CipUX::Storage.3pm

Langue: en

Autres versions - même langue

Version: 2010-05-09 (ubuntu - 24/10/10)

Section: 3 (Bibliothèques de fonctions)

NAME

CipUX::Storage - Storage abstraction layer for CipUX

VERSION

version 3.4.0.2

SYNOPSIS

   use CipUX::Storage;
 
 

DESCRIPTION

The CipUX Storage abstraction layer is a generic abstract class, which can be used to access LDAP servers via Perl by issuing simple actions and via shell command line interface. It was tested with openLDAP version 3. The layer is capable of operating on different sets of LDAP nodes. A set of nodes might be defined by an LDAP objectClass or LDAP attribute. Example: cipuxAccount or posixAccount. The number of objects inside a set might be ranged from one to many. The abstraction layer performs a method on a set of nodes. Valid methods are: 'get', 'set', 'get-all', 'set-all' on LDAP attribute values and 'add', 'delete', 'rename' on LDAP nodes.

It provides the functions get_value, set_value to modify LDAP attribute values. The function add_node, delete_node and rename_node for adding, deleting and renaming LDAP objects.

SUBROUTINES/METHODS

The following functions will be exported by CipUX::Storage.

BUILD

This is the constructor, see new.
   use CipUX::Storage;
 
   use base qw(CipUX::Storage);
 
   my $storage = CipUX::Storage->new();
 
 

DEMOLISH

This is the destructor.

get_value

The get_value queries the LDAP and returns one ore more values depending on the parameter 'scope'.

Syntax:

   eval {
 
       my $object    = 'ckuelker';
       my $attribute = 'cipuxFirstname';
       my $type      = 'all_user_node';
       $value_hr = $ldap->get_value({
                                        scope=>'one',
                                        type=>$type,
                                        obj=>$object,
                                        attr_ar=>[$attribute]
                                       });
   } or croak "ERROR: can't get value: $@!" if $@;
 
 

returns one value:

     %$ret_hr = (
               'ckuelker' => {
                                'cipuxFirstname' => ['Christian'],
                             }
                 );
 
 
   eval {
 
       my $object    = '';
       my $attribute = 'cipuxFirstname';
       my $type      = 'all_user_node';
       $value_hr = $ldap->get_value({
                                        scope=>'all',
                                        type=>$type,
                                        obj=>$object,
                                        attr_ar=>[$attribute]
                                       });
   } or croak "ERROR: can't get value: $@!" if $@;
 
 
   %$ret_hr = (
               'ckuelker' => {
                                'cipuxFirstname' => ['Christian'],
                                'cipuxLastname' =>  ['Kuelker'],
                             },
               'xoswald' => {
                                'cipuxFirstname' => ['Xavier'],
                                'cipuxLastname' =>  ['Oswald'],
                             },
 
           );
 
 

Return values

     %ret = (
               'ckuelker' => {
                                'cipuxFirstname' => ['Christian'],
                                'cipuxLastname' =>  ['Kuelker'],
                             }
 
 

set_value

Sets a value for a given object in the LDAP database.
  my $rslt = set_value( {
      obj=>$obj,
      attr_ar=>$attr_ar,
      changes=>$changes,
      scope=>$scope,
      escope=>$escope,
      type=>$type
  } ;
 
      obj:      object
      attr_ar:  reference to an array of LDAP attributes and values
      changes:
      scope:    'one|all'        set/modify value
      escope:   'one|all|none'   erase scope
      type:
 
 

Modify Syntax

         my $msg = $ldap->modify( $dn,
                                    changes => [
                                        # add sn=Baggins
                                      add     => [ sn => 'Baggins' ],
                                        # delete all fax numbers
                                      delete  => [ faxNumber => []],
                                        # delete phone number 911
                                      delete  => [ telephoneNumber => ['911']],
                                        # change email address
                                      replace => [ mail => 'bilbo@baggins.org']
                                    ]
                                  );
 
 

add_node

Adds an LDAP node to the LDAP database.
  my $rslt = $cipux->add_node({obj=>$obj, type=>$type, attr_hr=>$attr_hr});
 
  obj :    The object to be added
  type:    kind of object to be added
  attr_hr: Hash reference with 'ldap_attribute=>value' structure
 
  $rslt:   is the reslult from Net::LDAP add
 
 

delete_node

Deletes an LDAP node from the LDAP database.
  my $rslt = $cipux->delete_node( { obj=>$obj, type=>$type } );
 
  obj :    The object to be added
  type:    kind of object to be added
 
  $rslt:   is the result from Net::LDAP delete
 
 

rename_node

Rename an LDAP node of the LDAP database.
  my $rslt = $cipux->rename_node({obj=>$obj, type=>$type, value=>$value });
 
  obj :    The object to be added
  type:    kind of object to be added
  value:   The new name
 
  $rslt:   is the result from Net::LDAP rename
 
 

_ldap_start

Binds to the LDAP server.
  my %access        = ();
  $access_cfg{ident $self}->{uri}      = 'ldap://localhost';
  $access_cfg{ident $self}->{bind_dn}  = 'cn=admin,dc=nodomain';
  $access_cfg{ident $self}->{password} = 'secret';
  my $ldap = $cipux->_ldap_start();
 
  $ldap:   is the LDAP Perl object returned from Net::LDAP.
 
 

_ldap_start

Unbinds from the LDAP server.
  my $msg = $cipux->_ldap_end( { ldap=>$ldap} );
 
  $msg:   is the message returned from Net::LDAP.
 
 

list_storage_type

Lists all CipUX LDAP nodes entities, sorted.
  my $list_ar = $cipux->list_type( { ldap=>$ldap} );
 
  $list_ar:   reference to an array of sorted CipUX LDAP entities.
 
 

_ldap_struct

Parses cipux-storage.perl with for object, type, filter of a given scope. It also performs some simple validation of that file.
  my $ldap_structure_hr = $cipux->_ldap_struct( {
      obj=>$obj,
      type=>$type,
      scope=>$scope,
      filter=>$filter
  });
 
  $ldap_structure_hr: returns a structure hash reference
 
 

oid_number_supremum

Searches the storage database for uidNumber and gidNumber. It returns the one number above the largest number or the minimum number in the number range for users and groups.

To perform the search it uses get_value (the storage layer itself).

get_sid

Retrieve sambaSID and return it if successful

Configuration files

cipux-access.ini

The CipUX access configuration has the following entries:
  [ldap]
  uri      = ldaps://ldap
  bind_dn  = cn=cipuxroot,dc=nodomain
  base_dn  = ou=CipUX,dc=nodomain
  password = secret
  system   = debian
  customer =
 
 

cipux_storage.perl

The storage structure configuration might look like this:
     $cfg = {
         'structure' => {
                 all_group_node => {
                     desc         => 'access to all CN group objects',
                     struc_rdn    => 'ou=Group',
                     dn_attr      => 'cn',
                     filter       => '(cn=?)',
                 },
                 all_user_node => {
                     desc         => 'access to all system UID objects',
                     struc_rdn    => 'ou=User',
                     dn_attr      => 'uid',
                     filter       => '(uid=?)',
                 },
                 course_group_node => {
                     desc         => 'access to all system GID objects',
                     struc_rdn    => 'ou=Group',
                     dn_attr      => 'cn',
                     filter       => '&(cn=?)(groupType=public)',
                 },
             },
 }
 
 

DIAGNOSTICS

TODO

CONFIGURATION AND ENVIRONMENT

See cipux-access.ini and cipux-storage.perl man page for details on configuration. CipUX::Storage do not use the environment for configuration.

DEPENDENCIES

  Carp
  Class::Std
  CipUX
  Data::Dumper
  English
  Net::LDAP
  Log::Log4perl
  Readonly
  utf8
  version
 
 

INCOMPATIBILITIES

Not known.

BUGS AND LIMITATIONS

Not known.

SEE ALSO

See the CipUX web page and the manual at <http://www.cipux.org>

See the mailing list <http://sympa.cipworx.org/wws/info/cipux-devel>

AUTHOR

Christian Kuelker <christian.kuelker@cipworx.org> Copyright (C) 2007 - 2009 by Christian Kuelker

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA