Tivoli::AccessManager::Admin::POP
use Tivoli::AccessManager::Admin; my ($pop,$resp,$obj); my $pd = Tivoli::AccessManager::Admin->new( password => $pswd); # Instantiate a new pop $pop = Tivoli::AccessManager::Admin::POP->new($pd, name => 'test'); # Actually create the POP in the policy db $resp = $pop->create(); # Set its description $resp = $pop->description( "POP goes the monkey" ); # Attach it $resp = $pop->attach('/test/monkey'); # See where it is now attached $resp = $pop->find; # Detach it now $resp = $pop->detach('/test/monkey'); # Get a full list of POPs $resp = Tivoli::AccessManager::Admin::POP->list($pd); # Set the level for any other network $resp = $pop->anyothernw( 2 ); # Forbid access from any other network $resp = $pop->anyothernw( 'forbidden' ); # Set an IP auth level for a few networks $resp = $pop->ipauth(add => {'192.168.8.0' => {NETMASK => '255.255.255.0', AUTHLEVEL => 1 }. '192.168.9.0' => {NETMASK => '255.255.255.0', AUTHLEVEL => 2} } ); # Forbid the entire 10.x.x.x network $resp = $pop->ipauth(forbidden => {'10.0.0.0' => {NETMASK=>'255.0.0.0'}}); # Set the audit level $resp = $pop->audit( [qw/all/] ); # Set the QoP level $resp = $pop->qop('privacy'); # Set Time of Day access $resp = $pop->tod( days => [qw/monday tuesday wednesday/], start => '0800', end => '1800', ); # Set the warn mode $resp = $pop->warnmode(1); # Set an extended attribute or two $resp = $pop->attributes( add => { foobar => 'baz', silly => [qw/one two three/] } ); # Clean up after myself $pop->delete;
Tivoli::AccessManager::Admin::POP allows manipulation of POPs via perl.
Creates a blessed Tivoli::AccessManager::Admin::POP object. It should be noted that creating the object in perl is not the same thing as creating it in TAM's policy database. See "create" to do that.
An initialized Tivoli::AccessManager::Admin::Context object. This parameter is, as usual, required.
The POP's name. This is technically speaking optional, but it may have some unintentional side effects if not provided. Namely, the object will assume it doesn't exist, which will cause problems when trying to do anything to it.
In short, if you intend on calling "create" you can forget this parameter. Otherwise, include it.
A blessed Tivoli::AccessManager::Admin::POP object. If there is an error, you will get undef.
Creates the object in TAM's policy database and returns the blessed reference.
An initialized Tivoli::AccessManager::Admin::Context object. This parameter is required.
The POP's name. When using "create" as a constructor, this parameter is required.
A Tivoli::AccessManager::Admin::Response object containing the newly created object. I refer you to that module's documentation for digging the value out.
Class methods behave like instance methods in that they all return a Tivoli::AccessManager::Admin::Response object.
List all of the POPs defined in TAM.
The standard, initialized Tivoli::AccessManager::Admin::Context object.
The list of all defined POPs.
All of the methods return a Tivoli::AccessManager::Admin::Response object unless otherwise explicitly stated. See the documentation for that module on how to coax the values out.
The methods, for the most part, follow the same pattern. If the optional parameters are sent, it has the effect of setting the attributes. All methods calls will embed the results of a 'get' in the Tivoli::AccessManager::Admin::Response object.
Creates a new POP in TAM's policy db. This method can be used as both class and instance method.
The name of the new POP. This parameter is only required when you did not use it in the "new" call.
The success or failure of the create operation.
Deletes the object.
None
The success or failure of the operation. Please note that you really should detach a POP before trying to delete it.
Attaches or detaches a POP. Weird little fact. The C API for ACLs does not contain an attach or detach method -- you have to use the methods for the protected objects. POPs have their own attach and detach calls.
If both parameters are used, all of the detaches will be done before attaching.
Detach the POP from the listed objects. OBJECTS can be a list or a single value. It can be either a string (e.g., '/test/monkey') or a Tivoli::AccessManager::Admin::ProtObject object or a mix of them.
Attach the POP to the listed objects. The same combination of values can be used as listed above.
The success or failure of the operation. You will also get a list of the current places the POP is attached.
