NAME¶
CipUX::Storage - Storage abstraction layer for CipUX
VERSION¶
version 3.4.0.2
SYNOPSIS¶
use CipUX::Storage;
DESCRIPTION¶
The CipUX Storage abstraction layer is a generic abstract class, which can be
used to access LDAP servers via Perl by issuing simple actions and via shell
command line interface. It was tested with openLDAP version 3. The layer is
capable of operating on different sets of LDAP nodes. A set of nodes might be
defined by an LDAP objectClass or LDAP attribute. Example: cipuxAccount or
posixAccount. The number of objects inside a set might be ranged from one to
many. The abstraction layer performs a method on a set of nodes. Valid methods
are: 'get', 'set', 'get-all', 'set-all' on LDAP attribute values and 'add',
'delete', 'rename' on LDAP nodes.
It provides the functions get_value, set_value to modify LDAP attribute values.
The function add_node, delete_node and rename_node for adding, deleting and
renaming LDAP objects.
SUBROUTINES/METHODS¶
The following functions will be exported by CipUX::Storage.
BUILD¶
This is the constructor, see new.
use CipUX::Storage;
use base qw(CipUX::Storage);
my $storage = CipUX::Storage->new();
DEMOLISH¶
This is the destructor.
get_value¶
The get_value queries the LDAP and returns one ore more values depending on the
parameter 'scope'.
Syntax:
eval {
my $object = 'ckuelker';
my $attribute = 'cipuxFirstname';
my $type = 'all_user_node';
$value_hr = $ldap->get_value({
scope=>'one',
type=>$type,
obj=>$object,
attr_ar=>[$attribute]
});
} or croak "ERROR: can't get value: $@!" if $@;
returns one value:
%$ret_hr = (
'ckuelker' => {
'cipuxFirstname' => ['Christian'],
}
);
eval {
my $object = '';
my $attribute = 'cipuxFirstname';
my $type = 'all_user_node';
$value_hr = $ldap->get_value({
scope=>'all',
type=>$type,
obj=>$object,
attr_ar=>[$attribute]
});
} or croak "ERROR: can't get value: $@!" if $@;
%$ret_hr = (
'ckuelker' => {
'cipuxFirstname' => ['Christian'],
'cipuxLastname' => ['Kuelker'],
},
'xoswald' => {
'cipuxFirstname' => ['Xavier'],
'cipuxLastname' => ['Oswald'],
},
);
Return values
%ret = (
'ckuelker' => {
'cipuxFirstname' => ['Christian'],
'cipuxLastname' => ['Kuelker'],
}
set_value¶
Sets a value for a given object in the LDAP database.
my $rslt = set_value( {
obj=>$obj,
attr_ar=>$attr_ar,
changes=>$changes,
scope=>$scope,
escope=>$escope,
type=>$type
} ;
obj: object
attr_ar: reference to an array of LDAP attributes and values
changes:
scope: 'one|all' set/modify value
escope: 'one|all|none' erase scope
type:
Modify Syntax
my $msg = $ldap->modify( $dn,
changes => [
# add sn=Baggins
add => [ sn => 'Baggins' ],
# delete all fax numbers
delete => [ faxNumber => []],
# delete phone number 911
delete => [ telephoneNumber => ['911']],
# change email address
replace => [ mail => 'bilbo@baggins.org']
]
);
add_node¶
Adds an LDAP node to the LDAP database.
my $rslt = $cipux->add_node({obj=>$obj, type=>$type, attr_hr=>$attr_hr});
obj : The object to be added
type: kind of object to be added
attr_hr: Hash reference with 'ldap_attribute=>value' structure
$rslt: is the reslult from Net::LDAP add
delete_node¶
Deletes an LDAP node from the LDAP database.
my $rslt = $cipux->delete_node( { obj=>$obj, type=>$type } );
obj : The object to be added
type: kind of object to be added
$rslt: is the result from Net::LDAP delete
rename_node¶
Rename an LDAP node of the LDAP database.
my $rslt = $cipux->rename_node({obj=>$obj, type=>$type, value=>$value });
obj : The object to be added
type: kind of object to be added
value: The new name
$rslt: is the result from Net::LDAP rename
_ldap_start¶
Binds to the LDAP server.
my %access = ();
$access_cfg{ident $self}->{uri} = 'ldap://localhost';
$access_cfg{ident $self}->{bind_dn} = 'cn=admin,dc=nodomain';
$access_cfg{ident $self}->{password} = 'secret';
my $ldap = $cipux->_ldap_start();
$ldap: is the LDAP Perl object returned from Net::LDAP.
_ldap_start¶
Unbinds from the LDAP server.
my $msg = $cipux->_ldap_end( { ldap=>$ldap} );
$msg: is the message returned from Net::LDAP.
list_storage_type¶
Lists all CipUX LDAP nodes entities, sorted.
my $list_ar = $cipux->list_type( { ldap=>$ldap} );
$list_ar: reference to an array of sorted CipUX LDAP entities.
_ldap_struct¶
Parses cipux-storage.perl with for object, type, filter of a given scope. It
also performs some simple validation of that file.
my $ldap_structure_hr = $cipux->_ldap_struct( {
obj=>$obj,
type=>$type,
scope=>$scope,
filter=>$filter
});
$ldap_structure_hr: returns a structure hash reference
oid_number_supremum¶
Searches the storage database for uidNumber and gidNumber. It returns the one
number above the largest number or the minimum number in the number range for
users and groups.
To perform the search it uses get_value (the storage layer itself).
get_sid¶
Retrieve sambaSID and return it if successful
Configuration files¶
cipux-access.ini¶
The CipUX access configuration has the following entries:
[ldap]
uri = ldaps://ldap
bind_dn = cn=cipuxroot,dc=nodomain
base_dn = ou=CipUX,dc=nodomain
password = secret
system = debian
customer =
cipux_storage.perl¶
The storage structure configuration might look like this:
$cfg = {
'structure' => {
all_group_node => {
desc => 'access to all CN group objects',
struc_rdn => 'ou=Group',
dn_attr => 'cn',
filter => '(cn=?)',
},
all_user_node => {
desc => 'access to all system UID objects',
struc_rdn => 'ou=User',
dn_attr => 'uid',
filter => '(uid=?)',
},
course_group_node => {
desc => 'access to all system GID objects',
struc_rdn => 'ou=Group',
dn_attr => 'cn',
filter => '&(cn=?)(groupType=public)',
},
},
}
DIAGNOSTICS¶
TODO
CONFIGURATION AND ENVIRONMENT¶
See cipux-access.ini and cipux-storage.perl man page for details on
configuration. CipUX::Storage do not use the environment for configuration.
DEPENDENCIES¶
Carp
Class::Std
CipUX
Data::Dumper
English
Net::LDAP
Log::Log4perl
Readonly
utf8
version
INCOMPATIBILITIES¶
Not known.
BUGS AND LIMITATIONS¶
Not known.
SEE ALSO¶
See the CipUX web page and the manual at <
http://www.cipux.org>
See the mailing list
http://sympa.cipworx.org/wws/info/cipux-devel
<
http://sympa.cipworx.org/wws/info/cipux-devel>
AUTHOR¶
Christian Kuelker <christian.kuelker@cipworx.org>
LICENSE AND COPYRIGHT¶
Copyright (C) 2007 - 2009 by Christian Kuelker
This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software
Foundation; either version 2, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with
this program; if not, write to the Free Software Foundation, Inc., 59 Temple
Place, Suite 330, Boston, MA 02111-1307 USA
