| 8. YaPI::LdapServer | ||
|---|---|---|
 |  | |
| 8. YaPI::LdapServer | ||
|---|---|---|
| | | |
This package is the public Yast2 API to managing a LDAP Server.
Returns a List of databases (suffix).
Example 198.
use Data::Dumper;
my $res = YaPI::LdapServer->ReadDatabaseList();
if( not defined $res ) {
# error
} else {
print "OK: \n";
print STDERR Data::Dumper->Dump([$res])."\n";
}Creates a new database section in the configuration file, start or restart the LDAP Server and add the base object. If the database exists, nothing is done and undef is returned.
Example 199.
* database: The database type (required) * suffix: The suffix (required) * directory: The Directory where the database files are(bdb/ldbm) (required) * createdatabasedir: If true the directory for the database will be created (optional; default false) * rootdn: The Root DN * passwd: The plain Root Password (requires rootdn) * cryptmethod: The crypt method; allowed values are (CRYPT, SMD5, SHA, SSHA, PLAIN); default is 'SSHA' * cachesize: The cachesize(bdb/ldbm) (optional; default 10000) * checkpoint: The checkpoint(bdb) (optional; default 1024 5)
Example 200.
my $hash = {
database => 'bdb',
suffix => 'dc=example,dc=com',
rootdn => "cn=Admin,dc=example,dc=com",
passwd => "system",
cryptmethod => 'SMD5',
directory => "/var/lib/ldap/db1",
};
my $res = YaPI::LdapServer->AddDatabase($hash);
if( not defined $res ) {
# error
} else {
print "OK: \n";
}Edit the database section with the suffix $suffix in the configuration file. Only save parameter are supported.
Example 201.
* rootdn: The Root DN * passwd: The Root Password * cryptmethod: The crypt method; allowed values are (CRYPT, SMD5, SHA, SSHA, PLAIN); default is 'SSHA' * cachesize: The cachesize(bdb/ldbm) * checkpoint: The checkpoint(bdb)
Example 202.
my $hash = { suffix => "dc=example,dc=com",
rootdn => "cn=Administrator,dc=example,dc=com",
rootpw => "example",
cryptmethod => "CRYPT"
};
my $res = YaPI::LdapServer->EditDatabase($hash);
if( not defined $res ) {
# error
} else {
print "OK: \n";
}Read the database section with the suffix $suffix.
Example 203.
* database: The database type * suffix: The suffix * rootdn: The Root DN * passwd: The Root Password * directory: The Directory where the database files are(bdb/ldbm) * cachesize: The cachesize(bdb/ldbm) * checkpoint: The checkpoint(bdb)
Example 204.
use Data::Dumper;
my $res = YaPI::LdapServer->ReadDatabase('"dc=example,dc=com"');
if( not defined $res ) {
# error
} else {
print "OK: \n";
print STDERR Data::Dumper->Dump([$res])."\n";
}Returns a List of Maps with all index statements for this database. The "keys" are:
Example 205.
* 'attr', an attribute or an attribute list * 'param', a number of special index parameters * 'md5', a MD5 sum of this index. This numer is needed for EditIndex and DeleteIndex
Example 206.
use Data::Dumper;
my $res = YaPI::LdapServer->ReadIndex('"dc=example,dc=com"');
if( not defined $res ) {
# error
} else {
print "OK: \n";
print STDERR Data::Dumper->Dump([$res])."\n";
}Add a new index statement %indexMap to the database section $suffix.
Example 207.
* 'attr', an attribute or an attribute list * 'param', a number of special index parameters
Example 208.
my $newIndex = {
'attr' => "uid,cn",
'param' => "eq"
};
my $res = YaPI::LdapServer->AddIndex("dc=example,dc=com", $newIndex);
if( not defined $res ) {
# error
} else {
print "OK: \n";
}Replace the index $index_md5 in the database section $suffix by the new index statement %indexMap.
Example 209.
* 'attr', an attribute or an attribute list * 'param', a number of special index parameters
Example 210.
my $newIndex = {
'attr' => "uid,cn",
'param' => "eq"
};
my $res = YaPI::LdapServer->EditIndex("dc=example,dc=com", "eacc11456b6c2ae4e1aef0fa287e02b0",
$newIndex);
if( not defined $res ) {
# error
} else {
print "OK: \n";
}Delete the index $index_md5 statement in the database section $suffix.
Example 211.
my $res = YaPI::LdapServer->DeleteIndex("dc=example,dc=com", "338a980b4eebe87365a4077067ce1559");
if( not defined $res ) {
# error
} else {
print "OK: \n";
}Regenerate indices based upon the current contents of a database determined by $suffix. This function stops the ldapserver, call slapindex and start the ldapserver again.
Example 212.
my $res = YaPI::LdapServer->RecreateIndex("dc=example,dc=com");
if( not defined $res ) {
# error
} else {
print "OK: \n";
}Returns a list of all included schema files in the order they appear in the config files.
Example 213.
use Data::Dumper;
my $res = YaPI::LdapServer->ReadSchemaIncludeList();
if( not defined $res ) {
# error
} else {
print "OK: \n";
print STDERR Data::Dumper->Dump([$res])."\n";
}Writes all schema includes preserving order.
