YaST2 Developers Documentation: Configuration of LDAP client



functions
files
intro

Configuration of LDAP client

modules/Ldap.ycp
LDAP client configuration data, I/O functions.

Imports

  • Arch
  • Autologin
  • Label
  • Message
  • Mode
  • Nsswitch
  • Package
  • PamSettings
  • Popup
  • Progress
  • Report
  • Service
  • Stage
  • Summary

Includes

  • ldap/routines.ycp

Global Variables

Global Functions

Local Functions

global use_gui -> boolean

show popups with error messages?

global base_config_dn -> string

DN of base configuration object

global required_packages -> list<string>

Required packages for this module to operate -- they are now required only when LDAP is set for authentication

global write_only -> boolean

Write only, used during autoinstallation. Don't run services and SuSEconfig, it's all done at one place.

global start -> boolean

Are LDAP services available via nsswitch.conf?

global nis_available -> boolean

Is NIS service available? If yes, and LDAP client will be enabled, warn user (see bug #36981)

global _autofs_allowed -> boolean

If no, automounter will not be affected.

global _start_autofs -> boolean

Start automounter and import the settings from LDAP

global login_enabled -> boolean

If login of LDAP uses to local machine is enabled

global member_attribute -> string

which attribute have LDAP groups for list of members

global server -> string

IP addresses of LDAP server.

global file_server -> boolean

If home directories of LDAP users are stored on this machine

global bind_dn -> string

DN for binding to LDAP server

global new_objects -> map

defaults for adding new config objects and templates

global object_classes -> map

Map of object classes (from schema). Indexed by names.

global attr_types -> map

Map of atribute types (from schema). Indexed by names.

global hash_schemas -> list

encryption schemes supported by slappasswd

global available_config_modules -> list<string>

Available configuration modules (objectclass names) TODO update

global initial_defaults -> map

The defualt values, which should replace the ones from Read () Used during instalation, when we want to do a reasonable proposal

global initial_defaults_used -> boolean

If the default values, used from ldap-server module were used to configure ldap-client

global restart_sshd -> boolean

if sshd should be restarted during write phase

global DomainChanged () -> boolean

If the domain has changed from a nonempty one, it may only be changed at boot time. Use this to warn the user.

Return value:
whether changed by SetDomain

global GetDomain () -> string

Return value:
Get the LDAP domain.

global SetDomain (string new_domain) -> void

Set the LDAP domain.

Parameters:
new_domain a new domain

global SetDefaults (map settings) -> boolean

Set the defualt values, which should replace the ones from Read () Used during instalation, when we want to do a reasonable proposal

Parameters:
settings

global Set (map settings) -> void

Only set variables, without checking anything @return: void

Parameters:
settings

global Import (map settings) -> boolean

Get all the LDAP configuration from a map. When called by ldap_auto (preparing autoinstallation data) the map may be empty.

Parameters:
settings $["start": "domain": "servers":[...] ]
Return value:
success

global Export () -> map

Dump the LDAP settings to a map, for autoinstallation use.

Return value:
$["start":, "servers":[...], "domain":]

global Summary () -> string

Summary() returns html formated configuration summary

Return value:
summary

global ShortSummary () -> string

returns html formated configuration summary (shorter than Summary)

Return value:
summary

local ReadLdapConfEntry (string entry, string defvalue) -> string

Read single entry from /etc/ldap.conf file

Parameters:
entry entry name
defvalue default value if entry is not present
Return value:
entry value

local ReadLdapConfEntries (string entry) -> list<string>

Read multi-valued entry from /etc/ldap.conf file

Parameters:
entry entry name
Return value:
entry value

local WriteLdapConfEntry (string entry, string value) -> void

Write (single valued) entry to /etc/ldap.conf

Parameters:
entry name @param value
value

local WriteLdapConfEntries (string entry, list<string> value) -> void

Write (possibly multi valued) entry to /etc/ldap.conf

Parameters:
entry name
value it is of type [attr1, attr2], in /etc/ldap.conf should be written as "entry attr1 attr2"
Example:
  to write "nss_map_attribute       uniquemember member", call
 WriteLdapConfEntries ("nss_map_attribute", ["uniquemember", "member"])

local AddLdapConfEntry (string entry, string value) -> void

Add a new value to the entry in /etc/ldap.conf

Parameters:
entry name @param value
value

global Read () -> boolean

Reads LDAP settings from the SCR

Return value:
success

global LDAPErrorMessage (string type, string error) -> void

Error popup for errors detected during LDAP operation

Parameters:
type error type: binding/reading/writing
error

global LDAPErrorMap () -> map

Reads and returns error map (=message + code) from agent

global LDAPError () -> string

Reads and returns error message from agent

global LDAPInit () -> string

Initializes LDAP agent

global LDAPBind (string pass) -> string

Binds to LDAP server

Parameters:
pass password

global GetLDAPPassword (boolean enable_anonymous) -> string

Asks user for bind password to LDAP server

Parameters:
enable_anonymous
Return value:
password

global LDAPAskAndBind (boolean enable_anonymous) -> string

Asks for LDAP password and tries to bind with it

Parameters:
enable_anonymous
Return value:
password entered, nil on cancel

global SingleValued (string attr) -> boolean

Check if attribute allowes only single or multiple value

Parameters:
attr attribute name
Return value:
answer

global AttributeDescription (string attr) -> string

Gets the description of attribute (from schema)

Parameters:
attr attribute name
Return value:
description

global ObjectClassExists (string class) -> boolean

Returns true if given object class exists in schema

Parameters:
class ObjectClass name

global ObjectClassStructural (string class) -> boolean

Returns true if given object class is of 'structural' type

Parameters:
class ObjectClass name

global GetAllAttributes (string class) -> list

Returns allowed and required attributes of given object class Read it from LDAP if it was not done yet.

