The Perl Toolchain Summit needs more sponsors. If your company depends on Perl, please support this very important event.

NAME

TAM::Admin - Perl extension for Tivoli Access Manager (TAM) Admin API

SYNOPSIS

  use TAM::Admin;

  # Connect to the policy server as sec_master
  my $pdadmin = TAM::Admin->new('sec_master', 'password');

  # Get the user with the ID joe and print basic information
  my $user = $pdadmin->get_user('joe');
  print 'Login ID: ', $user->id, "\n";
  print 'Login CN: ', $user->cn, "\n";
  print 'Login DN: ', $user->dn, "\n";

  # Make the user account valid
  $user->valid(1);
  # Make the user a Non-GSO user
  $user->gso(0);

DESCRIPTION

TAM::Admin is a set of modules that utilize to TAM Admin C API to perform management functions within a Tivoli Access Manager environment.

METHODS

Constructor Method

new(<user>, <password>, [<options>])

Creates a new TAM::Admin object and connects to the policy server. The first two arguments specifies the user ID of the administration and the password. If no other options are specified, the API will utilize the configuration information of the local TAM runtime. Additional options are:

keyring => FILENAME

Specifies the filename for a CMS keyring database for SSL operations.

stash => FILENAME

Specifies the filename of the stash file for the keyring.

password => PASSWORD

Specifies the password for the keyring. This parameter will take precedence over the stash file.

dn => CERTIFICATE DN

Specifies the DN of a certificate to be utilized for authentication.

server => HOSTNAME

Specifies the location of the policy server.

port => PORT

Specifies the TCP port of the policy server process. Default port is 7135.

Examples

        # Create a default context
        $pdadmin = TAM::Admin->new('sec_master', 'password'); 

        # Connect to policy server tam2.foobar.com
        $pdadmin = TAM::Admin->new('sec_master', 'password', 
                keyfile => '/var/PolicyDirector/keytab/pd2.kdb',
                password => 'cmsopen',
                server => 'tam2.foobar.com'); 

User Management

These methods are used for basic user management, i.e. get, import, create, remove, and delete. Management of the individual user, e.g. set account valid, is done via the TAM::Admin::User module.

get_user(<userid>)

Retrieve a user object for the specified ID. This function will return a TAM::Admin::User object. A user object can also be retrieved by LDAP DN. To get a user by DN call the method in the following fashion...

  $pdadmin->get_user(dn => <ldap dn>)

import_user(<userid>, <dn>)

Import a LDAP account into TAM. The first argument will used as the TAM logon ID and the second argument designates the LDAP of the existing account. This function will return a TAM::Admin::User object relating to the imported user.

remove_user(<userid>)

Remove a user from TAM only. This method is equivalent to the following pdadmin command.

   pdadmin> user delete <userid>

delete_user(<userid>)

Remove a user from TAM and LDAP. This method is equivalent to the following pdadmin command.

   pdadmin> user delete -registry <userid>

Group Methods

These methods are used for basic group management, i.e. get, import, create, remove, and delete. Management of the individual group, e.g. add users, is done via the TAM::Admin::Group module.

get_group(<groupid>)

Retrieve a group object for the specified ID. This function will return a TAM::Admin::Group object. A group object can also be retrieved by LDAP DN. To get a user by DN call the method in the following fashion...

  $pdadmin->get_group(dn => <ldap dn>)
=head3 import_group(<groupid>, <dn>)

Import a LDAP group into TAM. The first argument will used as the TAM group ID and the second argument designates the LDAP object of the existing group. This function will return a TAM::Admin::Group object relating to the imported group.

remove_group(<groupid>)

Remove a group from TAM only. This method is equivalent to the following pdadmin command.

   pdadmin> group delete <userid>

delete_group(<groupid>)

Remove a group from TAM and LDAP. This method is equivalent to the following pdadmin command.

   pdadmin> group delete -registry <groupid>

GSO Methods

These methods are used for basic GSO management, i.e. get, create, and delete. Management of individual GSO objects is done via the TAM::Admin::GSO module.

get_gso(<type> => <id>)

Returns a TAM::Admin:GSO object for the specified resource. Type is either 'group' or 'resource' and the ID is the label of the GSO resource.

all_gso

Returns an array of all TAM::Admin:GSO objects.

list_gso(<type>)

Returns an array of IDs for all GSO resources of a given type. Type is either 'group' or 'resource'.