Example 214.
my $schemas = [
'/etc/openldap/schema/core.schema',
'/etc/openldap/schema/cosine.schema',
'/etc/openldap/schema/inetorgperson.schema',
'/etc/openldap/schema/rfc2307bis.schema',
'/etc/openldap/schema/yast2userconfig.schema',
'/etc/openldap/schema/samba3.schema'
];
my $res = YaPI::LdapServer->WriteSchemaIncludeList($schemas);
if( not defined $res ) {
# error
} else {
print "OK: \n";
}Returns a list of allow statements.
Example 215.
use Data::Dumper;
my $res = YaPI::LdapServer->ReadAllowList();
if( not defined $res ) {
# error
} else {
print "OK: \n";
print STDERR Data::Dumper->Dump([$res])."\n";
}Replaces the complete allow option with the specified feature list.
Example 216.
my @list = ( "bind_v2" );
$res = YaPI::LdapServer->WriteAllowList( \@list );
if( not defined $res ) {
# error
} else {
print "OK: \n";
}Read the loglevel bitmask.
Example 217.
my $res = YaPI::LdapServer->ReadLoglevel();
if( not defined $res ) {
} else {
print "OK: \n";
print STDERR Data::Dumper->Dump([$res])."\n";
}Set the given loglevel bit to 1 in the current bitmask.
Example 218.
my $res = YaPI::LdapServer->AddLoglevel( 0x04 );
if( not defined $res ) {
# error
} else {
print "OK: \n";
}Set the given loglevel bit to 0 in the current bitmask.
Example 219.
my $res = YaPI::LdapServer->DeleteLoglevel( 0x04 );
if( not defined $res ) {
} else {
print "OK: \n";
}Replaces the loglevel bitmask.
Example 220.
my $res = YaPI::LdapServer->WriteLoglevel( 0x06 );
if( not defined $res ) {
} else {
print "OK: \n";
}with this function you can turn on and off the LDAP server runlevel script. Turning off means, no LDAP server start at boot time.
Example 221.
ModifyService(0); # turn LDAP server off at boot time ModifyService(1); # turn LDAP server on at boot time
with this function you can start and stop the LDAP server service.
Example 222.
SwitchService( 0 ); # turning off the LDAP server service SwitchService( 1 ); # turning on the LDAP server service
with this function you can read out the state of the LDAP server runlevel script (starting LDAP server at boot time).
Return the current TLS settings
Example 224.
* TLSCipherSuite: cipher suite parameter * TLSCACertificateFile: Specifies the file that contains certificates for all of the Certificate Authorities that slapd will recognize. * TLSCACertificatePath: Specifies the path of a directory that contains Certificate Authority certificates in separate individual files. Usually only one of this or the TLSCACertificateFile is used. * TLSCertificateFile: Specifies the file that contains the slapd server certificate. * TLSCertificateKeyFile: Specifies the file that contains the slapd server private key. * TLSVerifyClient: Specifies what checks to perform on client certificates in an incoming TLS session.
Example 225.
use Data::Dumper;
my $res = YaPI::LdapServer->ReadTLS();
if( not defined $res ) {
# error
} else {
print "OK: \n";
print STDERR Data::Dumper->Dump([$res])."\n";
}Edit the TLS options in the configuration file.
Example 226.
* TLSCipherSuite: cipher suite parameter * TLSCACertificateFile: Specifies the file that contains certificates for all of the Certificate Authorities that slapd will recognize. * TLSCACertificatePath: Specifies the path of a directory that contains Certificate Authority certificates in separate individual files. Usually only one of this or the TLSCACertificateFile is used. * TLSCertificateFile: Specifies the file that contains the slapd server certificate. * TLSCertificateKeyFile: Specifies the file that contains the slapd server private key. * TLSVerifyClient: Specifies what checks to perform on client certificates in an incoming TLS session.
Example 227.
my $hash = {
TLSCipherSuite => "HIGH:MEDIUM:+SSLv2",
TLSCertificateFile => "/etc/ssl/server_crt.pem",
TLSCertificateKeyFile => "/etc/ssl/server_key.pem",
TLSCACertificateFile => "/etc/ssl/ca.pem",
TLSVerifyClient => "never"
};
my $res = YaPI::LdapServer->WriteTLS($hash);
if( not defined $res ) {
# error
} else {
print "OK: \n";
}Check, if a server certificate is available which can be used for more then one service. Such common certificate is saved at '/etc/ssl/servercerts/servercert.pem'.
Example 228.
my $res = YaPI::LdapServer->CheckCommonServerCertificate();
if( not defined $res ) {
# error
} else {
print "Available \n" if($res);
print "Not Avalable \n" if(!res);
}Configure the LDAP server to use the common server certificate.
Example 229.
my $res = YaPI::LdapServer->ConfigureCommonServerCertificate();
if( not defined $res ) {
# error
} else {
print "OK: \n";
}Import certificates and configure TLS for the LDAP Server.
Example 230.
my $hash = {
ServerCertificateFile => '/path/to/the/certificate.pem',
ServerKeyFile => '/path/to/the/key.pem',
CACertificatesFile => '/path/to/the/CAcertificate.pem',
}
my $res = YaPI::LdapServer->ImportCertificates($hash);
if( not defined $res ) {
# error
} else {
print "OK: \n";
}This function reads the OPENLDAP_REGISTER_SLP entry in /etc/sysconfig/openldap. It returns 'true' if it reads 'yes' and 'false' if it reads 'no'.
| | | |
| 7. YaPI::HTTPD |  | 9. YaPI::MailServer |