7. YaPI::LdapServer

This package is the public Yast2 API to managing a LDAP Server.

7.1. List of Global Functions

\@dbList = ReadDatabaseList()
$bool = AddDatabase(\%valueMap)
$bool = EditDatabase($suffix,\%valueMap)
\%valueMap = ReadDatabase($suffix)
\@indexList = ReadIndex($suffix)
$bool = AddIndex($suffix,\%indexMap)
$bool = EditIndex($suffix,$index_md5,\%indexMap)
$bool = DeleteIndex($suffix,$index_md5)
$bool = RecreateIndex($suffix)
\@list = ReadSchemaIncludeList()
$bool = WriteSchemaIncludeList(\@list)
\@list = ReadAllowList()
$bool = WriteAllowList(\@list)
$loglevel = ReadLoglevel()
$bool = AddLoglevel($bit)
$bool = DeleteLoglevel($bit)
$bool = WriteLoglevel($loglevel)
ModifyService($status)
SwitchService($status)
$status = ReadService()
\%valueMap = ReadTLS()
$bool = WriteTLS(\%valueMap)
$bool = CheckCommonServerCertificate()
$bool = ConfigureCommonServerCertificate()
$bool = ImportCertificates(\%valueMap)
$bool = ReadSLPEnabled()
$bool = WriteSLPEnabled( $bool )

7.2. Functions

7.2.1. \@dbList = ReadDatabaseList()

Returns a List of databases (suffix).

Example 246.

 use Data::Dumper;

 my $res = YaPI::LdapServer->ReadDatabaseList();
 if( not defined $res ) {
     # error    
 } else {
     print "OK: \n";
     print STDERR Data::Dumper->Dump([$res])."\n";
 }

7.2.2. $bool = AddDatabase(\%valueMap)

Creates a new database section in the configuration file, start or restart the LDAP Server and add the base object. If the database exists, nothing is done and undef is returned.

Example 247.

 * database: The database type (required)
 
 * suffix: The suffix (required)
 
 * directory: The Directory where the database files are(bdb/ldbm) (required)

 * createdatabasedir: If true the directory for the database will be created (optional; default false)

 * rootdn: The Root DN 
 
 * passwd: The plain Root Password (requires rootdn)

 * cryptmethod: The crypt method; allowed values are (CRYPT, SMD5, SHA, SSHA, PLAIN); default is 'SSHA'
 
 * cachesize: The cachesize(bdb/ldbm) (optional; default 10000)
 
 * checkpoint: The checkpoint(bdb) (optional; default 1024 5)

Example 248.

 my $hash = {
             database    => 'bdb',
             suffix      => 'dc=example,dc=com',
             rootdn      => "cn=Admin,dc=example,dc=com",
             passwd      => "system",
             cryptmethod => 'SMD5',
             directory   => "/var/lib/ldap/db1",
            };

 my $res = YaPI::LdapServer->AddDatabase($hash);
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
 }

7.2.3. $bool = EditDatabase($suffix,\%valueMap)

Edit the database section with the suffix $suffix in the configuration file. Only save parameter are supported.

Example 249.

 * rootdn: The Root DN
 
 * passwd: The Root Password
 
 * cryptmethod: The crypt method; allowed values are (CRYPT, SMD5, SHA, SSHA, PLAIN); default is 'SSHA'

 * cachesize: The cachesize(bdb/ldbm)
 
 * checkpoint: The checkpoint(bdb)

Example 250.

 my $hash = { suffix      => "dc=example,dc=com",
              rootdn      => "cn=Administrator,dc=example,dc=com",
              rootpw      => "example",
              cryptmethod => "CRYPT"
            };

 my $res = YaPI::LdapServer->EditDatabase($hash);
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
 }

7.2.4. \%valueMap = ReadDatabase($suffix)

Read the database section with the suffix $suffix.

Example 251.

 * database: The database type
 
 * suffix: The suffix
 
 * rootdn: The Root DN
 
 * passwd: The Root Password
 
 * directory: The Directory where the database files are(bdb/ldbm)
 
 * cachesize: The cachesize(bdb/ldbm)
 
 * checkpoint: The checkpoint(bdb)

Example 252.

 use Data::Dumper;

 my $res = YaPI::LdapServer->ReadDatabase('"dc=example,dc=com"');
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
     print STDERR Data::Dumper->Dump([$res])."\n";
 }

7.2.5. \@indexList = ReadIndex($suffix)

Returns a List of Maps with all index statements for this database. The "keys" are:

Example 253.

