Chat now with support
Chat with Support

Privilege Manager for Unix 7.2.1 - Administration Guide

Introducing Privilege Manager for Unix Planning Deployment Installation and Configuration Upgrade Privilege Manager for Unix System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager for Unix Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager for Unix Variables
Variable names Variable scope Global input variables Global output variables Global event log variables PM settings variables
Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures
Environment functions Hash table functions Input and output functions LDAP functions LDAP API example List functions Miscellaneous functions Password functions Remote access functions String functions User information functions Authentication Services functions
Privilege Manager for Unix programs Installation Packages

LDAP API example

The pmpolicy language supports the use of LDAP calls to obtain data on the following platforms:

  • all versions of Linux on x86 supported by Privilege Manager for Unix
  • all versions of Linux on x86-64 supported by Privilege Manager for Unix
  • Solaris SPARC® 6 and above
  • AIX 5.2 and above
  • HP-UX PA-RISC 11 and above

The pmpolicy LDAP functions follow, as closely as possible, the API outlined in RFC 1823 to ensure compatibility and ease of understanding.

The feature_enabled() function indicates whether the LDAP functions are available on a particular policy server.

The following example illustrates the use of the LDAP functions.

if (!feature_enabled(FEATURE_LDAP) { 
   print("LDAP support is not available on this policy server"); 
} else { 
   ld_user = "cn=Directory Manager"; 
   ld_passwd = "password"; 
   ld_host = "ldapserver"; 
   BASEDN="ou=People,dc=skynet,dc=local"; 
   SCOPE="onelevel"; 
   FILTER="(objectClass=*)"; 
   ATTRLIST={}; 
   ATTRONLY=false; 

   print( "LDAP Server: " + ld_host ); 
   print( "    User DN: " + ld_user ); 
   print( "   Password: " + ld_passwd ); 
   print( "" ); 
   print( "    Base DN: " + BASEDN ); 
   print( "      Scope: " + SCOPE ); 
   print( "     Filter: " + FILTER ); 
   print( "" ); 

   # Open a connection to the directory server 
   ldapid = ldap_open( ld_host ); 
   if( ldapid < 0 ) { 
      print( "ldap_open failed" ); 
      reject; 
   } 
   # bind to the directory 
   rc = ldap_bind( ldapid, ld_user, ld_passwd ); 
   if( rc==0 ) { 
      # perform the search 
      ld_results = ldap_search( ldapid, BASEDN, SCOPE, FILTER, ATTRLIST, ATTRONLY ); 
      if( ld_results >= 0 ) { 
         # how many results have been returned? 
         num = ldap_count_entries( ldapid, ld_results ); 
         str = sprintf( "Num results = %d", num ); 
         print(str); 
         print(""); 
         print("RESULTS"); 
         print(""); 
         if( num>0 ) { 
            # Grab the first entry from the results 
            lentry = ldap_first_entry( ldapid, ld_results ); 
            while( lentry ) { 
               # print the DN 
               dn = ldap_get_dn( ldapid, ld_results ); 
               print("---- START OF ENTRY (" + dn + ") ----"); 
               e = ldap_explode_dn( dn ); 
               print( "              Exploded DN: " + join( e, ', ' ) ); 
               e = ldap_explode_dn( dn, 1 ); 
               print( "Exploded DN, no type names: " + join( e, ', ' ) ); 
               print( "              User Friendly form: " + ldap_dn2ufn( dn ) ); 
               print(""); 
               oc = ldap_get_values( ldapid, lentry, "objectClass" ); 
               if( "inetorgperson" in oc ) { 
                  gn = ldap_get_values( ldapid, lentry, "givenname" ); 
                  sn = ldap_get_values( ldapid, lentry, "sn" ); 
                  print( "  Found a person, Name = " + gn[0] + " " + sn[0] ); 
               } 

               attrs = ldap_get_attributes( ldapid, lentry ); 
               print( "Attributes: " + join(attrs, ", ") ); 
               # Move through each attibute for the entry 
               attr = ldap_first_attribute( ldapid, lentry ); 
               while( attr != '' ) { 
                  print(" ATTR: " + attr ); 
                     # Print the values for the given attribute 
                     values = ldap_get_values( ldapid, lentry, attr ); 
                     print( "  VALUES = { " + join(values, ", ") + " }" );

                     # move to the next attibute 
                        attr = ldap_next_attribute( ldapid, lentry ); 
               }
               # move to the next entry 
               lentry = ldap_next_entry( ldapid, ld_results ); 
               print("---- END OF ENTRY (" + dn + ") ---- "); 
               print(""); 
            } 
            print(""); 
         } 
         print("-- END OF RESULTS --"); 
      }
   } else { 
      print( "ldap_bind failed" ); 
      reject; 
   }

   rc = ldap_unbind( ldapid ); 
   str = sprintf( "rc = %d", rc ); 
   print(str); 
}
Related Topics

feature_enabled

List functions

These are the built-in list functions available to use within the pmpolicy file.

Table 38: List functions
Name Description
append Append to a list.
insert Insert a string or list into a list.
join Concatenate a list into a string.
length Return the length of a string, list, or array.
lsubst Substitute part of a string with another string throughout all or part of a list.
range Select a range of entries in a list.
replace Replace one or more strings in a list.
search Search a list for a string.
split Convert a string into a list.

splitSubst

Convert a string into a list.

append

Syntax
list append( list dest, list|string src1 [, list|string src2, ...]) 
Description

append creates a list constructed by appending the specified strings or lists src1, src2, etc. to the end of the list dest and returns a new list.

Example
trustedusers = {"jamie", "cory", "robyn"}; 
a = append(trustedusers, "adrian"); 

sets a to the following list:

{"jamie", "cory", "robyn", "adrian"} 
Related Topics

insert

join

insert

Syntax
list insert( list dest, int index, string src1, [, string src2, ...] )
Description

insert constructs a list by inserting strings into a list at the specified position. Note that the first element in the list is index: 0. If the index is greater than the length of the specified list (for example, 999), then the strings append to the end of the list.

Returns the newly constructed list.

Example
trustedusers={"jamie", "cory", "robyn"}; 
a=insert(trustedusers, 1, "leslie"); 

sets a to the list:

{"jamie", "leslie", "cory", "robyn"}

Related Topics

append

join

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating