9. YaPI::LdapServer

This package is the public Yast2 API to managing a LDAP Server.

9.1. List of Global Functions

\@dbList = ReadDatabaseList()
$bool = AddDatabase(\%valueMap)
$bool = EditDatabase($suffix,\%valueMap)
\%valueMap = ReadDatabase($suffix)
\@indexList = ReadIndex($suffix)
$bool = AddIndex($suffix,\%indexMap)
$bool = EditIndex($suffix,$index_md5,\%indexMap)
$bool = DeleteIndex($suffix,$index_md5)
$bool = RecreateIndex($suffix)
\@list = ReadSchemaIncludeList()
$bool = WriteSchemaIncludeList(\@list)
\@list = ReadAllowList()
$bool = WriteAllowList(\@list)
$loglevel = ReadLoglevel()
$bool = AddLoglevel($bit)
$bool = DeleteLoglevel($bit)
$bool = WriteLoglevel($loglevel)
ModifyService($status)
SwitchService($status)
$status = ReadService()
\%valueMap = ReadTLS()
$bool = WriteTLS(\%valueMap)
$bool = CheckCommonServerCertificate()
$bool = ConfigureCommonServerCertificate()
$bool = ImportCertificates(\%valueMap)
$bool = ReadSLPEnabled()
$bool = WriteSLPEnabled( $bool )

9.2. Functions

9.2.1. \@dbList = ReadDatabaseList()

Returns a List of databases (suffix).

Example 202.

 use Data::Dumper;

 my $res = YaPI::LdapServer->ReadDatabaseList();
 if( not defined $res ) {
     # error    
 } else {
     print "OK: \n";
     print STDERR Data::Dumper->Dump([$res])."\n";
 }

Example 203.

 use Data::Dumper;

 my $res = YaPI::LdapServer->ReadTLS();
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
     print STDERR Data::Dumper->Dump([$res])."\n";
 }

Example 204.

 * TLSCipherSuite: cipher suite parameter
 
 * TLSCACertificateFile: Specifies the file that contains certificates for all of the Certificate Authorities that slapd will recognize.

 * TLSCACertificatePath: Specifies  the path of a directory that contains Certificate Authority certificates in separate individual files. Usually only one of this or the TLSCACertificateFile is used.

 * TLSCertificateFile: Specifies the file that contains the slapd server certificate.

 * TLSCertificateKeyFile: Specifies the file that contains the slapd server private key.

 * TLSVerifyClient: Specifies what checks to perform on client certificates in an incoming TLS session.

Example 205.

 my $hash = {
             TLSCipherSuite        => "HIGH:MEDIUM:+SSLv2",
             TLSCertificateFile    => "/etc/ssl/server_crt.pem",
             TLSCertificateKeyFile => "/etc/ssl/server_key.pem",
             TLSCACertificateFile  => "/etc/ssl/ca.pem",
             TLSVerifyClient       => "never"
            };

 my $res = YaPI::LdapServer->WriteTLS($hash);
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
 }

9.2.2. $bool = AddDatabase(\%valueMap)

Creates a new database section in the configuration file, start or restart the LDAP Server and add the base object. If the database exists, nothing is done and undef is returned.

Example 206.

 * database: The database type (required)
 
 * suffix: The suffix (required)
 
 * directory: The Directory where the database files are(bdb/ldbm) (required)

 * rootdn: The Root DN 
 
 * passwd: The plain Root Password (requires rootdn)

 * cryptmethod: The crypt method; allowed values are (CRYPT, SMD5, SHA, SSHA, PLAIN); default is 'SSHA'
 
 * cachesize: The cachesize(bdb/ldbm) (optional; default 10000)
 
 * checkpoint: The checkpoint(bdb) (optional; default 1024 5)

Example 207.

 my $hash = {
             database    => 'bdb',
             suffix      => 'dc=example,dc=com',
             rootdn      => "cn=Admin,dc=example,dc=com",
             passwd      => "system",
             cryptmethod => 'SMD5',
             directory   => "/var/lib/ldap/db1",
            };

 my $res = YaPI::LdapServer->AddDatabase($hash);
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
 }

Example 208.

 use Data::Dumper;

 my $res = YaPI::LdapServer->ReadTLS();
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
     print STDERR Data::Dumper->Dump([$res])."\n";
 }

Example 209.

 * TLSCipherSuite: cipher suite parameter
 
 * TLSCACertificateFile: Specifies the file that contains certificates for all of the Certificate Authorities that slapd will recognize.

 * TLSCACertificatePath: Specifies  the path of a directory that contains Certificate Authority certificates in separate individual files. Usually only one of this or the TLSCACertificateFile is used.

 * TLSCertificateFile: Specifies the file that contains the slapd server certificate.

 * TLSCertificateKeyFile: Specifies the file that contains the slapd server private key.

 * TLSVerifyClient: Specifies what checks to perform on client certificates in an incoming TLS session.

Example 210.

 my $hash = {
             TLSCipherSuite        => "HIGH:MEDIUM:+SSLv2",
             TLSCertificateFile    => "/etc/ssl/server_crt.pem",
             TLSCertificateKeyFile => "/etc/ssl/server_key.pem",
             TLSCACertificateFile  => "/etc/ssl/ca.pem",
             TLSVerifyClient       => "never"
            };

 my $res = YaPI::LdapServer->WriteTLS($hash);
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
 }

9.2.3. $bool = EditDatabase($suffix,\%valueMap)

Edit the database section with the suffix $suffix in the configuration file. Only save parameter are supported.

Example 211.

 * rootdn: The Root DN
 
 * passwd: The Root Password
 
 * cryptmethod: The crypt method; allowed values are (CRYPT, SMD5, SHA, SSHA, PLAIN); default is 'SSHA'

 * cachesize: The cachesize(bdb/ldbm)
 
 * checkpoint: The checkpoint(bdb)

Example 212.

 my $hash = { suffix      => "dc=example,dc=com",
              rootdn      => "cn=Administrator,dc=example,dc=com",
              rootpw      => "example",
              cryptmethod => "CRYPT"
            };

 my $res = YaPI::LdapServer->EditDatabase($hash);
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
 }

Example 213.

 use Data::Dumper;

 my $res = YaPI::LdapServer->ReadTLS();
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
     print STDERR Data::Dumper->Dump([$res])."\n";
 }

Example 214.

 * TLSCipherSuite: cipher suite parameter
 
 * TLSCACertificateFile: Specifies the file that contains certificates for all of the Certificate Authorities that slapd will recognize.

 * TLSCACertificatePath: Specifies  the path of a directory that contains Certificate Authority certificates in separate individual files. Usually only one of this or the TLSCACertificateFile is used.

 * TLSCertificateFile: Specifies the file that contains the slapd server certificate.

 * TLSCertificateKeyFile: Specifies the file that contains the slapd server private key.

 * TLSVerifyClient: Specifies what checks to perform on client certificates in an incoming TLS session.

Example 215.

 my $hash = {
             TLSCipherSuite        => "HIGH:MEDIUM:+SSLv2",
             TLSCertificateFile    => "/etc/ssl/server_crt.pem",
             TLSCertificateKeyFile => "/etc/ssl/server_key.pem",
             TLSCACertificateFile  => "/etc/ssl/ca.pem",
             TLSVerifyClient       => "never"
            };

 my $res = YaPI::LdapServer->WriteTLS($hash);
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
 }

9.2.4. \%valueMap = ReadDatabase($suffix)

Read the database section with the suffix $suffix.

Example 216.

 * database: The database type
 
 * suffix: The suffix
 
 * rootdn: The Root DN
 
 * passwd: The Root Password
 
 * directory: The Directory where the database files are(bdb/ldbm)
 
 * cachesize: The cachesize(bdb/ldbm)
 
 * checkpoint: The checkpoint(bdb)

Example 217.

 use Data::Dumper;

 my $res = YaPI::LdapServer->ReadDatabase('"dc=example,dc=com"');
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
     print STDERR Data::Dumper->Dump([$res])."\n";
 }

Example 218.

 use Data::Dumper;

 my $res = YaPI::LdapServer->ReadTLS();
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
     print STDERR Data::Dumper->Dump([$res])."\n";
 }

Example 219.

 * TLSCipherSuite: cipher suite parameter
 
 * TLSCACertificateFile: Specifies the file that contains certificates for all of the Certificate Authorities that slapd will recognize.

 * TLSCACertificatePath: Specifies  the path of a directory that contains Certificate Authority certificates in separate individual files. Usually only one of this or the TLSCACertificateFile is used.

 * TLSCertificateFile: Specifies the file that contains the slapd server certificate.

 * TLSCertificateKeyFile: Specifies the file that contains the slapd server private key.

 * TLSVerifyClient: Specifies what checks to perform on client certificates in an incoming TLS session.

Example 220.

 my $hash = {
             TLSCipherSuite        => "HIGH:MEDIUM:+SSLv2",
             TLSCertificateFile    => "/etc/ssl/server_crt.pem",
             TLSCertificateKeyFile => "/etc/ssl/server_key.pem",
             TLSCACertificateFile  => "/etc/ssl/ca.pem",
             TLSVerifyClient       => "never"
            };

 my $res = YaPI::LdapServer->WriteTLS($hash);
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
 }

9.2.5. \@indexList = ReadIndex($suffix)

Returns a List of Maps with all index statements for this database. The "keys" are:

Example 221.

 * 'attr', an attribute or an attribute list

 * 'param', a number of special index parameters 

 * 'md5', a MD5 sum of this index. This numer is needed for EditIndex and DeleteIndex

Example 222.

 use Data::Dumper;

 my $res = YaPI::LdapServer->ReadIndex('"dc=example,dc=com"');
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
     print STDERR Data::Dumper->Dump([$res])."\n";
 }

Example 223.

 use Data::Dumper;

 my $res = YaPI::LdapServer->ReadTLS();
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
     print STDERR Data::Dumper->Dump([$res])."\n";
 }

Example 224.

 * TLSCipherSuite: cipher suite parameter
 
 * TLSCACertificateFile: Specifies the file that contains certificates for all of the Certificate Authorities that slapd will recognize.

 * TLSCACertificatePath: Specifies  the path of a directory that contains Certificate Authority certificates in separate individual files. Usually only one of this or the TLSCACertificateFile is used.

 * TLSCertificateFile: Specifies the file that contains the slapd server certificate.

 * TLSCertificateKeyFile: Specifies the file that contains the slapd server private key.

 * TLSVerifyClient: Specifies what checks to perform on client certificates in an incoming TLS session.

Example 225.

 my $hash = {
             TLSCipherSuite        => "HIGH:MEDIUM:+SSLv2",
             TLSCertificateFile    => "/etc/ssl/server_crt.pem",
             TLSCertificateKeyFile => "/etc/ssl/server_key.pem",
             TLSCACertificateFile  => "/etc/ssl/ca.pem",
             TLSVerifyClient       => "never"
            };

 my $res = YaPI::LdapServer->WriteTLS($hash);
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
 }

9.2.6. $bool = AddIndex($suffix,\%indexMap)

Add a new index statement %indexMap to the database section $suffix.

Example 226.

 * 'attr', an attribute or an attribute list

 * 'param', a number of special index parameters

Example 227.

 my $newIndex = {
                 'attr'  => "uid,cn",
                 'param' => "eq"
                };

 my $res = YaPI::LdapServer->AddIndex("dc=example,dc=com", $newIndex);
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
 }

Example 228.

 use Data::Dumper;

 my $res = YaPI::LdapServer->ReadTLS();
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
     print STDERR Data::Dumper->Dump([$res])."\n";
 }

Example 229.

 * TLSCipherSuite: cipher suite parameter
 
 * TLSCACertificateFile: Specifies the file that contains certificates for all of the Certificate Authorities that slapd will recognize.

 * TLSCACertificatePath: Specifies  the path of a directory that contains Certificate Authority certificates in separate individual files. Usually only one of this or the TLSCACertificateFile is used.

 * TLSCertificateFile: Specifies the file that contains the slapd server certificate.

 * TLSCertificateKeyFile: Specifies the file that contains the slapd server private key.

 * TLSVerifyClient: Specifies what checks to perform on client certificates in an incoming TLS session.

Example 230.

 my $hash = {
             TLSCipherSuite        => "HIGH:MEDIUM:+SSLv2",
             TLSCertificateFile    => "/etc/ssl/server_crt.pem",
             TLSCertificateKeyFile => "/etc/ssl/server_key.pem",
             TLSCACertificateFile  => "/etc/ssl/ca.pem",
             TLSVerifyClient       => "never"
            };

 my $res = YaPI::LdapServer->WriteTLS($hash);
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
 }

9.2.7. $bool = EditIndex($suffix,$index_md5,\%indexMap)

Replace the index $index_md5 in the database section $suffix by the new index statement %indexMap.

Example 231.

 * 'attr', an attribute or an attribute list

 * 'param', a number of special index parameters

Example 232.

 my $newIndex = {
                 'attr'  => "uid,cn",
                 'param' => "eq"
                };

 my $res = YaPI::LdapServer->EditIndex("dc=example,dc=com", "eacc11456b6c2ae4e1aef0fa287e02b0",
                                       $newIndex);
 if( not defined $res ) {
     # error
 } else {
        print "OK: \n";
 }

Example 233.

 use Data::Dumper;

 my $res = YaPI::LdapServer->ReadTLS();
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
     print STDERR Data::Dumper->Dump([$res])."\n";
 }

Example 234.

 * TLSCipherSuite: cipher suite parameter
 
 * TLSCACertificateFile: Specifies the file that contains certificates for all of the Certificate Authorities that slapd will recognize.

 * TLSCACertificatePath: Specifies  the path of a directory that contains Certificate Authority certificates in separate individual files. Usually only one of this or the TLSCACertificateFile is used.

 * TLSCertificateFile: Specifies the file that contains the slapd server certificate.

 * TLSCertificateKeyFile: Specifies the file that contains the slapd server private key.

 * TLSVerifyClient: Specifies what checks to perform on client certificates in an incoming TLS session.

Example 235.

 my $hash = {
             TLSCipherSuite        => "HIGH:MEDIUM:+SSLv2",
             TLSCertificateFile    => "/etc/ssl/server_crt.pem",
             TLSCertificateKeyFile => "/etc/ssl/server_key.pem",
             TLSCACertificateFile  => "/etc/ssl/ca.pem",
             TLSVerifyClient       => "never"
            };

 my $res = YaPI::LdapServer->WriteTLS($hash);
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
 }

9.2.8. $bool = DeleteIndex($suffix,$index_md5)

Delete the index $index_md5 statement in the database section $suffix.

Example 236.

 my $res = YaPI::LdapServer->DeleteIndex("dc=example,dc=com", "338a980b4eebe87365a4077067ce1559");
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
 }

Example 237.

 use Data::Dumper;

 my $res = YaPI::LdapServer->ReadTLS();
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
     print STDERR Data::Dumper->Dump([$res])."\n";
 }

Example 238.

 * TLSCipherSuite: cipher suite parameter
 
 * TLSCACertificateFile: Specifies the file that contains certificates for all of the Certificate Authorities that slapd will recognize.

 * TLSCACertificatePath: Specifies  the path of a directory that contains Certificate Authority certificates in separate individual files. Usually only one of this or the TLSCACertificateFile is used.

 * TLSCertificateFile: Specifies the file that contains the slapd server certificate.

 * TLSCertificateKeyFile: Specifies the file that contains the slapd server private key.

 * TLSVerifyClient: Specifies what checks to perform on client certificates in an incoming TLS session.

Example 239.

 my $hash = {
             TLSCipherSuite        => "HIGH:MEDIUM:+SSLv2",
             TLSCertificateFile    => "/etc/ssl/server_crt.pem",
             TLSCertificateKeyFile => "/etc/ssl/server_key.pem",
             TLSCACertificateFile  => "/etc/ssl/ca.pem",
             TLSVerifyClient       => "never"
            };

 my $res = YaPI::LdapServer->WriteTLS($hash);
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
 }

9.2.9. $bool = RecreateIndex($suffix)

Regenerate indices based upon the current contents of a database determined by $suffix. This function stops the ldapserver, call slapindex and start the ldapserver again.

Example 240.

 my $res = YaPI::LdapServer->RecreateIndex("dc=example,dc=com");
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
 }

Example 241.

 use Data::Dumper;

 my $res = YaPI::LdapServer->ReadTLS();
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
     print STDERR Data::Dumper->Dump([$res])."\n";
 }

Example 242.

 * TLSCipherSuite: cipher suite parameter
 
 * TLSCACertificateFile: Specifies the file that contains certificates for all of the Certificate Authorities that slapd will recognize.

 * TLSCACertificatePath: Specifies  the path of a directory that contains Certificate Authority certificates in separate individual files. Usually only one of this or the TLSCACertificateFile is used.

 * TLSCertificateFile: Specifies the file that contains the slapd server certificate.

 * TLSCertificateKeyFile: Specifies the file that contains the slapd server private key.

 * TLSVerifyClient: Specifies what checks to perform on client certificates in an incoming TLS session.

Example 243.

 my $hash = {
             TLSCipherSuite        => "HIGH:MEDIUM:+SSLv2",
             TLSCertificateFile    => "/etc/ssl/server_crt.pem",
             TLSCertificateKeyFile => "/etc/ssl/server_key.pem",
             TLSCACertificateFile  => "/etc/ssl/ca.pem",
             TLSVerifyClient       => "never"
            };

 my $res = YaPI::LdapServer->WriteTLS($hash);
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
 }

9.2.10. \@list = ReadSchemaIncludeList()

Returns a list of all included schema files in the order they appear in the config files.

Example 244.

 use Data::Dumper;

 my $res = YaPI::LdapServer->ReadSchemaIncludeList();
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
     print STDERR Data::Dumper->Dump([$res])."\n";
 }

Example 245.

 use Data::Dumper;

 my $res = YaPI::LdapServer->ReadTLS();
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
     print STDERR Data::Dumper->Dump([$res])."\n";
 }

Example 246.

 * TLSCipherSuite: cipher suite parameter
 
 * TLSCACertificateFile: Specifies the file that contains certificates for all of the Certificate Authorities that slapd will recognize.

 * TLSCACertificatePath: Specifies  the path of a directory that contains Certificate Authority certificates in separate individual files. Usually only one of this or the TLSCACertificateFile is used.

 * TLSCertificateFile: Specifies the file that contains the slapd server certificate.

 * TLSCertificateKeyFile: Specifies the file that contains the slapd server private key.

 * TLSVerifyClient: Specifies what checks to perform on client certificates in an incoming TLS session.

Example 247.

 my $hash = {
             TLSCipherSuite        => "HIGH:MEDIUM:+SSLv2",
             TLSCertificateFile    => "/etc/ssl/server_crt.pem",
             TLSCertificateKeyFile => "/etc/ssl/server_key.pem",
             TLSCACertificateFile  => "/etc/ssl/ca.pem",
             TLSVerifyClient       => "never"
            };

 my $res = YaPI::LdapServer->WriteTLS($hash);
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
 }

9.2.11. $bool = WriteSchemaIncludeList(\@list)

Writes all schema includes preserving order.

Example 248.

 my $schemas = [
                '/etc/openldap/schema/core.schema',
                '/etc/openldap/schema/cosine.schema',
                '/etc/openldap/schema/inetorgperson.schema',
                '/etc/openldap/schema/rfc2307bis.schema',
                '/etc/openldap/schema/yast2userconfig.schema',
                '/etc/openldap/schema/samba3.schema'
               ];

 my $res = YaPI::LdapServer->WriteSchemaIncludeList($schemas);
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
 }

Example 249.

 use Data::Dumper;

 my $res = YaPI::LdapServer->ReadTLS();
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
     print STDERR Data::Dumper->Dump([$res])."\n";
 }

Example 250.

