Privilege Manager for Unix 7.2.1 - Administration Guide

The pmpolicy language supports the use of LDAP calls to obtain data on the following platforms:

all versions of Linux on x86 supported by Privilege Manager for Unix
all versions of Linux on x86-64 supported by Privilege Manager for Unix
Solaris SPARC^® 6 and above
AIX 5.2 and above
HP-UX PA-RISC 11 and above

The pmpolicy LDAP functions follow, as closely as possible, the API outlined in RFC 1823 to ensure compatibility and ease of understanding.

The feature_enabled() function indicates whether the LDAP functions are available on a particular policy server.

The following example illustrates the use of the LDAP functions.

if (!feature_enabled(FEATURE_LDAP) { 
   print("LDAP support is not available on this policy server"); 
} else { 
   ld_user = "cn=Directory Manager"; 
   ld_passwd = "password"; 
   ld_host = "ldapserver"; 
   BASEDN="ou=People,dc=skynet,dc=local"; 
   SCOPE="onelevel"; 
   FILTER="(objectClass=*)"; 
   ATTRLIST={}; 
   ATTRONLY=false; 

   print( "LDAP Server: " + ld_host ); 
   print( "    User DN: " + ld_user ); 
   print( "   Password: " + ld_passwd ); 
   print( "" ); 
   print( "    Base DN: " + BASEDN ); 
   print( "      Scope: " + SCOPE ); 
   print( "     Filter: " + FILTER ); 
   print( "" ); 

   # Open a connection to the directory server 
   ldapid = ldap_open( ld_host ); 
   if( ldapid < 0 ) { 
      print( "ldap_open failed" ); 
      reject; 
   } 
   # bind to the directory 
   rc = ldap_bind( ldapid, ld_user, ld_passwd ); 
   if( rc==0 ) { 
      # perform the search 
      ld_results = ldap_search( ldapid, BASEDN, SCOPE, FILTER, ATTRLIST, ATTRONLY ); 
      if( ld_results >= 0 ) { 
         # how many results have been returned? 
         num = ldap_count_entries( ldapid, ld_results ); 
         str = sprintf( "Num results = %d", num ); 
         print(str); 
         print(""); 
         print("RESULTS"); 
         print(""); 
         if( num>0 ) { 
            # Grab the first entry from the results 
            lentry = ldap_first_entry( ldapid, ld_results ); 
            while( lentry ) { 
               # print the DN 
               dn = ldap_get_dn( ldapid, ld_results ); 
               print("---- START OF ENTRY (" + dn + ") ----"); 
               e = ldap_explode_dn( dn ); 
               print( "              Exploded DN: " + join( e, ', ' ) ); 
               e = ldap_explode_dn( dn, 1 ); 
               print( "Exploded DN, no type names: " + join( e, ', ' ) ); 
               print( "              User Friendly form: " + ldap_dn2ufn( dn ) ); 
               print(""); 
               oc = ldap_get_values( ldapid, lentry, "objectClass" ); 
               if( "inetorgperson" in oc ) { 
                  gn = ldap_get_values( ldapid, lentry, "givenname" ); 
                  sn = ldap_get_values( ldapid, lentry, "sn" ); 
                  print( "  Found a person, Name = " + gn[0] + " " + sn[0] ); 
               } 

               attrs = ldap_get_attributes( ldapid, lentry ); 
               print( "Attributes: " + join(attrs, ", ") ); 
               # Move through each attibute for the entry 
               attr = ldap_first_attribute( ldapid, lentry ); 
               while( attr != '' ) { 
                  print(" ATTR: " + attr ); 
                     # Print the values for the given attribute 
                     values = ldap_get_values( ldapid, lentry, attr ); 
                     print( "  VALUES = { " + join(values, ", ") + " }" );

                     # move to the next attibute 
                        attr = ldap_next_attribute( ldapid, lentry ); 
               }
               # move to the next entry 
               lentry = ldap_next_entry( ldapid, ld_results ); 
               print("---- END OF ENTRY (" + dn + ") ---- "); 
               print(""); 
            } 
            print(""); 
         } 
         print("-- END OF RESULTS --"); 
      }
   } else { 
      print( "ldap_bind failed" ); 
      reject; 
   }

   rc = ldap_unbind( ldapid ); 
   str = sprintf( "rc = %d", rc ); 
   print(str); 
}

Table 38: List functions
Name	Description
append	Append to a list.
insert	Insert a string or list into a list.
join	Concatenate a list into a string.
length	Return the length of a string, list, or array.
lsubst	Substitute part of a string with another string throughout all or part of a list.
range	Select a range of entries in a list.
replace	Replace one or more strings in a list.
search	Search a list for a string.
split	Convert a string into a list.
splitSubst	Convert a string into a list.

Syntax

list append( list dest, list|string src1 [, list|string src2, ...])

Description

append creates a list constructed by appending the specified strings or lists src1, src2, etc. to the end of the list dest and returns a new list.

Example

trustedusers = {"jamie", "cory", "robyn"}; 
a = append(trustedusers, "adrian");

sets a to the following list:

{"jamie", "cory", "robyn", "adrian"}

Syntax

list insert( list dest, int index, string src1, [, string src2, ...] )

Description

insert constructs a list by inserting strings into a list at the specified position. Note that the first element in the list is index: 0. If the index is greater than the length of the specified list (for example, 999), then the strings append to the end of the list.

Returns the newly constructed list.

Example

trustedusers={"jamie", "cory", "robyn"}; 
a=insert(trustedusers, 1, "leslie");

sets a to the list:

{"jamie", "leslie", "cory", "robyn"}

Privilege Manager for Unix 7.2.1 - Administration Guide

LDAP API example

Related Topics

List functions

append

Syntax

Description

Example

Related Topics

insert

Syntax

Description

Example

Related Topics

製品を選択してください:

サービス向上のために、「Purpose of your Chat（チャットの目的）」を記入してください。

お客様の不具合に推奨されるソリューション

Privilege Manager for Unix 7.2.1 - Administration Guide

LDAP API example

Related Topics

List functions

append

Syntax

Description

Example

Related Topics

insert

Syntax

Description

Example

Related Topics