YaST2 Developers Documentation: Configuration of LDAP client
YaST

functions
files
intro

Configuration of LDAP client

 modules/Ldap.ycp
LDAP client configuration data, I/O functions.

Imports

  • Arch
  • Autologin
  • Label
  • Message
  • Mode
  • Nsswitch
  • Package
  • PamSettings
  • Popup
  • Progress
  • Report
  • Service
  • Stage
  • Summary

Includes

  • ldap/routines.ycp

Global Variables

Global Functions

Local Functions

global use_gui -> boolean

show popups with error messages?

global base_config_dn -> string

DN of base configuration object

global required_packages -> list<string>

Required packages for this module to operate -- they are now required only when LDAP is set for authentication

global write_only -> boolean

Write only, used during autoinstallation. Don't run services and SuSEconfig, it's all done at one place.

global start -> boolean

Are LDAP services available via nsswitch.conf?

global nis_available -> boolean

Is NIS service available? If yes, and LDAP client will be enabled, warn user (see bug #36981)

global _autofs_allowed -> boolean

If no, automounter will not be affected.

global _start_autofs -> boolean

Start automounter and import the settings from LDAP

global login_enabled -> boolean

If login of LDAP uses to local machine is enabled

global member_attribute -> string

which attribute have LDAP groups for list of members

global server -> string

IP addresses of LDAP server.

global file_server -> boolean

If home directories of LDAP users are stored on this machine

global bind_dn -> string

DN for binding to LDAP server

global new_objects -> map

defaults for adding new config objects and templates

global object_classes -> map

Map of object classes (from schema). Indexed by names.

global attr_types -> map

Map of atribute types (from schema). Indexed by names.

global hash_schemas -> list

encryption schemes supported by slappasswd

global available_config_modules -> list<string>

Available configuration modules (objectclass names) TODO update

global initial_defaults -> map

The defualt values, which should replace the ones from Read () Used during instalation, when we want to do a reasonable proposal

global initial_defaults_used -> boolean

If the default values, used from ldap-server module were used to configure ldap-client

global restart_sshd -> boolean

if sshd should be restarted during write phase

global DomainChanged () -> boolean

If the domain has changed from a nonempty one, it may only be changed at boot time. Use this to warn the user.

Return value:
whether changed by SetDomain
global GetDomain () -> string

Return value:
Get the LDAP domain.
global SetDomain (string new_domain) -> void

Set the LDAP domain.

Parameters:
new_domain a new domain
global SetDefaults (map settings) -> boolean

Set the defualt values, which should replace the ones from Read () Used during instalation, when we want to do a reasonable proposal

Parameters:
settings
global Set (map settings) -> void

Only set variables, without checking anything

Parameters:
settings
global Import (map settings) -> boolean

Get all the LDAP configuration from a map. When called by ldap_auto (preparing autoinstallation data) the map may be empty.

Parameters:
settings $["start": "domain": "servers":[...] ]
Return value:
success
global Export () -> map

Dump the LDAP settings to a map, for autoinstallation use.

Return value:
$["start":, "servers":[...], "domain":]
global Summary () -> string

Summary() returns html formated configuration summary

Return value:
summary
global ShortSummary () -> string

returns html formated configuration summary (shorter than Summary)

Return value:
summary
local ReadLdapConfEntry (string entry, string defvalue) -> string

Read single entry from /etc/ldap.conf file

Parameters:
entry entry name
defvalue default value if entry is not present
Return value:
entry value
local ReadLdapConfEntries (string entry) -> list<string>

Read multi-valued entry from /etc/ldap.conf file

Parameters:
entry entry name
Return value:
entry value
local WriteLdapConfEntry (string entry, string value) -> void

Write (single valued) entry to /etc/ldap.conf

Parameters:
entry name
value
local WriteLdapConfEntries (string entry, list<string> value) -> void

Write (possibly multi valued) entry to /etc/ldap.conf

Parameters:
entry name
value it is of type [attr1, attr2], in /etc/ldap.conf should be written as "entry attr1 attr2"
Example 
 to write "nss_map_attribute       uniquemember member", call
 WriteLdapConfEntries ("nss_map_attribute", ["uniquemember", "member"])
local AddLdapConfEntry (string entry, string value) -> void

Add a new value to the entry in /etc/ldap.conf

Parameters:
entry name
value
global Read () -> boolean

Reads LDAP settings from the SCR

Return value:
success
global LDAPErrorMessage (string type, string error) -> void

Error popup for errors detected during LDAP operation

Parameters:
type error type: binding/reading/writing
error
global LDAPErrorMap () -> map

Reads and returns error map (=message + code) from agent

global LDAPError () -> string

Reads and returns error message from agent

global GetBindDN () -> string

return administrator's DN if it was not read yet, read it now

global LDAPInit () -> string

Initializes LDAP agent

global LDAPBind (string pass) -> string

Binds to LDAP server

Parameters:
pass password
global GetLDAPPassword (boolean enable_anonymous) -> string

Asks user for bind password to LDAP server

Parameters:
enable_anonymous
Return value:
password
global LDAPAskAndBind (boolean enable_anonymous) -> string

Asks for LDAP password and tries to bind with it

Parameters:
enable_anonymous
Return value:
password entered, nil on cancel
global SingleValued (string attr) -> boolean

Check if attribute allowes only single or multiple value

Parameters:
attr attribute name
Return value:
answer
global AttributeDescription (string attr) -> string

Gets the description of attribute (from schema)

Parameters:
attr attribute name
Return value:
description
global ObjectClassExists (string class) -> boolean

Returns true if given object class exists in schema

Parameters:
class ObjectClass name
global ObjectClassStructural (string class) -> boolean

Returns true if given object class is of 'structural' type

Parameters:
class ObjectClass name
global GetAllAttributes (string class) -> list

Returns allowed and required attributes of given object class Read it from LDAP if it was not done yet.

Parameters:
class
Return value:
attribute names (list of strings)
global GetRequiredAttributes (string class) -> list<string>

Returns required attributes of given object class Read it from LDAP if it was not done yet.

Parameters:
class
Return value:
attribute names (list of strings)
global GetObjectAttributes (list classes) -> list

Returns the list of all allowed and required attributes for each object class, given in the list of object classes

Parameters:
classes list of object classes whose attributes we want
Return value:
attribute names (list of strings)
global AddMissingAttributes (map object) -> map

For a given object, add all atributes this object is allowed to have according to its "objectclass" value. Added attributes have empty values.

Parameters:
object map describing LDAP entry
Return value:
updated map
global InitSchema () -> string

Prepare agent for later schema queries (agent reads schema to its internal structures)

Return value:
error message
global ConvertDefaultValues (map templ) -> map

In template object, convert the list of values (where is in the form [ "a1=v1", "a2=v2"]) to map (in the form $[ "a1":"v1", "a2":"v2"]

Parameters:
templ original template map
Return value:
updated template map
global ReadTemplates () -> string

Read object templates from LDAP server

Return value:
error message
global ReadConfigModules () -> string

Read configuration moduels from LDAP server

Return value:
error message
global GetLDAPEntry (string dn) -> map

Search for one entry (=base scope) in LDAP directory

Parameters:
dn DN of entry
Return value:
with entry values, empty map if nothing found, nil on error
global ParentExists (string dn) -> boolean

Check for existence of parent object of given DN in LDAP tree return the answer

Parameters:
dn
global GetMainConfigDN () -> string

Return main configuration object DN

global GetConfigModules () -> map

Return the map of configuration modules (new copy) (in the form $[ DN: $[ map_of_one_module] ])

global GetTemplates () -> map

Return the map of templates (new copy)

global GetDefaultObjectClasses (map template) -> list

Return list of default object classes for user or group There is fixed list here, it is not saved anywhere (only in default users plugin for LDAP objects)

Parameters:
template used for differ if we need user or group list
global CreateTemplate (string cn, list<string> classes) -> map

Creates default new map for a new object template

Parameters:
cn cn of new template
classes object classes of the object the template will belong to
Return value:
template map
global CreateModule (string cn, string class) -> map<string,any>

Creates default new map for new configuration object

Parameters:
cn
class additional objectclass of new module (e.g.userConfiguration)
Return value:
new module map
global ReadDN (string base, string search_filter) -> list<string>

Searches for DN's of all objects defined by filter in given base ("sub")

Parameters:
base search base
search_filter if filter is empty, "objectclass=*" is used
Return value:
of DN's (list of strings)
global GetGroupsDN (string base) -> list

Returns DN's of groups (objectclass=posixGroup) in given base

Parameters:
base LDAP search base
Return value:
groups (list of strings)
global CheckTemplateDN (string dn) -> map

Check if given DN exist and if it points to some template

Parameters:
dn
Return value:
empty map if DN don't exist, template map if DN points to template object, nil if object with given DN is not template
global CommitConfigModules (map modules) -> boolean

Save the edited map of configuration modules to global map

Parameters:
modules
global CommitTemplates (map templs) -> boolean

Save the edited map of templates to global map

Parameters:
templs
global WriteToLDAP (map objects) -> map

Writes map of objects to LDAP

Parameters:
objects map of objects to write. It is in the form: $[ DN: (map) attribute_values]
Return value:
error map (empty on success)
Example 
 TODO
global WriteLDAP (map objects) -> boolean

Writes map of objects to LDAP. Ask for password, when needed and shows the error message when necessary.

Parameters:
objects
Return value:
success
global WriteOpenLdapConf () -> boolean

Modify also /etc/openldap/ldap.conf for the use of ldap client utilities (like ldapsearch)

Return value:
modified?
global WritePlusLine (boolean login) -> boolean

If a file does not + entry, add it.

Parameters:
login
Return value:
success?
local CreateDefaultLDAPConfiguration () -> boolean

create the default objects for users and groups

global Write (block<boolean> abort) -> symbol

Saves LDAP configuration.

Parameters:
abort block for abort
global CheckBaseConfig (string dn) -> boolean

Check if base config DN belongs to some existing object and offer creating it if necessary

Parameters:
dn
global UpdatedArchPackages (list<string> packages) -> list<string>

Return list of architecture specific packages (derived from package list given as parameter) merged with the packages in parameter

Parameters:
packages
global AutoPackages () -> map

Return needed packages and packages to be removed during autoinstallation.

Return value:
of lists.
global SetBindPassword (string pass) -> void

Set the value of bind_pass variable

Parameters:
pass new password valure
global SetAnonymous (boolean anon) -> void

Set the value of 'anonymous' variable (= bind without password)

Parameters:
anon new value
global SetGUI (boolean gui) -> void

Set the value of 'use_gui' variable (= show error popups)

Parameters:
gui new value
global RestartSSHD (boolean restart) -> void

Set the value of restart_sshd (= restart sshd during write)

Parameters:
restart
YaST2 Developers Documentation