OSS::LDAPops - Perform operations on user accounts, groups and netgroups stored in an LDAP directory
#Define config hash $GLOBAL::config = { LDAPHOST => 'ldap01.mydomain.net', BINDDN => 'uid=webportal, ou=writeaccess, dc=auth, dc=mydomain,dc=net', BASEDN => 'dc=auth,dc=mydomain,dc=net', NISDOMAIN => 'auth.mydomain.net', PASSWORD => 'xyzzy', }; #Instantiate new object and connect to server my($ldapopsobj) = OSS::LDAPops->new($GLOBAL::config); if (ref($ldapopsobj) !~ m/OSS::LDAPops/ ) {die("Error instantiating object: $ldapopsobj")}; my($ret); my(@retu); #Bind server $ldapopsobj->bind; @retu = $ldapopsobj->searchuser($ARGV[1]); die($retu[0]) if (($retu[0] ne undef) and (ref($retu[0]) !~ m/Net::LDAP::Entry/) ); foreach my $entry (@retu) {$entry->dump; } #if($ret) {die($ret);}; exit;
This module manipulates user, group and netgroup objects within an LDAP directory.
Also included is ldapops.pl. This script implements a command-line utility using OSS::LDAPops.
netgroupcache.pl is also included. This uses OSS::LDAPops to create a local cache of LDAP-backed netgroups in /etc/netgroup.
Simon <simon@hacknix.net>
This module and associated sripts make some assumptions about how your directory is configured. these include:
Storage of maxuid
Conventions for use of netgroups
nis.schema is patched to allow equalityMatch on nisNetgroupTriple objects
In the "examples" directory, there are several files to help you out, including:
An example skeleton directory.
A patched version of nis.schema, suitable for use with OpenLDAP
An example of OpenLDAP's slapd.conf, showing example acls
Several other example files, to asisst in setting up *NIX servers to use the directory are also included.
The reader should consider looking at nss_ldap and pam_ldap, here:
http://www.padl.com/Contents/OpenSourceSoftware.html
This section describes the methods that are implemented and their use.
#Define config hash $GLOBAL::config = { LDAPHOST => 'ldap01.mydomain.net', BINDDN => 'uid=webportal, ou=writeaccess, dc=auth, dc=lastminute,dc=com', BASEDN => 'dc=auth,dc=mydomain,dc=net', NISDOMAIN => 'auth.mydomain.net', PASSWORD => 'xyzzy', }; #Instantiate new object and connect to server my($ldapopsobj) = OSS::LDAPops->new($GLOBAL::config); if (ref($ldapopsobj) !~ m/OSS::LDAPops/ ) {die("Error instantiating object: $ldapopsobj")};
Instantiates an object and connects to the LDAP server. Returns an object on success and false on error.
Bind to LDAP server with supplied credentials.
No arguments are accepted as the pre-supplied config values are used.
Check to see if a group exists.
$obj->groupexists(<group>);
Returns 0 when the group does not exist. Returns 2 when the group does exists. Returns a text string on error.
Check if user exists.
$obj->userexists(<user>);
Search for a users entry in the directory.
$obj->searchuser(<userid>);
(the wildcard * can be used)
Returns an array of Net::LDAP:Entry objects on success Returns false on no results. Returns an error string on error.
Search for a netgroup entry in the directory.
#$obj->searchnetgroup(<group>);
Search for a unix (posix) group entry in the directory.
#$obj->searchunixgroup(<group>);
Add a host entry to the directory
$obj->addhost(<hostname>);
Returns a text string on error Returns false on success
Add a host group entry to the directory
$obj->addhostgroup(<hostname>);
Add a user group entry to the directory
$obj->addusergroup(<groupname>);
Add a unix group to the directory
$obj->addunixgroup(<groupname>,<gid>);
returns a text string on error returns false on success
Add a user entry to the directory
$obj->adduser(<username>);
$obj->updatepw(<username>,<password>,<force reset on login [1|0]>);
Add a user entry to a user group
$obj->addusertoug(<username>,<group>);
Del a user from a user gorup
$obj->deluserfromug(<username>,<group>);
Add a host to a host group
$obj->addhosttohg(<host>,<group>);
Delete host from host group
$obj->delhostfromhg(<host>,<group>);
add user to host user group
$obj->addusertohug(<host>,<group>);
delete user from host user group
$obj->deluserfromhug(<host>,<group>);
Add a group to a group
$obj->addggrouptogroup(<ug|hg>,<host>,<group>);
delete group from group
$obj->delgroupfromgroup(<ug|hg>,<host>,<group>);
add user to a unix group
$obj->addusertounixgroup(<user>,<unix group>);
delete user from a unix group
$obj->deluserfromunixgroup(<user>,<unix group>);
Delete an entry by DN (use with caution)
Used to remove users and groups by DN
WARNING: it's possible to damage the tree stucture this way!!!! get it right!!
$obj=>deletedn($dn);
Returns a text string on error. Returns false on success
To install OSS::LDAPops, copy and paste the appropriate command in to your terminal.
cpanm
cpanm OSS::LDAPops
CPAN shell
perl -MCPAN -e shell install OSS::LDAPops
For more information on module installation, please visit the detailed CPAN module installation guide.