Configuration of LDAP client |
modules/Ldap.ycp |
LDAP client configuration data, I/O functions. |
|
|
Imports
- Arch
- Autologin
- Label
- Message
- Mode
- Nsswitch
- Package
- PamSettings
- Popup
- Progress
- Report
- Service
- Stage
- Summary
Includes
Global Variables
Global Functions
Local Functions
|
|
|
global use_gui -> boolean
|
|
show popups with error messages?
global base_config_dn -> string
|
|
DN of base configuration object
global required_packages -> list<string>
|
|
Required packages for this module to operate
-- they are now required only when LDAP is set for authentication
global write_only -> boolean
|
|
Write only, used during autoinstallation.
Don't run services and SuSEconfig, it's all done at one place.
Are LDAP services available via nsswitch.conf?
global nis_available -> boolean
|
|
Is NIS service available? If yes, and LDAP client will be enabled, warn
user (see bug #36981)
global _autofs_allowed -> boolean
|
|
If no, automounter will not be affected.
global _start_autofs -> boolean
|
|
Start automounter and import the settings from LDAP
global login_enabled -> boolean
|
|
If login of LDAP uses to local machine is enabled
global member_attribute -> string
|
|
which attribute have LDAP groups for list of members
IP addresses of LDAP server.
global file_server -> boolean
|
|
If home directories of LDAP users are stored on this machine
DN for binding to LDAP server
global new_objects -> map
|
|
defaults for adding new config objects and templates
global object_classes -> map
|
|
Map of object classes (from schema). Indexed by names.
Map of atribute types (from schema). Indexed by names.
global hash_schemas -> list
|
|
encryption schemes supported by slappasswd
global available_config_modules -> list<string>
|
|
Available configuration modules (objectclass names)
TODO update
global initial_defaults -> map
|
|
The defualt values, which should replace the ones from Read ()
Used during instalation, when we want to do a reasonable proposal
global initial_defaults_used -> boolean
|
|
If the default values, used from ldap-server module were used
to configure ldap-client
global restart_sshd -> boolean
|
|
if sshd should be restarted during write phase
global DomainChanged () -> boolean
|
|
If the domain has changed from a nonempty one, it may only be
changed at boot time. Use this to warn the user.
- Return value:
|
whether changed by SetDomain |
global GetDomain () -> string
|
|
- Return value:
global SetDomain (string new_domain) -> void
|
|
Set the LDAP domain.
- Parameters:
global SetDefaults (map settings) -> boolean
|
|
Set the defualt values, which should replace the ones from Read ()
Used during instalation, when we want to do a reasonable proposal
- Parameters:
global Set (map settings) -> void
|
|
Only set variables, without checking anything
@return: void
- Parameters:
global Import (map settings) -> boolean
|
|
Get all the LDAP configuration from a map.
When called by ldap_auto (preparing autoinstallation data)
the map may be empty.
- Parameters:
settings |
$["start": "domain": "servers":[...] ] |
- Return value:
Dump the LDAP settings to a map, for autoinstallation use.
- Return value:
|
$["start":, "servers":[...], "domain":] |
global Summary () -> string
|
|
Summary()
returns html formated configuration summary
- Return value:
global ShortSummary () -> string
|
|
returns html formated configuration summary (shorter than Summary)
- Return value:
local ReadLdapConfEntry (string entry, string defvalue) -> string
|
|
Read single entry from /etc/ldap.conf file
- Parameters:
entry |
entry name |
defvalue |
default value if entry is not present |
- Return value:
local ReadLdapConfEntries (string entry) -> list<string>
|
|
Read multi-valued entry from /etc/ldap.conf file
- Parameters:
- Return value:
local WriteLdapConfEntry (string entry, string value) -> void
|
|
Write (single valued) entry to /etc/ldap.conf
- Parameters:
entry |
name
@param value |
value |
|
local WriteLdapConfEntries (string entry, list<string> value) -> void
|
|
Write (possibly multi valued) entry to /etc/ldap.conf
- Parameters:
entry |
name |
value |
it is of type [attr1, attr2],
in /etc/ldap.conf should be written as "entry attr1 attr2" |
- Example:
-
to write "nss_map_attribute uniquemember member", call
WriteLdapConfEntries ("nss_map_attribute", ["uniquemember", "member"]) |
local AddLdapConfEntry (string entry, string value) -> void
|
|
Add a new value to the entry in /etc/ldap.conf
- Parameters:
entry |
name
@param value |
value |
|
global Read () -> boolean
|
|
Reads LDAP settings from the SCR
- Return value:
global LDAPErrorMessage (string type, string error) -> void
|
|
Error popup for errors detected during LDAP operation
- Parameters:
type |
error type: binding/reading/writing |
error |
|
global LDAPErrorMap () -> map
|
|
Reads and returns error map (=message + code) from agent
global LDAPError () -> string
|
|
Reads and returns error message from agent
global LDAPInit () -> string
|
|
Initializes LDAP agent
global LDAPBind (string pass) -> string
|
|
Binds to LDAP server
- Parameters:
global GetLDAPPassword (boolean enable_anonymous) -> string
|
|
Asks user for bind password to LDAP server
- Parameters:
- Return value:
global LDAPAskAndBind (boolean enable_anonymous) -> string
|
|
Asks for LDAP password and tries to bind with it
- Parameters:
- Return value:
|
password entered, nil on cancel |
global SingleValued (string attr) -> boolean
|
|
Check if attribute allowes only single or multiple value
- Parameters:
- Return value:
global AttributeDescription (string attr) -> string
|
|
Gets the description of attribute (from schema)
- Parameters:
- Return value:
global ObjectClassExists (string class) -> boolean
|
|
Returns true if given object class exists in schema
- Parameters:
global ObjectClassStructural (string class) -> boolean
|
|
Returns true if given object class is of 'structural' type
- Parameters:
global GetAllAttributes (string class) -> list
|
|
Returns allowed and required attributes of given object class
Read it from LDAP if it was not done yet.