Parameters:
class
Return value:
attribute names (list of strings)

global GetRequiredAttributes (string class) -> list<string>

Returns required attributes of given object class Read it from LDAP if it was not done yet.

Parameters:
class
Return value:
attribute names (list of strings)

global GetObjectAttributes (list classes) -> list

Returns the list of all allowed and required attributes for each object class, given in the list of object classes

Parameters:
classes list of object classes whose attributes we want
Return value:
attribute names (list of strings)

global AddMissingAttributes (map object) -> map

For a given object, add all atributes this object is allowed to have according to its "objectclass" value. Added attributes have empty values.

Parameters:
object map describing LDAP entry
Return value:
updated map

global InitSchema () -> string

Prepare agent for later schema queries (agent reads schema to its internal structures)

Return value:
error message

global ConvertDefaultValues (map templ) -> map

In template object, convert the list of values (where is in the form [ "a1=v1", "a2=v2"]) to map (in the form $[ "a1":"v1", "a2":"v2"]

Parameters:
templ original template map
Return value:
updated template map

global ReadTemplates () -> string

Read object templates from LDAP server

Return value:
error message

global ReadConfigModules () -> string

Read configuration moduels from LDAP server

Return value:
error message

global GetLDAPEntry (string dn) -> map

Search for one entry (=base scope) in LDAP directory

Parameters:
dn DN of entry
Return value:
with entry values, empty map if nothing found, nil on error

global ParentExists (string dn) -> boolean

Check for existence of parent object of given DN in LDAP tree return the answer

Parameters:
dn

global GetMainConfigDN () -> string

Return main configuration object DN

global GetConfigModules () -> map

Return the map of configuration modules (new copy) (in the form $[ DN: $[ map_of_one_module] ])

global GetTemplates () -> map

Return the map of templates (new copy)

global GetDefaultObjectClasses (map template) -> list

Return list of default object classes for user or group There is fixed list here, it is not saved anywhere (only in default users plugin for LDAP objects)

Parameters:
template used for differ if we need user or group list

global CreateTemplate (string cn, list<string> classes) -> map

Creates default new map for a new object template

Parameters:
cn cn of new template
classes object classes of the object the template will belong to
Return value:
template map

global CreateModule (string cn, string class) -> map<string,any>

Creates default new map for new configuration object

Parameters:
cn
class additional objectclass of new module (e.g.userConfiguration)
Return value:
new module map

global ReadDN (string base, string search_filter) -> list<string>

Searches for DN's of all objects defined by filter in given base ("sub")

Parameters:
base search base
search_filter if filter is empty, "objectclass=*" is used
Return value:
of DN's (list of strings)

global GetGroupsDN (string base) -> list

Returns DN's of groups (objectclass=posixGroup) in given base

Parameters:
base LDAP search base
Return value:
groups (list of strings)

global CheckTemplateDN (string dn) -> map

Check if given DN exist and if it points to some template @param dn

Parameters:
dn
Return value:
empty map if DN don't exist, template map if DN points to template object, nil if object with given DN is not template

global CommitConfigModules (map modules) -> boolean

Save the edited map of configuration modules to global map

Parameters:
modules

global CommitTemplates (map templs) -> boolean

Save the edited map of templates to global map

Parameters:
templs

global WriteToLDAP (map objects) -> map

Writes map of objects to LDAP

Parameters:
objects map of objects to write. It is in the form: $[ DN: (map) attribute_values]
Return value:
error map (empty on success)
Example:
  TODO

global WriteLDAP (map objects) -> boolean

Writes map of objects to LDAP. Ask for password, when needed and shows the error message when necessary.

Parameters:
objects
Return value:
success

global WriteOpenLdapConf () -> boolean

Modify also /etc/openldap/ldap.conf for the use of ldap client utilities (like ldapsearch)

Return value:
modified?

global WritePlusLine (boolean login) -> boolean

If a file does not + entry, add it.

Parameters:
login
Return value:
success?

local CreateDefaultLDAPConfiguration () -> boolean

create the default objects for users and groups

global Write (block<boolean> abort) -> symbol

Saves LDAP configuration.

Parameters:
abort block for abort

global CheckBaseConfig (string dn) -> boolean

Check if base config DN belongs to some existing object and offer creating it if necessary

Parameters:
dn

global UpdatedArchPackages (list<string> packages) -> list<string>

Return list of architecture specific packages (derived from package list given as parameter) merged with the packages in parameter

Parameters:
packages

global AutoPackages () -> map

Return needed packages and packages to be removed during autoinstallation.

Return value:
of lists.

global SetBindPassword (string pass) -> void

Set the value of bind_pass variable

Parameters:
pass new password valure

global SetAnonymous (boolean anon) -> void

Set the value of 'anonymous' variable (= bind without password)

Parameters:
anon new value

global SetGUI (boolean gui) -> void

Set the value of 'use_gui' variable (= show error popups)

Parameters:
gui new value

global RestartSSHD (boolean restart) -> void

Set the value of restart_sshd (= restart sshd during write)

Parameters:
restart

YaST2 Developers Documentation