サポートと今すぐチャット
サポートとのチャット

Privilege Manager for Unix 7.3 - Administration Guide

Introducing Privilege Manager for Unix Planning Deployment Installation and Configuration Upgrade Privilege Manager for Unix System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager for Unix Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager for Unix Variables
Variable names Variable scope Global input variables Global output variables Global event log variables PM settings variables
Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures
Environment functions Hash table functions Input and output functions LDAP functions LDAP API example List functions Miscellaneous functions Password functions Remote access functions String functions User information functions Authentication Services functions
Privilege Manager for Unix programs Installation Packages

ldap_unbind

Syntax
ldap_unbind (int ldapid[, boolean trace] )
Description

ldap_unbind closes the LDAP connection and frees all associated resources. The ldapid must be a valid LDAP connection returned by ldap_open.

If the optional trace parameter is set to true, any errors or warnings from the LDAP function are written to stdout.

Example
ldapid = ldap_open( 'ldap.host' ); 
if( defined ldapid ){ 
   rc=ldap_bind(ldapid, "cn=admin", "Secretpassword"); 
   if ((defined rc) && (rc == 0)){ 
      rc=func_search_for_user(ldapid); 
      ldap_unbind(ldapid); 
   }
}

LDAP API example

The pmpolicy language supports the use of LDAP calls to obtain data on the following platforms:

  • all versions of Linux on x86 supported by Privilege Manager for Unix

  • all versions of Linux on x86-64 supported by Privilege Manager for Unix

  • Solaris

    SPARC® 6 and above

  • AIX

    5.2 and above

  • HP-UX PA-RISC 11 and above

The pmpolicy LDAP functions follow, as closely as possible, the API outlined in RFC 1823 to ensure compatibility and ease of understanding.

The feature_enabled() function indicates whether the LDAP functions are available on a particular policy server.

The following example illustrates the use of the LDAP functions.

if (!feature_enabled(FEATURE_LDAP) { 
   print("LDAP support is not available on this policy server"); 
} else { 
   ld_user = "cn=Directory Manager"; 
   ld_passwd = "password"; 
   ld_host = "ldapserver"; 
   BASEDN="ou=People,dc=skynet,dc=local"; 
   SCOPE="onelevel"; 
   FILTER="(objectClass=*)"; 
   ATTRLIST={}; 
   ATTRONLY=false; 

   print( "LDAP Server: " + ld_host ); 
   print( "    User DN: " + ld_user ); 
   print( "   Password: " + ld_passwd ); 
   print( "" ); 
   print( "    Base DN: " + BASEDN ); 
   print( "      Scope: " + SCOPE ); 
   print( "     Filter: " + FILTER ); 
   print( "" ); 

   # Open a connection to the directory server 
   ldapid = ldap_open( ld_host ); 
   if( ldapid < 0 ) { 
      print( "ldap_open failed" ); 
      reject; 
   } 
   # bind to the directory 
   rc = ldap_bind( ldapid, ld_user, ld_passwd ); 
   if( rc==0 ) { 
      # perform the search 
      ld_results = ldap_search( ldapid, BASEDN, SCOPE, FILTER, ATTRLIST, ATTRONLY ); 
      if( ld_results >= 0 ) { 
         # how many results have been returned? 
         num = ldap_count_entries( ldapid, ld_results ); 
         str = sprintf( "Num results = %d", num ); 
         print(str); 
         print(""); 
         print("RESULTS"); 
         print(""); 
         if( num>0 ) { 
            # Grab the first entry from the results 
            lentry = ldap_first_entry( ldapid, ld_results ); 
            while( lentry ) { 
               # print the DN 
               dn = ldap_get_dn( ldapid, ld_results ); 
               print("---- START OF ENTRY (" + dn + ") ----"); 
               e = ldap_explode_dn( dn ); 
               print( "              Exploded DN: " + join( e, ', ' ) ); 
               e = ldap_explode_dn( dn, 1 ); 
               print( "Exploded DN, no type names: " + join( e, ', ' ) ); 
               print( "              User Friendly form: " + ldap_dn2ufn( dn ) ); 
               print(""); 
               oc = ldap_get_values( ldapid, lentry, "objectClass" ); 
               if( "inetorgperson" in oc ) { 
                  gn = ldap_get_values( ldapid, lentry, "givenname" ); 
                  sn = ldap_get_values( ldapid, lentry, "sn" ); 
                  print( "  Found a person, Name = " + gn[0] + " " + sn[0] ); 
               } 

               attrs = ldap_get_attributes( ldapid, lentry ); 
               print( "Attributes: " + join(attrs, ", ") ); 
               # Move through each attibute for the entry 
               attr = ldap_first_attribute( ldapid, lentry ); 
               while( attr != '' ) { 
                  print(" ATTR: " + attr ); 
                     # Print the values for the given attribute 
                     values = ldap_get_values( ldapid, lentry, attr ); 
                     print( "  VALUES = { " + join(values, ", ") + " }" );

                     # move to the next attibute 
                        attr = ldap_next_attribute( ldapid, lentry ); 
               }
               # move to the next entry 
               lentry = ldap_next_entry( ldapid, ld_results ); 
               print("---- END OF ENTRY (" + dn + ") ---- "); 
               print(""); 
            } 
            print(""); 
         } 
         print("-- END OF RESULTS --"); 
      }
   } else { 
      print( "ldap_bind failed" ); 
      reject; 
   }

   rc = ldap_unbind( ldapid ); 
   str = sprintf( "rc = %d", rc ); 
   print(str); 
}
Related Topics

feature_enabled

List functions

These are the built-in list functions available to use within the pmpolicy file.

Table 38: List functions
Name Description

append

Append to a list.

insert

Insert a string or list into a list.

join

Concatenate a list into a string.

length

Return the length of a string, list, or array.

lsubst

Substitute part of a string with another string throughout all or part of a list.

range

Select a range of entries in a list.

replace

Replace one or more strings in a list.

search

Search a list for a string.

split

Convert a string into a list.

splitSubst

Convert a string into a list.

append

Syntax
list append( list dest, list|string src1 [, list|string src2, ...])
Description

append creates a list constructed by appending the specified strings or lists src1, src2, etc. to the end of the list dest and returns a new list.

Example
trustedusers = {"jamie", "cory", "robyn"}; 
a = append(trustedusers, "adrian");

sets a to the following list:

{"jamie", "cory", "robyn", "adrian"}
Related Topics

insert

join

関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択