 * 'attr', an attribute or an attribute list

 * 'param', a number of special index parameters 

 * 'md5', a MD5 sum of this index. This numer is needed for EditIndex and DeleteIndex

Example 254.

 use Data::Dumper;

 my $res = YaPI::LdapServer->ReadIndex('"dc=example,dc=com"');
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
     print STDERR Data::Dumper->Dump([$res])."\n";
 }

7.2.6. $bool = AddIndex($suffix,\%indexMap)

Add a new index statement %indexMap to the database section $suffix.

Example 255.

 * 'attr', an attribute or an attribute list

 * 'param', a number of special index parameters

Example 256.

 my $newIndex = {
                 'attr'  => "uid,cn",
                 'param' => "eq"
                };

 my $res = YaPI::LdapServer->AddIndex("dc=example,dc=com", $newIndex);
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
 }

7.2.7. $bool = EditIndex($suffix,$index_md5,\%indexMap)

Replace the index $index_md5 in the database section $suffix by the new index statement %indexMap.

Example 257.

 * 'attr', an attribute or an attribute list

 * 'param', a number of special index parameters

Example 258.

 my $newIndex = {
                 'attr'  => "uid,cn",
                 'param' => "eq"
                };

 my $res = YaPI::LdapServer->EditIndex("dc=example,dc=com", "eacc11456b6c2ae4e1aef0fa287e02b0",
                                       $newIndex);
 if( not defined $res ) {
     # error
 } else {
        print "OK: \n";
 }

7.2.8. $bool = DeleteIndex($suffix,$index_md5)

Delete the index $index_md5 statement in the database section $suffix.

Example 259.

 my $res = YaPI::LdapServer->DeleteIndex("dc=example,dc=com", "338a980b4eebe87365a4077067ce1559");
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
 }

7.2.9. $bool = RecreateIndex($suffix)

Regenerate indices based upon the current contents of a database determined by $suffix. This function stops the ldapserver, call slapindex and start the ldapserver again.

Example 260.

 my $res = YaPI::LdapServer->RecreateIndex("dc=example,dc=com");
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
 }

7.2.10. \@list = ReadSchemaIncludeList()

Returns a list of all included schema files in the order they appear in the config files.

Example 261.

 use Data::Dumper;

 my $res = YaPI::LdapServer->ReadSchemaIncludeList();
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
     print STDERR Data::Dumper->Dump([$res])."\n";
 }

7.2.11. $bool = WriteSchemaIncludeList(\@list)

Writes all schema includes preserving order.

Example 262.

 my $schemas = [
                '/etc/openldap/schema/core.schema',
                '/etc/openldap/schema/cosine.schema',
                '/etc/openldap/schema/inetorgperson.schema',
                '/etc/openldap/schema/rfc2307bis.schema',
                '/etc/openldap/schema/yast2userconfig.schema',
                '/etc/openldap/schema/samba3.schema'
               ];

 my $res = YaPI::LdapServer->WriteSchemaIncludeList($schemas);
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
 }

7.2.12. \@list = ReadAllowList()

Returns a list of allow statements.

Example 263.

 use Data::Dumper;

 my $res = YaPI::LdapServer->ReadAllowList();
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
     print STDERR Data::Dumper->Dump([$res])."\n";
 }

7.2.13. $bool = WriteAllowList(\@list)

Replaces the complete allow option with the specified feature list.

Example 264.

 my @list = ( "bind_v2" );

 $res = YaPI::LdapServer->WriteAllowList( \@list );
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
 }

7.2.14. $loglevel = ReadLoglevel()

Read the loglevel bitmask.

Example 265.

 my $res = YaPI::LdapServer->ReadLoglevel();
 if( not defined $res ) {

 } else {
     print "OK: \n";
     print STDERR Data::Dumper->Dump([$res])."\n";
 }

7.2.15. $bool = AddLoglevel($bit)

Set the given loglevel bit to 1 in the current bitmask.

Example 266.

 my $res = YaPI::LdapServer->AddLoglevel( 0x04 );
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
 }

7.2.16. $bool = DeleteLoglevel($bit)

Set the given loglevel bit to 0 in the current bitmask.

Example 267.

 my $res = YaPI::LdapServer->DeleteLoglevel( 0x04 );
 if( not defined $res ) {

 } else {
     print "OK: \n";
 }

7.2.17. $bool = WriteLoglevel($loglevel)

Replaces the loglevel bitmask.

Example 268.

 my $res = YaPI::LdapServer->WriteLoglevel( 0x06 );
 if( not defined $res ) {

 } else {
     print "OK: \n";
 }

7.2.18. ModifyService($status)

with this function you can turn on and off the LDAP server runlevel script. Turning off means, no LDAP server start at boot time.

Example 269.

 ModifyService(0); # turn LDAP server off at boot time
 ModifyService(1); # turn LDAP server on at boot time

7.2.19. SwitchService($status)

with this function you can start and stop the LDAP server service.

Example 270.

 SwitchService( 0 ); # turning off the LDAP server service
 SwitchService( 1 ); # turning on the LDAP server service

7.2.20. $status = ReadService()

with this function you can read out the state of the LDAP server runlevel script (starting LDAP server at boot time).

Example 271.

 print "LDAP is ".( (ReadService())?('on'):('off') )."\n";

7.2.21. \%valueMap = ReadTLS()

Return the current TLS settings

Example 272.

 * TLSCipherSuite: cipher suite parameter
 
 * TLSCACertificateFile: Specifies the file that contains certificates for all of the Certificate Authorities that slapd will recognize.

 * TLSCACertificatePath: Specifies  the path of a directory that contains Certificate Authority certificates in separate individual files. Usually only one of this or the TLSCACertificateFile is used.

 * TLSCertificateFile: Specifies the file that contains the slapd server certificate.

 * TLSCertificateKeyFile: Specifies the file that contains the slapd server private key.

 * TLSVerifyClient: Specifies what checks to perform on client certificates in an incoming TLS session.

Example 273.

 use Data::Dumper;

 my $res = YaPI::LdapServer->ReadTLS();
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
     print STDERR Data::Dumper->Dump([$res])."\n";
 }

7.2.22. $bool = WriteTLS(\%valueMap)

Edit the TLS options in the configuration file.

Example 274.

 * TLSCipherSuite: cipher suite parameter
 
 * TLSCACertificateFile: Specifies the file that contains certificates for all of the Certificate Authorities that slapd will recognize.

 * TLSCACertificatePath: Specifies  the path of a directory that contains Certificate Authority certificates in separate individual files. Usually only one of this or the TLSCACertificateFile is used.

 * TLSCertificateFile: Specifies the file that contains the slapd server certificate.

 * TLSCertificateKeyFile: Specifies the file that contains the slapd server private key.

 * TLSVerifyClient: Specifies what checks to perform on client certificates in an incoming TLS session.

Example 275.

 my $hash = {
             TLSCipherSuite        => "HIGH:MEDIUM:+SSLv2",
             TLSCertificateFile    => "/etc/ssl/server_crt.pem",
             TLSCertificateKeyFile => "/etc/ssl/server_key.pem",
             TLSCACertificateFile  => "/etc/ssl/ca.pem",
             TLSVerifyClient       => "never"
            };

 my $res = YaPI::LdapServer->WriteTLS($hash);
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
 }

7.2.23. $bool = CheckCommonServerCertificate()

Check, if a server certificate is available which can be used for more then one service. Such common certificate is saved at '/etc/ssl/servercerts/servercert.pem'.

Example 276.

 my $res = YaPI::LdapServer->CheckCommonServerCertificate();
 if( not defined $res ) {
     # error
 } else {
     print "Available \n" if($res);
     print "Not Avalable \n" if(!res);
 }

7.2.24. $bool = ConfigureCommonServerCertificate()

Configure the LDAP server to use the common server certificate.

Example 277.

 my $res = YaPI::LdapServer->ConfigureCommonServerCertificate();
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
 }

7.2.25. $bool = ImportCertificates(\%valueMap)

Import certificates and configure TLS for the LDAP Server.

Example 278.

 my $hash = {
              ServerCertificateFile => '/path/to/the/certificate.pem',
              ServerKeyFile         => '/path/to/the/key.pem',
              CACertificatesFile    => '/path/to/the/CAcertificate.pem',
            }

 my $res = YaPI::LdapServer->ImportCertificates($hash);
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
 }

7.2.26. $bool = ReadSLPEnabled()

This function reads the OPENLDAP_REGISTER_SLP entry in /etc/sysconfig/openldap. It returns 'true' if it reads 'yes' and 'false' if it reads 'no'.

Example 279.

 print "SLP registering is ".( (ReadSLPEnabled())?('activated'):('deactivated') )."\n";

7.2.27. $bool = WriteSLPEnabled( $bool )

This function sets OPENLDAP_REGISTER_SLP in /etc/sysconfig/openldap. The entry is set to 'yes' if the argument is true or 'no' if the argument is false.

Example 280.

  WriteSLPEnabled( 1 );


6. YaPI::HTTPD		8. YaPI::MailServer