8. YaPI::LdapServer

This package is the public Yast2 API to managing a LDAP Server.

8.1. List of Global Functions

\$bool = Init()
\@dbList = ReadDatabaseList()
$bool = AddDatabase(\%valueMap)
$bool = EditDatabase($suffix,\%valueMap)
\%valueMap = ReadDatabase($suffix)
\@indexList = ReadIndex($suffix)
$bool = EditIndex($suffix,\%indexMap)
\@aclList = ReadAcl($suffix)
$bool = WriteAcl($suffix,\@aclList)
\@list = ReadSchemaList()
$bool = AddSchema($file)
\@list = ReadAllowList()
$bool = WriteAllowList(\@list)
$loglevel = ReadLoglevel()
$bool = AddLoglevel($bit)
$bool = DeleteLoglevel($bit)
$bool = WriteLoglevel($loglevel)
ModifyService($status)
SwitchService($status)
$status = ReadService()
\%valueMap = ReadTLS()
$bool = WriteTLS(\%valueMap)
$bool = CheckCommonServerCertificate()
$bool = ConfigureCommonServerCertificate()
$bool = ImportCertificates(\%valueMap)
$bool = ReadSLPEnabled()
$bool = WriteSLPEnabled( $bool )

8.2. Functions

8.2.1. \$bool = Init()

Initializes the API, needs to be called first, before any other API call.

8.2.2. \@dbList = ReadDatabaseList()

Returns a List of databases. Each element of the list is a hash reference with the following elements:

Example 204.

 * 'index' : The index of the database. Frontend Database has index -1, 
        config database has index 0 and first "real" database has index 1.

 * 'suffix': The base DN the database is servinng e.g. 'dc=example,dc=com'
 
 * 'type': The database type e.g. 'bdb' or 'config'

Example 205.

 use Data::Dumper;

 my $res = YaPI::LdapServer->ReadDatabaseList();
 if( not defined $res ) {
     # error    
 } else {
     print "OK: \n";
     print STDERR Data::Dumper->Dump([$res])."\n";
 }

8.2.3. $bool = AddDatabase(\%valueMap)

Creates a new database section in the configuration file, start or restart the LDAP Server and add the base object. If the database exists, nothing is done and undef is returned.

Example 206.

 * type: The database type (required)
 
 * suffix: The suffix (required)
 
 * directory: The Directory where the database files are(bdb/ldbm) (required)

 * createdatabasedir: If true the directory for the database will be created (optional; default false)

 * rootdn: The Root DN 
 
 * rootpw: The hashed RootDN Password (requires rootdn)

 * rootpw_clear: The plain Root Password (requires rootdn)

 * cryptmethod: The crypt method; allowed values are (CRYPT, SMD5, SHA, SSHA, PLAIN); default is 'SSHA'
 
 * entrycache: The cachesize (optional; default 10000)
 
 * idlcache: The cachesize (optional; default 10000)
 
 * checkpoint: The bdb checkpoint setting as an array reference (optional; default [1024, 5])

Example 207.

 my $hash = {
             database     => 'bdb',
             suffix       => 'dc=example,dc=com',
             rootdn       => "cn=Admin,dc=example,dc=com",
             rootpw_clear => "system",
             cryptmethod  => 'SMD5',
             directory    => "/var/lib/ldap/db1",
            };

 my $res = YaPI::LdapServer->AddDatabase($hash);
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
 }

8.2.4. $bool = EditDatabase($suffix,\%valueMap)

Edit the database section with the suffix $suffix in the configuration file. Only save parameter are supported.

Example 208.

 * rootdn: The Root DN
 
 * rootpw: The Root Password

 * rootpw_clear: The cleartext Root Password
 
 * cryptmethod: The crypt method; allowed values are (CRYPT, SMD5, SHA, SSHA, PLAIN); default is 'SSHA'

Example 209.

 my $hash = { suffix      => "dc=example,dc=com",
              rootdn      => "cn=Administrator,dc=example,dc=com",
              rootpw      => "example",
              cryptmethod => "CRYPT"
            };

 my $res = YaPI::LdapServer->EditDatabase($hash);
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
 }

8.2.5. \%valueMap = ReadDatabase($suffix)

Read the database section with the suffix $suffix.

Example 210.

 * type: The database type
 
 * suffix: The suffix
 
 * rootdn: The Root DN
 
 * rootpw: The Root Password Hash
 
 * directory: The Directory where the database files are (bdb/hdb)
 
 * entrycache: The size of the entrycache
 
 * idlcache: The size of the idlcache

 * checkpoint: The checkpoint setting (A reference to a list see
   AddDatabase()

Example 211.

 use Data::Dumper;

 my $res = YaPI::LdapServer->ReadDatabase('"dc=example,dc=com"');
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
     print STDERR Data::Dumper->Dump([$res])."\n";
 }

8.2.6. \@indexList = ReadIndex($suffix)

Returns a Map of Maps with all defined indexes for a database. The keys of the outer Map are LDAP Attribute Type (e.g. 'objectClass'), the keys in the inner Maps are booleans for the specific type of indexes.

Example 212.

 {
   'objectClass' => {
                      'eq' => 1
                    },
   'cn' => {
             'sub' => 1,
             'pres' => 1,
             'eq' => 1
           }
 }

Example 213.

 use Data::Dumper;

 my $res = YaPI::LdapServer->ReadIndex('"dc=example,dc=com"');
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
     print STDERR Data::Dumper->Dump([$res])."\n";
 }

8.2.7. $bool = EditIndex($suffix,\%indexMap)

Add/or change the indexing of a single AttributeType.

Example 214.

 * 'name', A single AttributeType

 * 'eq', A boolean to indicate whether an equality index should be created 

 * 'sub', A boolean to indicate whether a substring index should be created 

 * 'pres', A boolean to indicate whether a presence index should be created

Example 215.

 my $newIndex = {
                 'name'  => "uid",
                 'eq' => 1,
                 'pres' => 1,
                 'sub' => 0
                };

 my $res = YaPI::LdapServer->EditIndex("dc=example,dc=com", $newIndex);
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
 }

8.2.8. \@aclList = ReadAcl($suffix)

Returns a list of all included schemas items

Example 216.

 Read ACLs of a Database

 The return value is a list of maps defining the ACLs. The maps  
 has the following structure:

  {
      'target' => {
              # a Map defining the target objects of this ACL
              # can contain any or multiple keys of the following
              # types
              'attrs'  => [ <list of attributetypes> ],
              'filter' => <LDAP filter string>,
              'dn' => {
                      'style' => <'base' or 'subtree'>
                      'value' => <LDAP DN>
                  }
          },
      'access' => [
              # a list of maps defining the access level of different
              # indentities, each map looks like this:
              'level' => <'none'|'disclose'|'auth'|'compare'|'read'|'write'|'manage'>,
              'type'  => <'self'|'users'|'anoymous'|'*'|'group'|'dn.base'|'dn.subtree'>
              # if type is 'group', 'dn.base', 'dn.subtree':
              'value'    => <a valid LDAP DN>
          ]

  }

8.2.9. $bool = WriteAcl($suffix,\@aclList)

Returns a list of all included schemas items

Example 217.

 Update the ACLs of a Database, all exiting ACLs of that Database are overwritten.

 The aclList parameter must have the same structure as documented for the
 ReadAcl function above.

8.2.10. \@list = ReadSchemaList()

Returns a list of all included schemas items

Example 218.

 use Data::Dumper;

 my $res = YaPI::LdapServer->ReadSchemaList();
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
     print STDERR Data::Dumper->Dump([$res])."\n";
 }

8.2.11. $bool = AddSchema($file)

Adds an additional schema item. $file is the absolute pathname of the file to add. It can either be in .schema or LDIF format.

Example 219.

 my $res = YaPI::LdapServer->AddSchema("/etc/openldap/schema/ppolicy.schema");
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
 }

8.2.12. \@list = ReadAllowList()

Returns a list of allow statements.

Example 220.

 use Data::Dumper;

 my $res = YaPI::LdapServer->ReadAllowList();
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
     print STDERR Data::Dumper->Dump([$res])."\n";
 }

8.2.13. $bool = WriteAllowList(\@list)

Replaces the complete allow option with the specified feature list.

Example 221.

 my @list = ( "bind_v2" );

 $res = YaPI::LdapServer->WriteAllowList( \@list );
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
 }

8.2.14. $loglevel = ReadLoglevel()

Read the loglevel bitmask.

Example 222.

 my $res = YaPI::LdapServer->ReadLoglevel();
 if( not defined $res ) {

 } else {
     print "OK: \n";
     print STDERR Data::Dumper->Dump([$res])."\n";
 }

8.2.15. $bool = AddLoglevel($bit)

Set the given loglevel bit to 1 in the current bitmask.

Example 223.

 my $res = YaPI::LdapServer->AddLoglevel( 0x04 );
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
 }

8.2.16. $bool = DeleteLoglevel($bit)

Set the given loglevel bit to 0 in the current bitmask.

Example 224.

 my $res = YaPI::LdapServer->DeleteLoglevel( 0x04 );
 if( not defined $res ) {

 } else {
     print "OK: \n";
 }

8.2.17. $bool = WriteLoglevel($loglevel)

Replaces the loglevel bitmask.

Example 225.

 my $res = YaPI::LdapServer->WriteLoglevel( 0x06 );
 if( not defined $res ) {

 } else {
     print "OK: \n";
 }

8.2.18. ModifyService($status)

with this function you can turn on and off the LDAP server runlevel script. Turning off means, no LDAP server start at boot time.

Example 226.

 ModifyService(0); # turn LDAP server off at boot time
 ModifyService(1); # turn LDAP server on at boot time

8.2.19. SwitchService($status)

with this function you can start and stop the LDAP server service.

Example 227.

 SwitchService( 0 ); # turning off the LDAP server service
 SwitchService( 1 ); # turning on the LDAP server service

8.2.20. $status = ReadService()

with this function you can read out the state of the LDAP server runlevel script (starting LDAP server at boot time).

Example 228.

 print "LDAP is ".( (ReadService())?('on'):('off') )."\n";

8.2.21. \%valueMap = ReadTLS()

Return the current TLS settings

Example 229.

 * TLSCipherSuite: cipher suite parameter
 
 * TLSCACertificateFile: Specifies the file that contains certificates for all of the Certificate Authorities that slapd will recognize.

 * TLSCACertificatePath: Specifies  the path of a directory that contains Certificate Authority certificates in separate individual files. Usually only one of this or the TLSCACertificateFile is used.

 * TLSCertificateFile: Specifies the file that contains the slapd server certificate.

 * TLSCertificateKeyFile: Specifies the file that contains the slapd server private key.

 * TLSVerifyClient: Specifies what checks to perform on client certificates in an incoming TLS session.

Example 230.

 use Data::Dumper;

 my $res = YaPI::LdapServer->ReadTLS();
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
     print STDERR Data::Dumper->Dump([$res])."\n";
 }

8.2.22. $bool = WriteTLS(\%valueMap)

Edit the TLS options in the configuration file.

Example 231.

 * TLSCipherSuite: cipher suite parameter
 
 * TLSCACertificateFile: Specifies the file that contains certificates for all of the Certificate Authorities that slapd will recognize.

 * TLSCACertificatePath: Specifies  the path of a directory that contains Certificate Authority certificates in separate individual files. Usually only one of this or the TLSCACertificateFile is used.

 * TLSCertificateFile: Specifies the file that contains the slapd server certificate.

 * TLSCertificateKeyFile: Specifies the file that contains the slapd server private key.

 * TLSVerifyClient: Specifies what checks to perform on client certificates in an incoming TLS session.

Example 232.

 my $hash = {
             TLSCipherSuite        => "HIGH:MEDIUM:+SSLv2",
             TLSCertificateFile    => "/etc/ssl/server_crt.pem",
             TLSCertificateKeyFile => "/etc/ssl/server_key.pem",
             TLSCACertificateFile  => "/etc/ssl/ca.pem",
             TLSVerifyClient       => "never"
            };

 my $res = YaPI::LdapServer->WriteTLS($hash);
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
 }

8.2.23. $bool = CheckCommonServerCertificate()

Check, if a server certificate is available which can be used for more then one service. Such common certificate is saved at '/etc/ssl/servercerts/servercert.pem'.

Example 233.

 my $res = YaPI::LdapServer->CheckCommonServerCertificate();
 if( not defined $res ) {
     # error
 } else {
     print "Available \n" if($res);
     print "Not Avalable \n" if(!res);
 }

8.2.24. $bool = ConfigureCommonServerCertificate()

Configure the LDAP server to use the common server certificate.

Example 234.

 my $res = YaPI::LdapServer->ConfigureCommonServerCertificate();
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
 }

8.2.25. $bool = ImportCertificates(\%valueMap)

Import certificates and configure TLS for the LDAP Server.

Example 235.

 my $hash = {
              ServerCertificateFile => '/path/to/the/certificate.pem',
              ServerKeyFile         => '/path/to/the/key.pem',
              CACertificatesFile    => '/path/to/the/CAcertificate.pem',
            }

 my $res = YaPI::LdapServer->ImportCertificates($hash);
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
 }

8.2.26. $bool = ReadSLPEnabled()

This function reads the OPENLDAP_REGISTER_SLP entry in /etc/sysconfig/openldap. It returns 'true' if it reads 'yes' and 'false' if it reads 'no'.

Example 236.

 print "SLP registering is ".( (ReadSLPEnabled())?('activated'):('deactivated') )."\n";

8.2.27. $bool = WriteSLPEnabled( $bool )

This function sets OPENLDAP_REGISTER_SLP in /etc/sysconfig/openldap. The entry is set to 'yes' if the argument is true or 'no' if the argument is false.

Example 237.

  WriteSLPEnabled( 1 );


7. YaPI::HTTPD		9. YaPI::MailServer