TAM::Admin - Perl extension for Tivoli Access Manager (TAM) Admin API
use TAM::Admin; # Connect to the policy server as sec_master my $pdadmin = TAM::Admin->new('sec_master', 'password'); # Get the user with the ID joe and print basic information my $user = $pdadmin->get_user('joe'); print 'Login ID: ', $user->id, "\n"; print 'Login CN: ', $user->cn, "\n"; print 'Login DN: ', $user->dn, "\n"; # Make the user account valid $user->valid(1); # Make the user a Non-GSO user $user->gso(0);
TAM::Admin is a set of modules that utilize to TAM Admin C API to perform management functions within a Tivoli Access Manager environment.
Creates a new TAM::Admin object and connects to the policy server. The first two arguments specifies the user ID of the administration and the password. If no other options are specified, the API will utilize the configuration information of the local TAM runtime. Additional options are:
Specifies the filename for a CMS keyring database for SSL operations.
Specifies the filename of the stash file for the keyring.
Specifies the password for the keyring. This parameter will take precedence over the stash file.
Specifies the DN of a certificate to be utilized for authentication.
Specifies the location of the policy server.
Specifies the TCP port of the policy server process. Default port is 7135.
Examples
# Create a default context $pdadmin = TAM::Admin->new('sec_master', 'password'); # Connect to policy server tam2.foobar.com $pdadmin = TAM::Admin->new('sec_master', 'password', keyfile => '/var/PolicyDirector/keytab/pd2.kdb', password => 'cmsopen', server => 'tam2.foobar.com');
These methods are used for basic user management, i.e. get, import, create, remove, and delete. Management of the individual user, e.g. set account valid, is done via the TAM::Admin::User module.
Retrieve a user object for the specified ID. This function will return a TAM::Admin::User object. A user object can also be retrieved by LDAP DN. To get a user by DN call the method in the following fashion...
$pdadmin->get_user(dn => <ldap dn>)
Import a LDAP account into TAM. The first argument will used as the TAM logon ID and the second argument designates the LDAP of the existing account. This function will return a TAM::Admin::User object relating to the imported user.
Remove a user from TAM only. This method is equivalent to the following pdadmin command.
pdadmin> user delete <userid>
Remove a user from TAM and LDAP. This method is equivalent to the following pdadmin command.
pdadmin> user delete -registry <userid>
These methods are used for basic group management, i.e. get, import, create, remove, and delete. Management of the individual group, e.g. add users, is done via the TAM::Admin::Group module.
Retrieve a group object for the specified ID. This function will return a TAM::Admin::Group object. A group object can also be retrieved by LDAP DN. To get a user by DN call the method in the following fashion...
$pdadmin->get_group(dn => <ldap dn>) =head3 import_group(<groupid>, <dn>)
Import a LDAP group into TAM. The first argument will used as the TAM group ID and the second argument designates the LDAP object of the existing group. This function will return a TAM::Admin::Group object relating to the imported group.
Remove a group from TAM only. This method is equivalent to the following pdadmin command.
pdadmin> group delete <userid>
Remove a group from TAM and LDAP. This method is equivalent to the following pdadmin command.
pdadmin> group delete -registry <groupid>
These methods are used for basic GSO management, i.e. get, create, and delete. Management of individual GSO objects is done via the TAM::Admin::GSO module.
Returns a TAM::Admin:GSO object for the specified resource. Type is either 'group' or 'resource' and the ID is the label of the GSO resource.
Returns an array of all TAM::Admin:GSO objects.
Returns an array of IDs for all GSO resources of a given type. Type is either 'group' or 'resource'.
These methods are used for basic management of TAM protected objects.
Returns an array of objects that are contained in the path given. This method is equivalent to the following pdadmin command
pdadmin> object list <path>
These methods help manage and retrive messages from actions performed. These mehoted are inherited by all TAM::Admin objects.
Returns true if the last action was successful.
Returns true if the last action was unsuccessful.
Returns the error message for the last action. The index will specify which error message to return if the last action resulted in more that one error condition. The index is 0 based.
Returns the error code for the last action. The index will specify which error code to return if the last ction resulted in more that one error condition. The index is 0 based.
Returns the number of errors generated for the last action.
None by default.
IVADMINAPI_H IVADMIN_AUDIT_ADMIN IVADMIN_AUDIT_ALL IVADMIN_AUDIT_DENY IVADMIN_AUDIT_ERROR IVADMIN_AUDIT_NONE IVADMIN_AUDIT_PERMIT IVADMIN_CALLTYPE IVADMIN_CONTEXT_ADUSERREG IVADMIN_CONTEXT_DCEUSERREG IVADMIN_CONTEXT_DOMINOUSERREG IVADMIN_CONTEXT_LDAPUSERREG IVADMIN_CONTEXT_MULTIDOMAIN_ADUSERREG IVADMIN_DECLSPEC IVADMIN_FALSE IVADMIN_MAXRETURN IVADMIN_PROTOBJ_TYPE_UNKNOWN IVADMIN_PROTOBJ_TYPE__APP_CONTAINER IVADMIN_PROTOBJ_TYPE__APP_LEAF IVADMIN_PROTOBJ_TYPE__CONTAINER IVADMIN_PROTOBJ_TYPE__DIR IVADMIN_PROTOBJ_TYPE__DOMAIN IVADMIN_PROTOBJ_TYPE__EXTERN_AUTH_SVR IVADMIN_PROTOBJ_TYPE__FILE IVADMIN_PROTOBJ_TYPE__HTTP_SVR IVADMIN_PROTOBJ_TYPE__JNCT IVADMIN_PROTOBJ_TYPE__LEAF IVADMIN_PROTOBJ_TYPE__MGMT_OBJ IVADMIN_PROTOBJ_TYPE__NETSEAL_NET IVADMIN_PROTOBJ_TYPE__NETSEAL_SVR IVADMIN_PROTOBJ_TYPE__NON_EXIST_OBJ IVADMIN_PROTOBJ_TYPE__PORT IVADMIN_PROTOBJ_TYPE__PROGRAM IVADMIN_PROTOBJ_TYPE__WEBSEAL_SVR IVADMIN_REASON_ALREADY_EXISTS IVADMIN_RESPONSE_ERROR IVADMIN_RESPONSE_INFO IVADMIN_RESPONSE_WARNING IVADMIN_SSOCRED_SSOGROUP IVADMIN_SSOCRED_SSOWEB IVADMIN_TIME_LOCAL IVADMIN_TIME_UTC IVADMIN_TOD_ALL IVADMIN_TOD_ANY IVADMIN_TOD_FRI IVADMIN_TOD_MINUTES IVADMIN_TOD_MON IVADMIN_TOD_OCLOCK IVADMIN_TOD_SAT IVADMIN_TOD_SUN IVADMIN_TOD_THU IVADMIN_TOD_TUE IVADMIN_TOD_WED IVADMIN_TOD_WEEKDAY IVADMIN_TOD_WEEKEND IVADMIN_TRUE
George Chlipala, george@walnutcs.com
perl(1).
1 POD Error
The following errors were encountered while parsing the POD:
You forgot a '=back' before '=head2'
To install TAM::Admin, copy and paste the appropriate command in to your terminal.
cpanm
cpanm TAM::Admin
CPAN shell
perl -MCPAN -e shell install TAM::Admin
For more information on module installation, please visit the detailed CPAN module installation guide.