Chat now with support
Chat with Support

Safeguard for Sudo 2.0 - Administrators Guide

One Identity Privileged Access Suite for Unix Introducing Privilege Manager for Unix Introducing Privilege Manager for Sudo Planning Deployment Installation and Configuration
Download Privilege Manager for Unix Software Packages Download Privilege Manager for Sudo Software Packages Quick Start and Evaluation Configure a Primary Policy Server Configure a Secondary Policy Server Install PM Agent or Sudo Plugin on a Remote Host Remove Configurations
Upgrading Privilege Manager System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager Variables Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures Privilege Manager Programs Installation Packages Unsupported Sudo Options Sudo Plugin Policy Evaluation About us


syslog ( string format [, expression expr, ...])

syslog sends a formatted message to syslog as a LOG_INFO message.

NOTE: For more information about configuring syslog messages, see the syslog(3) man page.

syslog("Accepted request from %s@%s", user, submithost);

LDAP Functions

These are the built-in LDAP functions available to use within the policy file:

Table 39: LDAP functions
Name Description
ldap_ bind Bind an LDAP connection to the given credentials.
ldap_count_entries Count the number of entries returned by ldap_search.
ldap_dn2ufn Convert a DN to a user-friendly format.
ldap_explode_dn Return the elements of a DN.
ldap_first_attribute Obtain the first attribute in an LDAP entry,
ldap_first_entry Obtain the first entry returned by ldap_search,
ldap_get_attributes Return all attribute names in an LDAP entry,
ldap_get_dn Return the DN of an entry.
ldap_get_values Return a list of the values for an attribute.
ldap_next_attribute Return the next attribute in an LDAP entry.
ldap_next_entry Return the next entry returned by ldap_search.
ldap_open Open a connection to an LDAP server.
ldap_search Search the LDAP directory.
ldap_unbind Close the LDAP connection.

ldap_ bind

int ldap_bind(integer ldapid, string userdn [, string password [, boolean trace]] )

ldap_ bind binds an LDAP connection to the specified credentials. The LDAP ID must be a valid LDAP connection ID returned by ldap_open. You can require an optional password.

If the optional trace parameter is set to true, any errors or warnings from the LDAP function are written to stdout.

If successful, it returns 0; otherwise it returns non-zero or an undefined variable.

rc=ldap_bind(ldapid, "cn=admin", "Secretpassword"); 
if ((!defined rc) || (rc != 0)) 
   reject "Bind to ldap directory failed"; 


int ldap_count_entries(int ldapid, ldapresult searchresult[, boolean trace] )

ldap_count_entries returns the number of LDAP entries found by a previous call to ldap_search.

If the optional trace parameter is set to true, any errors or warnings from the LDAP function are written to stdout.

# search for all Users at base level 
searchresults= ldap_search( ldapid, 'ou=Users,dn=ldap,dn=domain,dn=com', 
   'onelevel', '(objectClass=*)' ); 
if (ldap_count_entries(ldapid, searchresults) == 0) 
   reject "Found no users"; 
Related Topics


Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating