| 10. YaPI::USERS | ||
|---|---|---|
 | ||
| 10. YaPI::USERS | ||
|---|---|---|
| | ||
This package is the public YaST2 API for Users/Groups management
Creates new user. User attributes are described in $data_hash, $config_hash describes special configuration data.
Example 304.
Possible parameters for $config hash:
"type" Type of user (string). Possible values:
"local","system","ldap","nis". ("nis" is not available
for adding)
Specific parameters of $config hash, related to LDAP users (all keys
are optional, there should exist reasonable default values based on
current LDAP configuration):
"bind_dn"
DN of LDAP administrator, used to bind to LDAP server
(string)
"bind_pw"
Password for LDAP administrator (string)
"anonymous_bind"
If this key is present, there will be done created an
anonymous connection to LDAP server (if it is allowed).
"member_attribute"
Name of LDAP attribute, defining the membership in LDAP
groups (possible values: "member", "uniquemember"). The
default value is in /etc/ldap.conf (nss_map_attribute).
"user_attributes"
List of attributes to be returned by an LDAP search for
user (list of strings). If empty, all non-empty
attributes will be returned as a result of search.
"user_filter"
Filter for restricting LDAP searches (string).
The default value is stored as "susesearchfilter" in
LDAP configuration.
"user_base"
DN of LDAP base where the users are stored (string). By
default, the value of "susedefaultbase" stored in LDAP
configuration is used.
"user_scope"
The scope used for LDAP searches for users. Possible
values are 0 (base), 1(one), 2(sub). Default is 2.
"plugins"
List of plugins which should be applied for user
(list of strings). General plugin for LDAP users,
("UsersPluginLDAPAll") is always available, others are
part of modules which has to be installed before their
usage (yast2-samba-server, yast2-mail-server).
"user_plugins"
Same as "plugins".
Values mentioned above are common for all $config hashes in the
functions for handling user. Additionally, there is a special value
which is defined only for UserAdd:
"create_home"
If this is set to 0, the home directory for new user
won't be created.
Possible parameters for $data hash:
"uid" Login name
"cn" Full name
"userpassword" User's password
"homedirectory" Users's home directory
"loginshell" User's login shell
"gidnumber" GID of user's default group
"grouplist" Hash (of type { <group_name> => 1 }) with groups
this user should be member of.
"shadowinactive" Days after password expires that account is disabled
"shadowexpire" Days since Jan 1, 1970 that account is disabled
"shadowwarning" Days before password is to expire that user is warned
"shadowmin" Days before password may be changed
"shadowmax" Days after which password must be changed
"shadowflag" (last value at line in /etc/shadow)
"shadowlastchange" Days since Jan 1, 1970 that password was last changed
<ldap_attribute> For LDAP users, any attribute supported by
users's object class can be here.Example 305.
my $config = { "type" => "ldap",
"plugins" => [ "UsersPluginLDAPAll" ],
"bind_dn" => "uid=admin,dc=example,dc=com",
};
my $data = { "uid" => "ll",
"uidnumber" => 1111,
"userpassword" => "qqqqq"
"givenName" => "l",
"cn" => [ "ll" ]
"description" => [ "first", "second" ],
};
# create new LDAP user
my $error = UserAdd ($config, $data);
# create new local user 'hh'; use all available defaults
UserAdd ({}, { "uid" => "hh" });Modifies existing user. User attributes which should be changed are described in $data_hash, $config_hash describes special configuration data, especially user identification.
Example 307.
Special values for $config hash: additinally to the values always
available (see L<UserAdd>), $config must contains one of the key
used to identify the user which should be modified:
"dn" Distinguished name (DN) - only for LDAP user
"uid" User name (which is value of "uid" for LDAP user)
"uidnumber" UID number ("uidnumber" value for LDAP user)
For values in $data hash, see L<UserAdd>.Example 308.
my $config = { "type" => "ldap",
"uidnumber" => 500
};
my $data = { "userpassword" => "wwwww"
};
# changes a password of LDAP user (identified with id)
my $error = UserModify ($config, $data);
# change GID value of local user (identified with name)
$error = UserModify ({ "uid" => "hh" }, { "gidnumber" => 5555 });Adds a new feature (plugin) to the given user.
Deletes a new feature (plugin) to the given user.
Deletes existing user. Identification of user selected for delete is stored in $config_hash.
Disables existing user to log in. Identification of user selected for delete is stored in $config_hash.
Enables existing user to log in. Identification of user selected for delete is stored in $config_hash.
Returns a map describing selected user.
Example 319.
For general values of $config hash, see L<UserAdd>.
For parameters necessary to identify the user, see L<UserModify>.Example 320.
my $config = { "type" => "ldap",
"user_attributes" => [ "uid", "uidnumber", "cn" ],
"uidnumber" => 500
};
# searches for LDAP user with uidnumber 500 and returns the hash with given
# attributes
my $user = UserGet ($config);
$config = { "type" => "ldap",
"uid" => "my_user",
"user_base" => "ou=people,dc=example,dc=com",
"bind_dn" => "uid=admin,dc=example,dc=com",
};
# searches for LDAP user with uid "my_user" in given search base and
# returns the hash with all user's non-empty attributes
$user = UserGet ($config);Returns a hash describing the set of users. By default, the hash is indexed by UID number, unless statet otherwise in $config_hash.
Example 321.
For general values of $config hash, see L<UserAdd>.
Additionally, there is a special key
"index" The name of the key, which should be used as a index
in the return hash.Example 322.
my $config = { "type" => "ldap",
"user_attributes" => [ "uid", "uidnumber", "cn" ],
"user_base" => "ou=people,dc=example,dc=com",
"user_scope" => YaST::YCP::Integer (2),
"user_filter" => [ "objectclass=posixAccount" ]
"index" => "dn"
};
# searches for LDAP users in given search base and returns the hash
# indexed by DN's with the hash values containing users with given attributes
my $users = UsersGet ($config);Creates new group. Group attributes are described in $data_hash, $config_hash describes special configuration data.
Example 323.
Possible parameters for $config hash:
"type" Type of group (string). Possible values:
"local","system","ldap","nis". ("nis" is not available
for adding)
Specific parameters of $config hash, related to LDAP groups (all keys
are optional, there should exist reasonable default values based on
current LDAP configuration):
"bind_dn"
DN of LDAP administrator, used to bind to LDAP server
(string)
"bind_pw"
Password for LDAP administrator (string)
"anonymous_bind"
If this key is present, there will be done created an
anonymous connection to LDAP server (if it is allowed).
"member_attribute"
Name of LDAP attribute, defining the membership in LDAP
groups (possible values: "member", "uniquemember"). The
default value is in /etc/ldap.conf (nss_map_attribute).
"group_attributes"
List of attributes to be returned by an LDAP search for
group (list of strings). If empty, all non-empty
attributes will be returned as a result of search.
"group_base"
DN of LDAP base where the groups are stored (string). By
default, the value of "susedefaultbase" stored in LDAP
configuration is used.
"group_filter"
Filter for restricting LDAP searches (string).
The default value is stored as "susesearchfilter" in
LDAP configuration.
"group_scope"
The scope used for LDAP searches for groups. Possible
values are 0 (base), 1(one), 2(sub). Default is 2.
"group_plugins"
List of plugins which should be applied for group
(list of strings). General plugin for LDAP groups,
("UsersPluginLDAPAll") is always available, others are
part of modules which has to be installed before their
usage (yast2-samba-server, yast2-mail-server).
Possible parameters for $data hash:
"gidnumber" GID number of the group
"cn" Group name
"userpassword" Password for the group.
"userlist" Hash (of type { <username> => 1 }) with
the users that should be members of this group.
Optionally, this could be also the list of
user names.
<member_attribute> For LDAP groups, correct member attribute (
"member"/"uniquemember") has to be used instead
of "userlist". It could be list of user names or
hash with DN's of the members.
<ldap_attribute> Any LDAP attribute supported by groups's object classExample 324.
my $config = { "type" => "ldap",
"group_plugins" => [ "GroupsPluginsLDAPAll" ],
"bind_dn" => "uid=admin,dc=example,dc=com",
"group_base" => "ou=groups,dc=example,dc=com"
};
my $data = { "gidnumber" => 5555,
"cn" => "lgroup",
"member" => {
"uid=test,ou=people,dc=example,dc=com" => 1,
"uid=ll,ou=people,dc=example,dc=com" => 1
}
};
# create new LDAP group
my $error = GroupAdd ($config, $data);
# create new system group
GroupAdd ({ "type" => "system" }, {
"cn" => "ggg",
"userlist" => {
"root" => 1,
"hh" => 1
}
);Modifies existing group. Group attributes which should be changed are described in $data_hash, $config_hash describes special configuration data, especially group identification.
Example 325.
For general values of $config hash, see L<GroupAdd>.
Additinally, $config must contain one of the key used to identify
the group which should be modified:
"dn" Distingueshed name (only for of LDAP group)
"cn" Group name (or value of "cn" attribute for LDAP group).
"gidnumber" GID number (value of "gidnumber" for LDAP group).Example 326.
# change GID value of local group (identified with name)
my $error = GroupModify ({ "cn" => "users" }, { "gidnumber" => 101 });
my $config = { "type" => "ldap",
"gidnumber" => 5555
};
my $data = { "member" => [
"uid=test,ou=people,dc=example,dc=com",
"uid=ll,ou=people,dc=example,dc=com",
"uid=admin,dc=example,dc=com"
]
};
# changes a member attribute of LDAP group (identified with id)
$error = GroupModify ($config, $data);
Example 327.
You can see on example that "member" attribute could be passed either as an array (which could one expect for LDAP attribute) or as hash, (which is used by YaST for internal representation) as shown in example for GroupAdd () function. YaST always takes care of it and does the necessary conversions.
Adds a new member to the given group. User is described in $user_hash, group identification is passwd in $config_hash. User must exist.
Example 328.
For general values of $config hash, see L<GroupAdd>.
For parameters necessary to identify the group, see L<GroupModify>.
$user_hash must include the information necessary to identify the
user. This has to be one of these keys:
"dn" Distinguished name (DN) [only for LDAP users]
"uid" User name (which is "uid" attribute for LDAP user)
"uidnumber" UID (which is "uidnumber" attribute for LDAP user)Deletes a member from the group.
Deletes existing group. Identification of group is stored in $config_hash.
Returns a map describing selected group.
Returns a hash describing the set of groups. By default, the hash is indexed by GID number, unless statet otherwise in $config_hash.
Returns a hash describing the set of groups. By default, the hash is indexed by GID number, unless stated differently in $config_hash.
Example 338.
For general values of $config hash, see L<GroupAdd>.
$user_hash must include the information necessary to identify the
user - see L<GroupMemberAdd>.
Additionally, there is a special key
"index" The name of the key, which should be used as a index
in the return hash.Example 339.
my $config = { "type" => "ldap",
"index" => "dn"
"group_scope" => YaST::YCP::Integer (2),
};
my $user = { "dn" => "uid=ll,ou=people,dc=example,dc=com" };
# searches for LDAP groups in default base and returns the hash
# indexed by DN's with the hash values containing groups with all
# non-empty attributes
my $groups = GroupsGetByUser ($config, $user);| | ||
| 9. YaPI::Samba |  |