Chat now with support
Chat with Support

Privilege Manager for Unix 6.1 Common Documents - Administration Guide

One Identity Privileged Access Suite for Unix Introducing Privilege Manager for Unix Planning Deployment Installation and Configuration Upgrade Privilege Manager for Unix System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager Variables Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures Privilege Manager programs Installation Packages

ldap_unbind

Syntax
ldap_unbind (int ldapid[, boolean trace] )
Description

ldap_unbind closes the LDAP connection and frees all associated resources. The ldapid must be a valid LDAP connection returned by ldap_open.

If the optional trace parameter is set to true, any errors or warnings from the LDAP function are written to stdout.

Example
ldapid = ldap_open( 'ldap.host' ); 
if( defined ldapid ){ 
   rc=ldap_bind(ldapid, "cn=admin", "Secretpassword"); 
   if ((defined rc) && (rc == 0)){ 
      rc=func_search_for_user(ldapid); 
      ldap_unbind(ldapid); 
   }
}

LDAP API example

Privilege Manager policy language supports the use of LDAP calls to obtain data on the following platforms:

  • all versions of Linux on x86 supported by Privilege Manager
  • all versions of Linux on x86-64 supported by Privilege Manager
  • Solaris SPARC® 6 and above
  • AIX 5.2 and above
  • HP-UX PA-RISC 11 and above

Privilege Manager LDAP functions follow, as closely as possible, the API outlined in RFC 1823 to ensure compatibility and ease of understanding.

The feature_enabled() function indicates whether the LDAP functions are available on a particular policy server.

The following example illustrates the use of the LDAP functions.

if (!feature_enabled(FEATURE_LDAP) { 
   print("LDAP support is not available on this policy server"); 
} else { 
   ld_user = "cn=Directory Manager"; 
   ld_passwd = "password"; 
   ld_host = "ldapserver"; 
   BASEDN="ou=People,dc=skynet,dc=local"; 
   SCOPE="onelevel"; 
   FILTER="(objectClass=*)"; 
   ATTRLIST={}; 
   ATTRONLY=false; 

   print( "LDAP Server: " + ld_host ); 
   print( "    User DN: " + ld_user ); 
   print( "   Password: " + ld_passwd ); 
   print( "" ); 
   print( "    Base DN: " + BASEDN ); 
   print( "      Scope: " + SCOPE ); 
   print( "     Filter: " + FILTER ); 
   print( "" ); 

   # Open a connection to the directory server 
   ldapid = ldap_open( ld_host ); 
   if( ldapid < 0 ) { 
      print( "ldap_open failed" ); 
      reject; 
   } 
   # bind to the directory 
   rc = ldap_bind( ldapid, ld_user, ld_passwd ); 
   if( rc==0 ) { 
      # perform the search 
      ld_results = ldap_search( ldapid, BASEDN, SCOPE, FILTER, ATTRLIST, ATTRONLY ); 
      if( ld_results >= 0 ) { 
         # how many results have been returned? 
         num = ldap_count_entries( ldapid, ld_results ); 
         str = sprintf( "Num results = %d", num ); 
         print(str); 
         print(""); 
         print("RESULTS"); 
         print(""); 
         if( num>0 ) { 
            # Grab the first entry from the results 
            lentry = ldap_first_entry( ldapid, ld_results ); 
            while( lentry ) { 
               # print the DN 
               dn = ldap_get_dn( ldapid, ld_results ); 
               print("---- START OF ENTRY (" + dn + ") ----"); 
               e = ldap_explode_dn( dn ); 
               print( "              Exploded DN: " + join( e, ', ' ) ); 
               e = ldap_explode_dn( dn, 1 ); 
               print( "Exploded DN, no type names: " + join( e, ', ' ) ); 
               print( "              User Friendly form: " + ldap_dn2ufn( dn ) ); 
               print(""); 
               oc = ldap_get_values( ldapid, lentry, "objectClass" ); 
               if( "inetorgperson" in oc ) { 
                  gn = ldap_get_values( ldapid, lentry, "givenname" ); 
                  sn = ldap_get_values( ldapid, lentry, "sn" ); 
                  print( "  Found a person, Name = " + gn[0] + " " + sn[0] ); 
               } 

               attrs = ldap_get_attributes( ldapid, lentry ); 
               print( "Attributes: " + join(attrs, ", ") ); 
               # Move through each attibute for the entry 
               attr = ldap_first_attribute( ldapid, lentry ); 
               while( attr != '' ) { 
                  print(" ATTR: " + attr ); 
                     # Print the values for the given attribute 
                     values = ldap_get_values( ldapid, lentry, attr ); 
                     print( "  VALUES = { " + join(values, ", ") + " }" );

                     # move to the next attibute 
                        attr = ldap_next_attribute( ldapid, lentry ); 
               }
               # move to the next entry 
               lentry = ldap_next_entry( ldapid, ld_results ); 
               print("---- END OF ENTRY (" + dn + ") ---- "); 
               print(""); 
            } 
            print(""); 
         } 
         print("-- END OF RESULTS --"); 
      }
   } else { 
      print( "ldap_bind failed" ); 
      reject; 
   }

   rc = ldap_unbind( ldapid ); 
   str = sprintf( "rc = %d", rc ); 
   print(str); 
}
Related Topics

feature_enabled

List functions

These are the built-in list functions available to use within the policy file.

Table 37: List functions
Name Description
append Append to a list.
insert Insert a string or list into a list.
join Concatenate a list into a string.
length Return the length of a string, list, or array.
lsubst Substitute part of a string with another string throughout all or part of a list.
range Select a range of entries in a list.
replace Replace one or more strings in a list.
search Search a list for a string.
split Convert a string into a list.
splitSubst Convert a string into a list

append

Syntax
list append( list dest, list|string src1 [, list|string src2, ...]) 
Description

append creates a list constructed by appending the specified strings or lists src1, src2, etc. to the end of the list dest and returns a new list.

Example
trustedusers = {"jamie", "cory", "robyn"}; 
a = append(trustedusers, "adrian"); 

sets a to the following list:

{"jamie", "cory", "robyn", "adrian"} 
Related Topics

insert

join

Related Documents