Protected Object Methods

These methods are used for basic management of TAM protected objects.

list_objects(<path>)

Returns an array of objects that are contained in the path given. This method is equivalent to the following pdadmin command

   pdadmin> object list <path>

Response Methods

These methods help manage and retrive messages from actions performed. These mehoted are inherited by all TAM::Admin objects.

ok

Returns true if the last action was successful.

error

Returns true if the last action was unsuccessful.

message([<index>])

Returns the error message for the last action. The index will specify which error message to return if the last action resulted in more that one error condition. The index is 0 based.

code([<index>])

Returns the error code for the last action. The index will specify which error code to return if the last ction resulted in more that one error condition. The index is 0 based.

msg_count

Returns the number of errors generated for the last action.

EXPORT

None by default.

Exportable constants

  IVADMINAPI_H
  IVADMIN_AUDIT_ADMIN
  IVADMIN_AUDIT_ALL
  IVADMIN_AUDIT_DENY
  IVADMIN_AUDIT_ERROR
  IVADMIN_AUDIT_NONE
  IVADMIN_AUDIT_PERMIT
  IVADMIN_CALLTYPE
  IVADMIN_CONTEXT_ADUSERREG
  IVADMIN_CONTEXT_DCEUSERREG
  IVADMIN_CONTEXT_DOMINOUSERREG
  IVADMIN_CONTEXT_LDAPUSERREG
  IVADMIN_CONTEXT_MULTIDOMAIN_ADUSERREG
  IVADMIN_DECLSPEC
  IVADMIN_FALSE
  IVADMIN_MAXRETURN
  IVADMIN_PROTOBJ_TYPE_UNKNOWN
  IVADMIN_PROTOBJ_TYPE__APP_CONTAINER
  IVADMIN_PROTOBJ_TYPE__APP_LEAF
  IVADMIN_PROTOBJ_TYPE__CONTAINER
  IVADMIN_PROTOBJ_TYPE__DIR
  IVADMIN_PROTOBJ_TYPE__DOMAIN
  IVADMIN_PROTOBJ_TYPE__EXTERN_AUTH_SVR
  IVADMIN_PROTOBJ_TYPE__FILE
  IVADMIN_PROTOBJ_TYPE__HTTP_SVR
  IVADMIN_PROTOBJ_TYPE__JNCT
  IVADMIN_PROTOBJ_TYPE__LEAF
  IVADMIN_PROTOBJ_TYPE__MGMT_OBJ
  IVADMIN_PROTOBJ_TYPE__NETSEAL_NET
  IVADMIN_PROTOBJ_TYPE__NETSEAL_SVR
  IVADMIN_PROTOBJ_TYPE__NON_EXIST_OBJ
  IVADMIN_PROTOBJ_TYPE__PORT
  IVADMIN_PROTOBJ_TYPE__PROGRAM
  IVADMIN_PROTOBJ_TYPE__WEBSEAL_SVR
  IVADMIN_REASON_ALREADY_EXISTS
  IVADMIN_RESPONSE_ERROR
  IVADMIN_RESPONSE_INFO
  IVADMIN_RESPONSE_WARNING
  IVADMIN_SSOCRED_SSOGROUP
  IVADMIN_SSOCRED_SSOWEB
  IVADMIN_TIME_LOCAL
  IVADMIN_TIME_UTC
  IVADMIN_TOD_ALL
  IVADMIN_TOD_ANY
  IVADMIN_TOD_FRI
  IVADMIN_TOD_MINUTES
  IVADMIN_TOD_MON
  IVADMIN_TOD_OCLOCK
  IVADMIN_TOD_SAT
  IVADMIN_TOD_SUN
  IVADMIN_TOD_THU
  IVADMIN_TOD_TUE
  IVADMIN_TOD_WED
  IVADMIN_TOD_WEEKDAY
  IVADMIN_TOD_WEEKEND
  IVADMIN_TRUE

AUTHOR

George Chlipala, george@walnutcs.com

SEE ALSO

perl(1).

1 POD Error

The following errors were encountered while parsing the POD:

Around line 455:

You forgot a '=back' before '=head2'