Syntax
ldap_unbind (int ldapid[, boolean trace] )
 
Description
ldap_unbind closes the LDAP connection and frees all associated resources. The ldapid must be a valid LDAP connection returned by ldap_open.
If the optional trace parameter is set to true, any errors or warnings from the LDAP function are written to stdout.
 
Example
ldapid = ldap_open( 'ldap.host' ); 
if( defined ldapid ){ 
   rc=ldap_bind(ldapid, "cn=admin", "Secretpassword"); 
   if ((defined rc) && (rc == 0)){ 
      rc=func_search_for_user(ldapid); 
      ldap_unbind(ldapid); 
   }
}  
    
The pmpolicy language supports the use of LDAP calls to obtain data on the following platforms:
- all versions of Linux on x86 supported by Privilege Manager for Unix 
- all versions of Linux on x86-64 supported by Privilege Manager for Unix 
- Solaris SPARC® 6 and above 
- AIX 5.2 and above 
- HP-UX PA-RISC 11 and above 
The pmpolicy LDAP functions follow, as closely as possible, the API outlined in RFC 1823 to ensure compatibility and ease of understanding.
The feature_enabled() function indicates whether the LDAP functions are available on a particular policy server. 
The following example illustrates the use of the LDAP functions.
if (!feature_enabled(FEATURE_LDAP) { 
   print("LDAP support is not available on this policy server"); 
} else { 
   ld_user = "cn=Directory Manager"; 
   ld_passwd = "password"; 
   ld_host = "ldapserver"; 
   BASEDN="ou=People,dc=skynet,dc=local"; 
   SCOPE="onelevel"; 
   FILTER="(objectClass=*)"; 
   ATTRLIST={}; 
   ATTRONLY=false; 
   print( "LDAP Server: " + ld_host ); 
   print( "    User DN: " + ld_user ); 
   print( "   Password: " + ld_passwd ); 
   print( "" ); 
   print( "    Base DN: " + BASEDN ); 
   print( "      Scope: " + SCOPE ); 
   print( "     Filter: " + FILTER ); 
   print( "" ); 
   # Open a connection to the directory server 
   ldapid = ldap_open( ld_host ); 
   if( ldapid < 0 ) { 
      print( "ldap_open failed" ); 
      reject; 
   } 
   # bind to the directory 
   rc = ldap_bind( ldapid, ld_user, ld_passwd ); 
   if( rc==0 ) { 
      # perform the search 
      ld_results = ldap_search( ldapid, BASEDN, SCOPE, FILTER, ATTRLIST, ATTRONLY ); 
      if( ld_results >= 0 ) { 
         # how many results have been returned? 
         num = ldap_count_entries( ldapid, ld_results ); 
         str = sprintf( "Num results = %d", num ); 
         print(str); 
         print(""); 
         print("RESULTS"); 
         print(""); 
         if( num>0 ) { 
            # Grab the first entry from the results 
            lentry = ldap_first_entry( ldapid, ld_results ); 
            while( lentry ) { 
               # print the DN 
               dn = ldap_get_dn( ldapid, ld_results ); 
               print("---- START OF ENTRY (" + dn + ") ----"); 
               e = ldap_explode_dn( dn ); 
               print( "              Exploded DN: " + join( e, ', ' ) ); 
               e = ldap_explode_dn( dn, 1 ); 
               print( "Exploded DN, no type names: " + join( e, ', ' ) ); 
               print( "              User Friendly form: " + ldap_dn2ufn( dn ) ); 
               print(""); 
               oc = ldap_get_values( ldapid, lentry, "objectClass" ); 
               if( "inetorgperson" in oc ) { 
                  gn = ldap_get_values( ldapid, lentry, "givenname" ); 
                  sn = ldap_get_values( ldapid, lentry, "sn" ); 
                  print( "  Found a person, Name = " + gn[0] + " " + sn[0] ); 
               } 
               attrs = ldap_get_attributes( ldapid, lentry ); 
               print( "Attributes: " + join(attrs, ", ") ); 
               # Move through each attibute for the entry 
               attr = ldap_first_attribute( ldapid, lentry ); 
               while( attr != '' ) { 
                  print(" ATTR: " + attr ); 
                     # Print the values for the given attribute 
                     values = ldap_get_values( ldapid, lentry, attr ); 
                     print( "  VALUES = { " + join(values, ", ") + " }" );
                     # move to the next attibute 
                        attr = ldap_next_attribute( ldapid, lentry ); 
               }
               # move to the next entry 
               lentry = ldap_next_entry( ldapid, ld_results ); 
               print("---- END OF ENTRY (" + dn + ") ---- "); 
               print(""); 
            } 
            print(""); 
         } 
         print("-- END OF RESULTS --"); 
      }
   } else { 
      print( "ldap_bind failed" ); 
      reject; 
   }
   rc = ldap_unbind( ldapid ); 
   str = sprintf( "rc = %d", rc ); 
   print(str); 
}
Related Topics
feature_enabled 
 
    
These are the built-in list functions available to use within the pmpolicy file.
Table 38: List functions
| append | Append to a list. | 
| insert | Insert a string or list into a list. | 
| join | Concatenate a list into a string. | 
| length | Return the length of a string, list, or array. | 
| lsubst | Substitute part of a string with another string throughout all or part of a list. | 
| range | Select a range of entries in a list. | 
| replace | Replace one or more strings in a list. | 
| search | Search a list for a string. | 
| split | Convert a string into a list. | 
| splitSubst  | Convert a string into a list. | 
 
    
Syntax
list append( list dest, list|string src1 [, list|string src2, ...]) 
 
Description
append creates a list constructed by appending the specified strings or lists src1, src2, etc. to the end of the list dest and returns a new list.
 
Example
trustedusers = {"jamie", "cory", "robyn"}; 
a = append(trustedusers, "adrian"); 
sets a to the following list:
{"jamie", "cory", "robyn", "adrian"}