The methods of ldapcpp library are described in ldapcpplib package documentation.
The complete development documentation is available in the autodocs/ directory.
See the TODO.txt file for the current status of support and also for the list of possible future enhancements.
| Path | Argument | Type of Result | Result |
|---|---|---|---|
| .ldap.error | YCPMap | Map with last error message and code number. Example of result: $[ "msg": "Can't contact LDAP server", "code": 81, "server_msg": "Some additional error info from LDAP server" ] | |
| .ldap.search | YCPMap | YCPMap or YCPList | Generic search command. Return value is list of objects (as default)
or map of type $[ dn: object ] when map
in argument map is true. Example of argument map: $[ "base_dn": "dc=suse,dc=cz", "filter" : "(objectClass=posixGroup)", "scope" : 0, //0:base, 1:one, 2:sub "attrsOnly": false, "map": true, // when true, return map instead of the list "single_values": false, // when true, one-item values are returned as string, not as list with one value "dn_only": false, // when true, only list of DN's will be returned "not_found_ok": true, // when true, no error message is written when object was not found (empty list/map is returned) "include_dn": true, // when true, "dn" key is included in a map of each entry "attrs": [ "objectClass", "cn", "gidNumber" ] // which attrinbutes do we search for ] Example of result map: $[ "cn=users,dc=suse,dc=cz" : $[ "objectClass": [ "posixGroup"], "cn": "users", "gidNumber" : 500 ], "cn=group,dc=suse,dc=cz" : $[ "objectClass": [ "posixGroup"], "cn": "group", "gidNumber" : 501 ] ] |
| .ldap.schema.object_class | YCPMap | YCPMap | Get the map of object class with given name. Argument map
has to contain name entry. Example of argument map: $[ "name": "userTemplate"] Result map contains entries oid, desc, must, may, sup. "sup" is name of superior class. |
| .ldap.schema.attr_types | YCPMap | YCPMap | Get the map of attribute type with given name. Argument map
has to contain name entry. Example of argument map: $[ "name": "uidNumber"] Result map contains entries oid, desc, single. When "single" is true, only single value is allowed for this attribute type. |
| .ldap.users | YCPMap | Return map of users, generated by
Execute (.ldap.users.search) call. For the special use of yast2-users module. |
|
| .ldap.users.by_name | YCPMap | Return mapping of user names to UID's. Map was generated by
Execute (.ldap.users.search) call. For the special use of yast2-users module. |
|
| .ldap.users.homes | YCPList | Return list of home directories, previously generated by
Execute (.ldap.users.search) call. For the special use of yast2-users module. |
|
| .ldap.users.uids | YCPList | Return list of UID's, previously generated by
Execute (.ldap.users.search) call. For the special use of yast2-users module. |
|
| .ldap.users.usernames | YCPList | Return list of user names, previously generated by
Execute (.ldap.users.search) call. For the special use of yast2-users module. |
|
| .ldap.users.userdns | YCPList | Return list of user DN's, previously generated by
Execute (.ldap.users.search) call. For the special use of yast2-users module. |
|
| .ldap.groups | YCPMap | Return map of groups (indexed by GID's), generated by
Execute (.ldap.groups.search) call. For the special use of yast2-users module. |
|
| .ldap.groups.by_name | YCPMap | Return map of groups, indexed by group names. Map was generated by
Execute (.ldap.groups.search) call. For the special use of yast2-users module. |
|
| .ldap.groups.gids | YCPList | Return list of GID's, previously generated by
Execute (.ldap.groups.search) call. For the special use of yast2-users module. |
|
| .ldap.groups.groupnames | YCPList | Return list of group names, previously generated by
Execute (.ldap.groups.search) call. For the special use of yast2-users module. |
Generaly, 1st argument is a map, containing value of DN (of modified object) and possibly other values. (e.g.$[ "dn" : "ou=Groups,dc=suse,dc=cz" ])
| Path | 1st argument | 2nd argument | Result |
|---|---|---|---|
| .ldap.add | YCPMap | YCPMap | Add a new LDAP object. Second argument is map of its attributes. Example of attributes map: $[ "objectClass": [ "organizationalUnit"], "ou": "Groups" ] |
| .ldap.modify | YCPMap | YCPMap | Modifies an existing LDAP object. Second argument is map of attributes (and its values) which should be changed/added/deleted. To remove some attribute, use empty value ("" or []) for it. Parameter "new_dn" (DN of new object) is necessary for renaming. For moving the object, use additionaly "newParentDN" value for new parent DN of object. If argument map contains "check_attrs" key with true value, there will be done a search for current object's attributes before modify. When some attribute in attributes map (2nd argument) has an empty value it will be ignored, if the object currently has not such attribute. Otherwise ("check_attrs" is false as default), this situation leads to error message, because non-existent attribute is set for deletion. If you want to rename or move an entry, which is not a leaf of LDAP tree, you must include "subtree" key (with true as a value) in argument map. In such a case, the modify operation could take more time, according to the subtree size, because all subtree items must be copied to new location and deleted from the old one. Example of argument map: $[ "dn": "ou=people,dc=suse,dc=cz", "new_dn": "ou=lide,dc=suse,dc=cz" "deleteOldRDN": true "subtree": true ] Example of attributes map: $[ "ou": "lide" ] |
| .ldap.delete | YCPMap | YCPMap | Deletes LDAP object. With "subtree" set to true, it will
delete the whole subtree of the given entry. Use carefully! Example of argument map: $[ "dn": "ou=people,dc=suse,dc=cz", "subtree": true ] |
| Path | Argument | Result |
|---|---|---|
| .ldap | YCPMap | Initialization. Input map has to contain hostname and may contain
port number and "use_tls" entry. "use_tls" could have these values: "no": Do not start TLS (same when "use_tls" is missing) "try": Start TLS. If it was not successful, fall back to unencrypted LDAP "yes": Start TLS. If it fails, return false (check its value with ldap.error read call). Example of SCR call: Execute(.ldap, $[ "hostname" : "localhost", "port" : 389, "use_tls" : "try" ]) |
| .ldap.ping | YCPMap | Checks if it is possible to run a search query on the server.
Return value is boolean; in case false is returned, it is possible
that server is not running - check the error value via error read
call.
Input map has to contain hostname and may contain port number.
Example of SCR call: Execute(.ldap.ping, $[ "hostname" : "localhost",]) |
| .ldap.bind | YCPMap | Bind to server. Items of input map should be "bind_dn"
and "bind_pw". For anonymous acess, let input map empty.
Example of SCR call: Execute(.ldap.bind, $[ "bind_dn": "uid=manager,dc=suse,dc=cz", "bind_pw": "heslo"]) |
| .ldap.start_tls | none | Starts TLS on current connection. Returns false when operation
failed (check error via ldap.error then).
Example of SCR call: Execute (.ldap.start_tls) |
| .ldap.schema | YCPMap | Initialize LDAP schema: read it (defined by "schmema_dn"),
parse it and save lists of its object classes and attribute types
to internal structures. From now, they are available for
Read(.ldap.schema.*) calls. Example of SCR call: Execute(.ldap.schema, $[ "schema_dn": "cn=Subschema"]) |
| .ldap.users.search | YCPMap | LDAP search command for users and groups. Specialized call for the
use of yast2-users module. Additionaly to normal search, it builds
many helper structures - they are read by the calls of type
Read(.ldap.users.*) and Read(.ldap.groups.*). Example of SCR call: Execute(.ldap.schema, $[ "user_base" : "dc=suse,dc=cz", "group_base": "dc=suse,dc=cz", "user_filter": "objectClass=posixAccount", "user_attrs": ["objectClass", "cn", "uid", "uidNumber", "gidNumber"], "group_filter": "objectClass=posixGroup", "group_attrs": ["objectClass", "cn", "gidNumber", "uniqueMember"], "group_scope": 1, "member_attribute": "uniquemember", ]) |
Jiří Suchomel <jsuchome@suse.cz>