NAME

BuildForge::Services::DBO::LDAP


SYNOPSIS

        use BuildForge::Services;
        $conn = new BuildForge::Services::Connection($hostname);
        $token = $conn->authUser($user, $pass);
        
        # Getting existing domains
        $allDomains = BuildForge::Services::DBO::LDAP->findAllDomains($conn);
        $olddomain = BuildForge::Services::DBO::LDAP->findByDomain($conn, 'DomainName');
        # Getter / setter functions
        $id = $olddomain->getDomain();
        $adminCN = $olddomain->getAdminCN();
        $authGroupDN = $olddomain->getAuthorizedGroupDN();
        $bindUserAccount = $olddomain->getBindUserAccount();
        $displayName = $olddomain->getDisplayName();
        $distinguishedName = $olddomain->getDistinguishedName();
        $groupName = $olddomain->getGroupName();
        $groupSearchBase = $olddomain->getGroupsSearchBase();
        $groupUniqueIdentifier = $olddomain->getGroupsUniqueIdentifier();
        $hostName = $olddomain->getHost();
        $mailName = $olddomain->getMailName();
        $mapAccessGroups = $olddomain->getMapAccessGroups();
        $searchBase = $olddomain->getSearchBase();
        $uniqueIdentifier = $olddomain->getUniqueIdentifier();
        
        $olddomain->setDomain('New Name For Domain');
        $olddomain->setAdminCN('cn=Administrator,cn=users,dc=example,dc=com');
        $olddomain->setAuthorizedGroupDN('');
        $olddomain->setBindUserAccount(1);
        $olddomain->setDisplayName('displayname');
        $olddomain->setDistinguishedName('distinguishedname');
        $olddomain->setEncryptedPassword($password);
        $olddomain->setGroupName('memberof');
        $olddomain->setGroupsSearchBase('');
        $olddomain->setGroupsUniqueIdentifier('');
        $olddomain->setHost('ldap.example.com:389');
        $olddomain->setMailName('mail');
        $olddomain->setMapAccessGroups(1);
        $olddomain->setSearchBase('');
        $olddomain->setUniqueIdentifier('sAMAccountName=%');
        $olddomain->update();
        
        # Domain creation, updating, deletion
        $newdomain = new BuildForge::Services::DBO::LDAP($conn);
        $newdomain->setDomain('New Build Domain');
        $newdomain->create();
        $newdomain->setDomain('Different Name');
        $newdomain->update();
        
        $newdomain->delete();
        BuildForge::Services::DBO::LDAP->deleteByDomain($conn, $olddomain->getDomain());
                
        $conn->logout;
        $conn->close;


DESCRIPTION

LDAP allows you to create, access, and delete BuildForge LDAP domains.


METHODS

new BuildForge::Services::DBO::LDAP(connection, {LDAPParamsHashRef})

Returns a new instance of an LDAP object.

connection

A connected BuildForge::Services::Connection object.

LDAPParamsHashRef

An optional reference to a hash containing any or all of the following fields.

domain

The name/ID for this LDAP domain.

adminCN

The account to use when searching the LDAP server database for this LDAP domain.

authorizedGroupDN

The distinguished name of an LDAP group that should be allowed to log in to the Management Console.

bindUserAccount

This determines whether the system attempts to validate the user's credentials. When this parameter evaluates to true (the default), the system uses the credentials supplied at login to re-bind with the LDAP server and validate the credentials. Otherwise, the system assumes that the username passed in has already been validated (as in a single-signon environment) or that some external password validation mechanism has been supplied to the Management Console.

displayName

The keyname in the LDAP schema that holds the user's full name for this LDAP domain.

distinguishedName

The keyname in the LDAP schema that holds the Distinguished Name for a user account in this LDAP domain.

encryptedPassword

The password for logging in to this LDAP domain.

groupName

The keyname in the LDAP schema that holds the list of groups the user is a member of. This group list drives the authentication permissions and access permissions.

groupsSearchBase

The search string used to query LDAP records for group data.

groupsUniqueIdentifier

The field in the LDAP database that should be compared against the user login to uniquely identify the user, used to filter the user's data from the group table(s).

host

The hostname (and, optionally, port, separated by a ':') for the LDAP server.

mailName

The keyname in the LDAP schema that holds the user's email address.

mapAccessGroups

Whether or not to whether or not the system tries to map group information from the LDAP server to access groups in the Management Console to determine what groups an LDAP user should be a member of. Yes if this evaluates to true, no otherwise (the default).

protocol

Identifies the protocol Build Forge uses to read and write data from the directory service for the purpose of authenticating Build Forge users. The default is 'ldap'.

searchBase

The search string used to query LDAP records for users.

uniqueIdentifier

The field in the LDAP database that should be compared against the user login.

BuildForge::Services::DBO::LDAP->findAllDomains(connection)

Returns a reference to an array of the names of all LDAP domains in the database that the user has access to.

connection

A connected BuildForge::Services::Connection object.

BuildForge::Services::DBO::LDAP->findByDomain(connection, domainName)

Returns the BuildForge::Services::DBO::LDAP domain that has the given domain name or undef if no such LDAP domain is found.

connection

A connected BuildForge::Services::Connection object.

domainName

The name of the given domain.

$ldap->create()

Creates the LDAP domain within the database.

$ldap->update()

Updates the LDAP domain record within the database.

$ldap->delete()

Deletes the LDAP domain record from the database.

BuildForge::Services::DBO::LDAP->deleteByDomain(connection, domainName)

Deletes the LDAP domain record from the database that has the given domain name (from $ldap->getDomain()).

connection

A connected BuildForge::Services::Connection object.

domainName

The name / ID of the LDAP domain record to be deleted.

$ldap->getDomain()

Returns the name / ID of the LDAP domain.

$ldap->getAdminCN()

Returns the account to use when searching the LDAP server database for this LDAP domain.

$ldap->getAuthorizedGroupDN()

Returns the distinguished name of an LDAP group that should be allowed to log in to the Management Console.

$ldap->getBindUserAccount()

Returns whether the system attempts to validate the user's credentials. When it returns 1, the system uses the credentials supplied at login to re-bind with the LDAP server and validate the credentials. If it returns 0, the system assumes that the username passed in has already been validated (as in a single-signon environment) or that some external password validation mechanism has been supplied to the Management Console.

$ldap->getDisplayName()

Returns the keyname in the LDAP schema that holds the user's full name for this LDAP domain.

$ldap->getDistinguishedName()

Returns the keyname in the LDAP schema that holds the Distinguished Name for a user account in this LDAP domain.

$ldap->getGroupName()

Returns the keyname in the LDAP schema that holds the list of groups the user is a member of. This group list drives the authentication permissions and access permissions.

$ldap->getGroupsSearchBase()

Returns the search string used to query LDAP records for group data.

$ldap->getGroupsUniqueIdentifier()

Returns the field in the LDAP database that should be compared against the user login to uniquely identify the user, used to filter the user's data from the group table(s).

$ldap->getHost()

Returns the hostname (and, optionally, port, separated by a ':') for the LDAP server.

$ldap->getMailName()

Returns the keyname in the LDAP schema that holds the user's email address.

$ldap->getMapAccessGroups()

Returns whether or not to whether or not the system tries to map group information from the LDAP server to access groups in the Management Console to determine what groups an LDAP user should be a member of. Yes if this returns 1, no if it returns 0.

$ldap->getSearchBase()

Returns the search string used to query LDAP records for users.

$ldap->getUniqueIdentifier()

Returns the field in the LDAP database that should be compared against the user login.

$ldap->setDomain(domainName)

Sets the name / ID of the LDAP domain. $ldap->update() must be run before changes are replicated in the database.

domainName

The new name.

$ldap->setAdminCN(adminCN)

Sets the account to use when searching the LDAP server database for this LDAP domain. $ldap->update() must be run before changes are replicated in the database.

adminCN

The new administration account login.

$ldap->setAuthorizedGroupDN(authGroupDN)

Sets the distinguished name of an LDAP group that should be allowed to log in to the Management Console. $ldap->update() must be run before changes are replicated in the database.

authGroupDN

The new authorized group DN.

$ldap->setBindUserAccount(bindUserAccount)

Sets whether the system attempts to validate the user's credentials. $ldap->update() must be run before changes are replicated in the database.

bindUserAccount

If this evaluates to true, the system uses the credentials supplied at login to re-bind with the LDAP server and validate the credentials. If it evaluates to false, the system assumes that the username passed in has already been validated (as in a single-signon environment) or that some external password validation mechanism has been supplied to the Management Console.

$ldap->setDisplayName(displayName)

Sets the keyname in the LDAP schema that holds the user's full name for this LDAP domain. $ldap->update() must be run before changes are replicated in the database.

displayName

The new display name.

$ldap->setDistinguishedName(distinguishedName)

Sets the keyname in the LDAP schema that holds the Distinguished Name for a user account in this LDAP domain. $ldap->update() must be run before changes are replicated in the database.

distinguishedName

The new distinguished name.

$ldap->setEncryptedPassword(password)

Sets the administration password used to log in to the LDAP server. $ldap->update() must be run before changes are replicated in the database.

password

The new password.

$ldap->setGroupName(groupName)

Sets the keyname in the LDAP schema that holds the list of groups the user is a member of. This group list drives the authentication permissions and access permissions. $ldap->update() must be run before changes are replicated in the database.

groupName

The new group name.

$ldap->setGroupsSearchBase(groupSearchBase)

Sets the search string used to query LDAP records for group data. $ldap->update() must be run before changes are replicated in the database.

groupSearchBase

The new group search string.

$ldap->setGroupsUniqueIdentifier(groupUniqueIdentifier)

Sets the field in the LDAP database that should be compared against the user login to uniquely identify the user, used to filter the user's data from the group table(s). $ldap->update() must be run before changes are replicated in the database.

groupUniqueIdentifier

The new group unique identifier.

$ldap->setHost(host)

Sets the hostname for the LDAP server. $ldap->update() must be run before changes are replicated in the database.

host

The hostname of the LDAP server with an optional port separated by ':'.

$ldap->setMailName(mailName)

Sets the keyname in the LDAP schema that holds the user's email address. $ldap->update() must be run before changes are replicated in the database.

mailName

The new keyname.

$ldap->setMapAccessGroups(mapAccessGroups)

Sets whether or not to whether or not the system tries to map group information from the LDAP server to access groups in the Management Console to determine what groups an LDAP user should be a member of. $ldap->update() must be run before changes are replicated in the database.

mapAccessGroups

If this evaluates to true, it does map group information, and not if this evaluates to false.

$ldap->setSearchBase(searchBase)

Sets the search string used to query LDAP records for users. $ldap->update() must be run before changes are replicated in the database.

searchBase

The new search string.

$ldap->setUniqueIdentifier(uniqueIdentifier)

Sets the field in the LDAP database that should be compared against the user login. $ldap->update() must be run before changes are replicated in the database.

uniqueIdentifier

The new field name.


COPYRIGHT

Copyright (c)2006-2007 International Business Machines, Inc. All rights reserved.