Syntax
ldap_unbind (int ldapid[, boolean trace] )
Description
ldap_unbind closes the LDAP connection and frees all associated resources. The ldapid must be a valid LDAP connection returned by ldap_open.
If the optional trace parameter is set to true, any errors or warnings from the LDAP function are written to stdout.
Example
ldapid = ldap_open( 'ldap.host' );
if( defined ldapid ){
rc=ldap_bind(ldapid, "cn=admin", "Secretpassword");
if ((defined rc) && (rc == 0)){
rc=func_search_for_user(ldapid);
ldap_unbind(ldapid);
}
}
The pmpolicy language supports the use of LDAP calls to obtain data on the following platforms:
-
all versions of Linux on x86 supported by Privilege Manager for Unix
-
all versions of Linux on x86-64 supported by Privilege Manager for Unix
-
Solaris
SPARC® 6 and above
-
AIX
5.2 and above
-
HP-UX PA-RISC 11 and above
The pmpolicy LDAP functions follow, as closely as possible, the API outlined in RFC 1823 to ensure compatibility and ease of understanding.
The feature_enabled() function indicates whether the LDAP functions are available on a particular policy server.
The following example illustrates the use of the LDAP functions.
if (!feature_enabled(FEATURE_LDAP) {
print("LDAP support is not available on this policy server");
} else {
ld_user = "cn=Directory Manager";
ld_passwd = "password";
ld_host = "ldapserver";
BASEDN="ou=People,dc=skynet,dc=local";
SCOPE="onelevel";
FILTER="(objectClass=*)";
ATTRLIST={};
ATTRONLY=false;
print( "LDAP Server: " + ld_host );
print( " User DN: " + ld_user );
print( " Password: " + ld_passwd );
print( "" );
print( " Base DN: " + BASEDN );
print( " Scope: " + SCOPE );
print( " Filter: " + FILTER );
print( "" );
# Open a connection to the directory server
ldapid = ldap_open( ld_host );
if( ldapid < 0 ) {
print( "ldap_open failed" );
reject;
}
# bind to the directory
rc = ldap_bind( ldapid, ld_user, ld_passwd );
if( rc==0 ) {
# perform the search
ld_results = ldap_search( ldapid, BASEDN, SCOPE, FILTER, ATTRLIST, ATTRONLY );
if( ld_results >= 0 ) {
# how many results have been returned?
num = ldap_count_entries( ldapid, ld_results );
str = sprintf( "Num results = %d", num );
print(str);
print("");
print("RESULTS");
print("");
if( num>0 ) {
# Grab the first entry from the results
lentry = ldap_first_entry( ldapid, ld_results );
while( lentry ) {
# print the DN
dn = ldap_get_dn( ldapid, ld_results );
print("---- START OF ENTRY (" + dn + ") ----");
e = ldap_explode_dn( dn );
print( " Exploded DN: " + join( e, ', ' ) );
e = ldap_explode_dn( dn, 1 );
print( "Exploded DN, no type names: " + join( e, ', ' ) );
print( " User Friendly form: " + ldap_dn2ufn( dn ) );
print("");
oc = ldap_get_values( ldapid, lentry, "objectClass" );
if( "inetorgperson" in oc ) {
gn = ldap_get_values( ldapid, lentry, "givenname" );
sn = ldap_get_values( ldapid, lentry, "sn" );
print( " Found a person, Name = " + gn[0] + " " + sn[0] );
}
attrs = ldap_get_attributes( ldapid, lentry );
print( "Attributes: " + join(attrs, ", ") );
# Move through each attibute for the entry
attr = ldap_first_attribute( ldapid, lentry );
while( attr != '' ) {
print(" ATTR: " + attr );
# Print the values for the given attribute
values = ldap_get_values( ldapid, lentry, attr );
print( " VALUES = { " + join(values, ", ") + " }" );
# move to the next attibute
attr = ldap_next_attribute( ldapid, lentry );
}
# move to the next entry
lentry = ldap_next_entry( ldapid, ld_results );
print("---- END OF ENTRY (" + dn + ") ---- ");
print("");
}
print("");
}
print("-- END OF RESULTS --");
}
} else {
print( "ldap_bind failed" );
reject;
}
rc = ldap_unbind( ldapid );
str = sprintf( "rc = %d", rc );
print(str);
}
Related Topics
feature_enabled
These are the built-in list functions available to use within the pmpolicy file.
Table 38: List functions
append |
Append to a list. |
insert |
Insert a string or list into a list. |
join |
Concatenate a list into a string. |
length |
Return the length of a string, list, or array. |
lsubst |
Substitute part of a string with another string throughout all or part of a list. |
range |
Select a range of entries in a list. |
replace |
Replace one or more strings in a list. |
search |
Search a list for a string. |
split |
Convert a string into a list. |
splitSubst |
Convert a string into a list. |
Syntax
list append( list dest, list|string src1 [, list|string src2, ...])
Description
append creates a list constructed by appending the specified strings or lists src1, src2, etc. to the end of the list dest and returns a new list.
Example
trustedusers = {"jamie", "cory", "robyn"};
a = append(trustedusers, "adrian");
sets a to the following list:
{"jamie", "cory", "robyn", "adrian"}