user)
"uidnumber" UID (which is "uidnumber" attribute for LDAP user)Example 271.
my $config = { "type" => "ldap",
"bind_dn" => "uid=admin,dc=example,dc=com",
"gidnumber" => 5555
};
my $user = { "uid" => "my_user" }
};
my $error = GroupMemberAdd ($config, $user);Deletes a member from the group.
Example 272.
For general values of $config hash, see L<GroupAdd>.
For parameters necessary to identify the group, see L<GroupModify>.
$user_hash must include the information necessary to identify the
user - see L<GroupMemberAdd>Example 273.
my $config = { "type" => "ldap",
"dn" => "cn=lgroup,dc=example,dc=com"
};
my $user = { "uidnumber" => 1000 }
# removes user with given uidnumber from group with given DN
my $error = GroupMemberDelete ($config, $user);Deletes existing group. Identification of group is stored in $config_hash.
Example 274.
For general values of $config hash, see L<GroupAdd>.
For parameters necessary to identify the group, see L<GroupModify>.
Example 275.
my $config = { "type" => "local",
"uid" => "users"
};
my $error = GroupDelete ($config);Returns a map describing selected group.
Example 276.
For general values of $config hash, see L<GroupAdd>.
For parameters necessary to identify the group, see L<GroupModify>.
Example 277.
my $config = { "type" => "ldap",
"group_attributes" => [ "cn", "gidnumber", "member" ],
"gidnumber" => 500
};
# searches for LDAP group with gidnumber 500 and returns the hash
# with given attributes
my $group = GroupGet ($config);Returns a hash describing the set of groups. By default, the hash is indexed by GID number, unless statet otherwise in $config_hash.
Example 278.
For general values of $config hash, see L<GroupAdd>.
Additionally, there is a special key
"index" The name of the key, which should be used as a index
in the return hash (default value is "gidnumber").Example 279.
# searches for LDAP groups in default base and returns the hash
# indexed by GID's with the hash values containing groups with all
# non-empty attributes
my $groups = GroupsGet ({ "type" => "ldap" });
# returns hash with all NIS groups
$groups = GroupsGet ({ "type" => "nis" });Returns a hash describing the set of groups. By default, the hash is indexed by GID number, unless stated differently in $config_hash.
Example 280.
For general values of $config hash, see L<GroupAdd>.
$user_hash must include the information necessary to identify the
user - see L<GroupMemberAdd>.
Additionally, there is a special key
"index" The name of the key, which should be used as a index
in the return hash.Example 281.
my $config = { "type" => "ldap",
"index" => "dn"
"group_scope" => YaST::YCP::Integer (2),
};
my $user = { "dn" => "uid=ll,ou=people,dc=example,dc=com" };
# searches for LDAP groups in default base and returns the hash
# indexed by DN's with the hash values containing groups with all
# non-empty attributes
my $groups = GroupsGetByUser ($config, $user);