A convenience method that wraps "objects" with an attach message. See "objects" for a full description of the parameters and returns.
A convenience method that wraps "objects" with a detach message. See "objects" for a full description of the parameters and returns.
Finds and lists everyplace the POP is attached.
A possibly empty list of everyplace the POP is attached,
"list" can also be used as an instance method, although I personally do not think it makes much sense.
None, when used as an instance method.
A list of all defined POPs.
Set the authentication level for any other network.
Sets the authentication level to the provided number, unset or forbidden.
The success or failure of the operation, along with the current (possibly new) level.
Sets or gets the POP's description.
The new description. This parameter is optional.
The POP's description if set, an empty string otherwise.
Sets the audit level on the POP.
The underlying C library uses a bit mask to set the audit level. You can either send this bitmask, a single word that will be translated into a bitmask or a list of words that will be translated into a bit mask.
If the words "all" or "none" appear anywhere in the list, the bitmask will be set as indicated below.
The name to bitmask mapping looks like this:
none => 0
permit => 1
deny => 2
error => 4
admin => 8
all => 15
The numeric bitmask if evaluated in scalar context; the wordier list if used in list context.
Sets the IP based authentication restrictions.
Sets the required authentication level for an IP address and/or network. The referant of the hash ref is a hash of hashes, keyed off the IP address. The contents of the subhashes look like:
The netmask for the ip address. It should be requested in the quad-dot format (e.g., 255.255.255.0). I should likely be smart enough to handle CIDR notation and what ever IPV6 uses, but I am not.
Required only when adding, this specifies the authentication level for the IP/netmask. There is no default -- I didn't think it safe to guess.
Removes the IP auth restriction from the POP. The referant of the hash ref should look just like it does for adding.
Forbids access from some subnet. The referant of the hash ref should look just like it does for adding.
An array of hashes that look mostly like the parameter hashes. For the record, I dislike this function.
Sets the "quality of protection" on the POP.
The level of protection, it must be one of these three options: none, integrity or privacy. You will need to refer to the WebSEAL Administration Guide for the meaning of those three values.
The current level of protection.
Returns the current time of day access policy on the POP.
days should be a reference to an array containing some combination of: mon, tue, wed, thu, fri, sat, sun or any.
If the word 'any' is found anywhere in the array, it will over ride all the others.
The beginning of the allowed access time, expressed in 24-hour format. Since perl will try to interpret any number starting with a 0 as an octal number ( leading to annoying problems with 09xx ), you need to either drop the preceding 0 ( eg, 900 ) or specify it as a string ( '0900' ).
The end of the allowed access time. See the previous item for the caveats.
Under the covers, start and end are calculated as minutes past midnight. TAM needs to know if you are referencing midnight UTC or midnight local time. The default is 'local'.
A Tivoli::AccessManager::Admin::Response object, the value of which is a hash with the key/value pairs:
An array reference to the days for which the policy is enforced. If the TOD policy is unset, this refers to an empty array.
The time of day when access is allowed, expressed in 24-hour format. If the TOD policy is unset, this will be zero.
The time of day when access is denied, expressed in 24-hour format. If the TOD policy is unset, this will be zero.
UTC or local. If the policy is unset, this will be local.
Sets the warnmode on the POP.
Disble or enable the warn mode.
The current value
Adds keys and attributes to the POP, removes values from an attribute and removes a key.
An anonymous hash pointing to the attributes and the value(s) for that attribute. If you want to set more than one value on the attribute, it must be sent as an anonymous array.
If the attribute does not already exist, it will be created.
Removes the value(s) from the named attribute(s). If you are removing multiple values from an attribute, you must use an anonymous array. Note, this will not remove the attribute, only values from the attribute.
Removes attributes from the POP. As always, if you want to remove multiple attributes, you need to use an anonymous array.
A hash containing the defined attributes as the keys and the values. All of the values are returned as anonymous arrays.
Returns true if the POP exists, false otherwise.
2 POD Errors
The following errors were encountered while parsing the POD:
You forgot a '=back' before '=head2'
=back without =over
To install Tivoli::AccessManager::Admin, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Tivoli::AccessManager::Admin
CPAN shell
perl -MCPAN -e shell install Tivoli::AccessManager::Admin
For more information on module installation, please visit the detailed CPAN module installation guide.