- Parameters:
- Return value:
|
attribute names (list of strings) |
global GetRequiredAttributes (string class) -> list<string>
|
|
Returns required attributes of given object class
Read it from LDAP if it was not done yet.
- Parameters:
- Return value:
|
attribute names (list of strings) |
global GetObjectAttributes (list classes) -> list
|
|
Returns the list of all allowed and required attributes for each
object class, given in the list of object classes
- Parameters:
classes |
list of object classes whose attributes we want |
- Return value:
|
attribute names (list of strings) |
global AddMissingAttributes (map object) -> map
|
|
For a given object, add all atributes this object is allowed to have
according to its "objectclass" value. Added attributes have empty values.
- Parameters:
object |
map describing LDAP entry |
- Return value:
global InitSchema () -> string
|
|
Prepare agent for later schema queries
(agent reads schema to its internal structures)
- Return value:
global ConvertDefaultValues (map templ) -> map
|
|
In template object, convert the list of values
(where is in the form [ "a1=v1", "a2=v2"])
to map (in the form $[ "a1":"v1", "a2":"v2"]
- Parameters:
templ |
original template map |
- Return value:
global ReadTemplates () -> string
|
|
Read object templates from LDAP server
- Return value:
global ReadConfigModules () -> string
|
|
Read configuration moduels from LDAP server
- Return value:
global GetLDAPEntry (string dn) -> map
|
|
Search for one entry (=base scope) in LDAP directory
- Parameters:
- Return value:
|
with entry values, empty map if nothing found, nil on error |
global ParentExists (string dn) -> boolean
|
|
Check for existence of parent object of given DN in LDAP tree
return the answer
- Parameters:
global GetMainConfigDN () -> string
|
|
Return main configuration object DN
global GetConfigModules () -> map
|
|
Return the map of configuration modules (new copy)
(in the form $[ DN: $[ map_of_one_module] ])
global GetTemplates () -> map
|
|
Return the map of templates (new copy)
global GetDefaultObjectClasses (map template) -> list
|
|
Return list of default object classes for user or group
There is fixed list here, it is not saved anywhere (only in default
users plugin for LDAP objects)
- Parameters:
template |
used for differ if we need user or group list |
global CreateTemplate (string cn, list<string> classes) -> map
|
|
Creates default new map for a new object template
- Parameters:
cn |
cn of new template |
classes |
object classes of the object the template will belong to |
- Return value:
global CreateModule (string cn, string class) -> map<string,any>
|
|
Creates default new map for new configuration object
- Parameters:
cn |
|
class |
additional objectclass of new module (e.g.userConfiguration) |
- Return value:
global ReadDN (string base, string search_filter) -> list<string>
|
|
Searches for DN's of all objects defined by filter in given base ("sub")
- Parameters:
base |
search base |
search_filter |
if filter is empty, "objectclass=*" is used |
- Return value:
|
of DN's (list of strings) |
global GetGroupsDN (string base) -> list
|
|
Returns DN's of groups (objectclass=posixGroup) in given base
- Parameters:
- Return value:
global CheckTemplateDN (string dn) -> map
|
|
Check if given DN exist and if it points to some template
@param dn
- Parameters:
- Return value:
|
empty map if DN don't exist, template map if DN points
to template object, nil if object with given DN is not template |
global CommitConfigModules (map modules) -> boolean
|
|
Save the edited map of configuration modules to global map
- Parameters:
global CommitTemplates (map templs) -> boolean
|
|
Save the edited map of templates to global map
- Parameters:
global WriteToLDAP (map objects) -> map
|
|
Writes map of objects to LDAP
- Parameters:
objects |
map of objects to write. It is in the form:
$[ DN: (map) attribute_values] |
- Return value:
|
error map (empty on success) |
- Example:
-
global WriteLDAP (map objects) -> boolean
|
|
Writes map of objects to LDAP. Ask for password, when needed and
shows the error message when necessary.
- Parameters:
- Return value:
global WriteOpenLdapConf () -> boolean
|
|
Modify also /etc/openldap/ldap.conf for the use of
ldap client utilities (like ldapsearch)
- Return value:
global WritePlusLine (boolean login) -> boolean
|
|
If a file does not + entry, add it.
- Parameters:
- Return value:
local CreateDefaultLDAPConfiguration () -> boolean
|
|
create the default objects for users and groups
global Write (block<boolean> abort) -> symbol
|
|
Saves LDAP configuration.
- Parameters:
global CheckBaseConfig (string dn) -> boolean
|
|
Check if base config DN belongs to some existing object and offer
creating it if necessary
- Parameters:
global UpdatedArchPackages (list<string> packages) -> list<string>
|
|
Return list of architecture specific packages (derived from package list
given as parameter) merged with the packages in parameter
- Parameters:
global AutoPackages () -> map
|
|
Return needed packages and packages to be removed
during autoinstallation.
- Return value:
global SetBindPassword (string pass) -> void
|
|
Set the value of bind_pass variable
- Parameters:
global SetAnonymous (boolean anon) -> void
|
|
Set the value of 'anonymous' variable (= bind without password)
- Parameters:
global SetGUI (boolean gui) -> void
|
|
Set the value of 'use_gui' variable (= show error popups)
- Parameters:
global RestartSSHD (boolean restart) -> void
|
|
Set the value of restart_sshd (= restart sshd during write)
- Parameters:
|