This package is the public YaST2 API for Users/Groups management
Creates new user. User attributes are described in $data_hash, $config_hash describes special configuration data.
Example 251.
Possible parameters for $config hash:
"type" Type of user (string). Possible values:
"local","system","ldap","nis". ("nis" is not available
for adding)
Specific parameters of $config hash, related to LDAP users (all keys
are optional, there should exist reasonable default values based on
current LDAP configuration):
"bind_dn"
DN of LDAP administrator, used to bind to LDAP server
(string)
"bind_pw"
Password for LDAP administrator (string)
"anonymous_bind"
If this key is present, there will be done created an
anonymous connection to LDAP server (if it is allowed).
"member_attribute"
Name of LDAP attribute, defining the membership in LDAP
groups (possible values: "member", "uniquemember"). The
default value is in /etc/ldap.conf (nss_map_attribute).
"user_attributes"
List of attributes to be returned by an LDAP search for
user (list of strings). If empty, all non-empty
attributes will be returned as a result of search.
"user_filter"
Filter for restricting LDAP searches (string).
The default value is stored as "suseSearchFilter" in
LDAP configuration.
"user_base"
DN of LDAP base where the users are stored (string). By
default, the value of "suseDefaultBase" stored in LDAP
configuration is used.
"user_scope"
The scope used for LDAP searches for users. Possible
values are 0 (base), 1(one), 2(sub). Default is 2.
"plugins"
List of plugins which should be applied for user
(list of strings). General plugin for LDAP users,
("UsersPluginLDAPAll") is always available, others are
part of modules which has to be installed before their
usage (yast2-samba-server, yast2-mail-server).
"user_plugins"
Same as "plugins".
Values mentioned above are common for all $config hashes in the
functions for handling user. Additionally, there is a special value
which is defined only for UserAdd:
"create_home"
If this is set to 0, the home directory for new user
won't be created.
Possible parameters for $data hash:
"uid" Login name
"cn" Full name
"userPassword" User's password
"homeDirectory" Users's home directory
"loginShell" User's login shell
"gidNumber" GID of user's default group
"grouplist" Hash (of type { <group_name> => 1 }) with groups
this user should be member of.
"shadowinactive" Days after password expires that account is disabled
"shadowexpire" Days since Jan 1, 1970 that account is disabled
"shadowwarning" Days before password is to expire that user is warned
"shadowmin" Days before password may be changed
"shadowmax" Days after which password must be changed
"shadowflag" (last value at line in /etc/shadow)
"shadowlastchange" Days since Jan 1, 1970 that password was last changed
<ldap_attribute> For LDAP users, any attribute supported by
users's object class can be here.Example 252.
my $config = { "type" => "ldap",
"plugins" => [ "UsersPluginLDAPAll" ],
"bind_dn" => "uid=admin,dc=example,dc=com",
};
my $data = { "uid" => "ll",
"uidNumber" => 1111,
"userPassword" => "qqqqq"
"givenName" => "l",
"cn" => [ "ll" ]
"description" => [ "first", "second" ],
};
# create new LDAP user
my $error = UserAdd ($config, $data);
# create new local user 'hh'; use all available defaults
UserAdd ({}, { "uid" => "hh" });Example 253.
You can see on example that LDAP attributes could be passed either as list of value or as strings, which is just the same case as a list with one value.
Modifies existing user. User attributes which should be changed are described in $data_hash, $config_hash describes special configuration data, especially user identification.
Example 254.
Special values for $config hash: additinally to the values always
available (see L<UserAdd>), $config must contains one of the key
used to identify the user which should be modified:
"dn" Distinguished name (DN) - only for LDAP user
"uid" User name (which is value of "uid" for LDAP user)
"uidNumber" UID number ("uidNumber" value for LDAP user)
For values in $data hash, see L<UserAdd>.Example 255.
my $config = { "type" => "ldap",
"uidNumber" => 500
};
my $data = { "userPassword" => "wwwww"
};
# changes a password of LDAP user (identified with id)
my $error = UserModify ($config, $data);
# change GID value of local user (identified with name)
$error = UserModify ({ "uid" => "hh" }, { "gidNumber" => 5555 });Adds a new feature (plugin) to the given user.
Example 256.
$config hash can contain data always available (see L<UserAdd>)
and the data used for user identification (see L<UserModify>).
Additionally, it has to contain the value for
"plugins" List of plugins which should be added to the user.Example 257.
my $config = { "type" => "ldap",
"plugins" => [ "UsersPluginSambaAccount" ],
"bind_dn" => "uid=admin,dc=example,dc=com",
"uid" => "ll"
};
# adds 'SambaAccount' plugin to the user
my $error = UserFeatureAdd ($config);Deletes a new feature (plugin) to the given user.
Example 259.
my $config = { "type" => "ldap",
"plugins" => [
"UsersPluginSambaAccount",
"UsersPluginMail"
],
"uid" => "ll"
};
# removes 'SambaAccount' and 'Mail' plugin from the user
my $error = UserFeatureDelete ($config);Deletes existing user. Identification of user selected for delete is stored in $config_hash.
Example 260.
For general values of $config hash, see L<UserAdd>.
For parameters necessary to identify the user, see L<UserModify>.
Additinally, there is special parameter for
"delete_home" Integer: For 1, home directory of selected user
will be deleted. Default value is 0 (false).Example 261.
my $config = { "type" => "ldap",
"dn" => "uid=ll,dc=example,dc=com",
"delete_home" => YaST::YCP::Boolean (1)
};
# deletes LDAP user together with its home directory
my $error = UserDelete ($config);
$error = UserDelete ({ "uid" => "hh", "type" => "local" });Disables existing user to log in. Identification of user selected for delete is stored in $config_hash.
Example 262.
For general values of $config hash, see L<UserAdd>.
For parameters necessary to identify the user, see L<UserModify>.Example 263.
my $config = { "type" => "ldap",
"uidNumber" => 500,
};
# disables LDAP user (as it is defined its plugins)
my $error = UserDisable ($config);Enables existing user to log in. Identification of user selected for delete is stored in $config_hash.
Example 264.
For general values of $config hash, see L<UserAdd>.
For parameters necessary to identify the user, see L<UserModify>.Example 265.
my $config = { "type" => "ldap",
"uidNumber" => 500,
};
# enables LDAP user (in a default way, defined for LDAP users)
my $error = UserEnable ($config);Returns a map describing selected user.
Example 266.
For general values of $config hash, see L<UserAdd>.
For parameters necessary to identify the user, see L<UserModify>.Example 267.
my $config = { "type" => "ldap",
"user_attributes" => [ "uid", "uidNumber", "cn" ],
"uidNumber" => 500
};
# searches for LDAP user with uidNumber 500 and returns the hash with given
# attributes
my $user = UserGet ($config);
$config = { "type" => "ldap",
"uid" => "my_user",
"user_base" => "ou=people,dc=example,dc=com",
"bind_dn" => "uid=admin,dc=example,dc=com",
};
# searches for LDAP user with uid "my_user" in given search base and
# returns the hash with all user's non-empty attributes
$user = UserGet ($config);Returns a hash describing the set of users. By default, the hash is indexed by UID number, unless statet otherwise in $config_hash.
Example 268.
For general values of $config hash, see L<UserAdd>.
Additionally, there is a special key
"index" The name of the key, which should be used as a index
in the return hash.Example 269.
my $config = { "type" => "ldap",
"user_attributes" => [ "uid", "uidNumber", "cn" ],
"user_base" => "ou=people,dc=example,dc=com",
"user_scope" => YaST::YCP::Integer (2),
"user_filter" => [ "objectClass=posixAccount" ]
"index" => "dn"
};
# searches for LDAP users in given search base and returns the hash
# indexed by DN's with the hash values containing users with given attributes
my $users = UsersGet ($config);Creates new group. Group attributes are described in $data_hash, $config_hash describes special configuration data.
Example 270.
Possible parameters for $config hash:
"type" Type of group (string). Possible values:
"local","system","ldap","nis". ("nis" is not available
for adding)
Specific parameters of $config hash, related to LDAP groups (all keys
are optional, there should exist reasonable default values based on
current LDAP configuration):
"bind_dn"
DN of LDAP administrator, used to bind to LDAP server
(string)
"bind_pw"
Password for LDAP administrator (string)
"anonymous_bind"
If this key is present, there will be done created an
anonymous connection to LDAP server (if it is allowed).
"member_attribute"
Name of LDAP attribute, defining the membership in LDAP
groups (possible values: "member", "uniquemember"). The
default value is in /etc/ldap.conf (nss_map_attribute).
"group_attributes"
List of attributes to be returned by an LDAP search for
group (list of strings). If empty, all non-empty
attributes will be returned as a result of search.
"group_base"
DN of LDAP base where the groups are stored (string). By
default, the value of "suseDefaultBase" stored in LDAP
configuration is used.
"group_filter"
Filter for restricting LDAP searches (string).
The default value is stored as "suseSearchFilter" in
LDAP configuration.
"group_scope"
The scope used for LDAP searches for groups. Possible
values are 0 (base), 1(one), 2(sub). Default is 2.
"group_plugins"
List of plugins which should be applied for group
(list of strings). General plugin for LDAP groups,
("UsersPluginLDAPAll") is always available, others are
part of modules which has to be installed before their
usage (yast2-samba-server, yast2-mail-server).
Possible parameters for $data hash:
"gidNumber" GID number of the group
"cn" Group name
"userPassword" Password for the group.
"userlist" Hash (of type { <username> => 1 }) with
the users that should be members of this group.
Optionally, this could be also the list of
user names.
<member_attribute> For LDAP groups, correct member attribute (
"member"/"uniquemember") has to be used instead
of "userlist". It could be list of user names or
hash with DN's of the members.
<ldap_attribute> Any LDAP attribute supported by groups's object classExample 271.
my $config = { "type" => "ldap",
"group_plugins" => [ "GroupsPluginsLDAPAll" ],
"bind_dn" => "uid=admin,dc=example,dc=com",
"group_base" => "ou=groups,dc=example,dc=com"
};
my $data = { "gidNumber" => 5555,
"cn" => "lgroup",
"member" => {
"uid=test,ou=people,dc=example,dc=com" => 1,
"uid=ll,ou=people,dc=example,dc=com" => 1
}
};
# create new LDAP group
my $error = GroupAdd ($config, $data);
# create new system group
GroupAdd ({ "type" => "system" }, {
"cn" => "ggg",
"userlist" => {
"root" => 1,
"hh" => 1
}
);Modifies existing group. Group attributes which should be changed are described in $data_hash, $config_hash describes special configuration data, especially group identification.
Example 272.
For general values of $config hash, see L<GroupAdd>.
Additinally, $config must contain one of the key used to identify
the group which should be modified:
"dn" Distingueshed name (only for of LDAP group)
"cn" Group name (or value of "cn" attribute for LDAP group).
"gidNumber" GID number (value of "gidNumber" for LDAP group).Example 273.
# change GID value of local group (identified with name)
my $error = GroupModify ({ "cn" => "users" }, { "gidNumber" => 101 });
my $config = { "type" => "ldap",
"gidNumber" => 5555
};
my $data = { "member" => [
"uid=test,ou=people,dc=example,dc=com",
"uid=ll,ou=people,dc=example,dc=com",
"uid=admin,dc=example,dc=com"
]
};
# changes a member attribute of LDAP group (identified with id)
$error = GroupModify ($config, $data);
Example 274.
You can see on example that "member" attribute could be passed either as an array (which could one expect for LDAP attribute) or as hash, (which is used by YaST for internal representation) as shown in example for GroupAdd () function. YaST always takes care of it and does the necessary conversions.
Adds a new member to the given group. User is described in $user_hash, group identification is passwd in $config_hash. User must exist.
Example 275.
For general values of $config hash, see L<GroupAdd>.
For parameters necessary to identify the group, see L<GroupModify>.
$user_hash must include the information necessary to identify the
user. This has to be one of these keys:
"dn" Distinguished name (DN) [only for LDAP users]
"uid" User name (which is "uid" attribute for LDAP user)
"uidNumber" UID (which is "uidNumber" attribute for LDAP user)Example 276.
my $config = { "type" => "ldap",
"bind_dn" => "uid=admin,dc=example,dc=com",
"gidNumber" => 5555
};
my $user = { "uid" => "my_user" }
};
my $error = GroupMemberAdd ($config, $user);Deletes a member from the group.
Example 277.
For general values of $config hash, see L<GroupAdd>.
For parameters necessary to identify the group, see L<GroupModify>.
$user_hash must include the information necessary to identify the
user - see L<GroupMemberAdd>Example 278.
my $config = { "type" => "ldap",
"dn" => "cn=lgroup,dc=example,dc=com"
};
my $user = { "uidNumber" => 1000 }
# removes user with given uidNumber from group with given DN
my $error = GroupMemberDelete ($config, $user);Deletes existing group. Identification of group is stored in $config_hash.
Example 279.
For general values of $config hash, see L<GroupAdd>.
For parameters necessary to identify the group, see L<GroupModify>.
Example 280.
my $config = { "type" => "local",
"uid" => "users"
};
my $error = GroupDelete ($config);Returns a map describing selected group.
Example 281.
For general values of $config hash, see L<GroupAdd>.
For parameters necessary to identify the group, see L<GroupModify>.
Example 282.
my $config = { "type" => "ldap",
"group_attributes" => [ "cn", "gidNumber", "member" ],
"gidNumber" => 500
};
# searches for LDAP group with gidNumber 500 and returns the hash
# with given attributes
my $group = GroupGet ($config);Returns a hash describing the set of groups. By default, the hash is indexed by GID number, unless statet otherwise in $config_hash.
Example 283.
For general values of $config hash, see L<GroupAdd>.
Additionally, there is a special key
"index" The name of the key, which should be used as a index
in the return hash (default value is "gidNumber").Example 284.
# searches for LDAP groups in default base and returns the hash
# indexed by GID's with the hash values containing groups with all
# non-empty attributes
my $groups = GroupsGet ({ "type" => "ldap" });
# returns hash with all NIS groups
$groups = GroupsGet ({ "type" => "nis" });Returns a hash describing the set of groups. By default, the hash is indexed by GID number, unless stated differently in $config_hash.
Example 285.
For general values of $config hash, see L<GroupAdd>.
$user_hash must include the information necessary to identify the
user - see L<GroupMemberAdd>.
Additionally, there is a special key
"index" The name of the key, which should be used as a index
in the return hash.Example 286.
my $config = { "type" => "ldap",
"index" => "dn"
"group_scope" => YaST::YCP::Integer (2),
};
my $user = { "dn" => "uid=ll,ou=people,dc=example,dc=com" };
# searches for LDAP groups in default base and returns the hash
# indexed by DN's with the hash values containing groups with all
# non-empty attributes
my $groups = GroupsGetByUser ($config, $user);