 * TLSCipherSuite: cipher suite parameter
 
 * TLSCACertificateFile: Specifies the file that contains certificates for all of the Certificate Authorities that slapd will recognize.

 * TLSCACertificatePath: Specifies  the path of a directory that contains Certificate Authority certificates in separate individual files. Usually only one of this or the TLSCACertificateFile is used.

 * TLSCertificateFile: Specifies the file that contains the slapd server certificate.

 * TLSCertificateKeyFile: Specifies the file that contains the slapd server private key.

 * TLSVerifyClient: Specifies what checks to perform on client certificates in an incoming TLS session.

Example 251.

 my $hash = {
             TLSCipherSuite        => "HIGH:MEDIUM:+SSLv2",
             TLSCertificateFile    => "/etc/ssl/server_crt.pem",
             TLSCertificateKeyFile => "/etc/ssl/server_key.pem",
             TLSCACertificateFile  => "/etc/ssl/ca.pem",
             TLSVerifyClient       => "never"
            };

 my $res = YaPI::LdapServer->WriteTLS($hash);
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
 }

9.2.12. \@list = ReadAllowList()

Returns a list of allow statements.

Example 252.

 use Data::Dumper;

 my $res = YaPI::LdapServer->ReadAllowList();
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
     print STDERR Data::Dumper->Dump([$res])."\n";
 }

Example 253.

 use Data::Dumper;

 my $res = YaPI::LdapServer->ReadTLS();
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
     print STDERR Data::Dumper->Dump([$res])."\n";
 }

Example 254.

 * TLSCipherSuite: cipher suite parameter
 
 * TLSCACertificateFile: Specifies the file that contains certificates for all of the Certificate Authorities that slapd will recognize.

 * TLSCACertificatePath: Specifies  the path of a directory that contains Certificate Authority certificates in separate individual files. Usually only one of this or the TLSCACertificateFile is used.

 * TLSCertificateFile: Specifies the file that contains the slapd server certificate.

 * TLSCertificateKeyFile: Specifies the file that contains the slapd server private key.

 * TLSVerifyClient: Specifies what checks to perform on client certificates in an incoming TLS session.

Example 255.

 my $hash = {
             TLSCipherSuite        => "HIGH:MEDIUM:+SSLv2",
             TLSCertificateFile    => "/etc/ssl/server_crt.pem",
             TLSCertificateKeyFile => "/etc/ssl/server_key.pem",
             TLSCACertificateFile  => "/etc/ssl/ca.pem",
             TLSVerifyClient       => "never"
            };

 my $res = YaPI::LdapServer->WriteTLS($hash);
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
 }

9.2.13. $bool = WriteAllowList(\@list)

Replaces the complete allow option with the specified feature list.

Example 256.

 my @list = ( "bind_v2" );

 $res = YaPI::LdapServer->WriteAllowList( \@list );
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
 }

Example 257.

 use Data::Dumper;

 my $res = YaPI::LdapServer->ReadTLS();
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
     print STDERR Data::Dumper->Dump([$res])."\n";
 }

Example 258.

 * TLSCipherSuite: cipher suite parameter
 
 * TLSCACertificateFile: Specifies the file that contains certificates for all of the Certificate Authorities that slapd will recognize.

 * TLSCACertificatePath: Specifies  the path of a directory that contains Certificate Authority certificates in separate individual files. Usually only one of this or the TLSCACertificateFile is used.

 * TLSCertificateFile: Specifies the file that contains the slapd server certificate.

 * TLSCertificateKeyFile: Specifies the file that contains the slapd server private key.

 * TLSVerifyClient: Specifies what checks to perform on client certificates in an incoming TLS session.

Example 259.

 my $hash = {
             TLSCipherSuite        => "HIGH:MEDIUM:+SSLv2",
             TLSCertificateFile    => "/etc/ssl/server_crt.pem",
             TLSCertificateKeyFile => "/etc/ssl/server_key.pem",
             TLSCACertificateFile  => "/etc/ssl/ca.pem",
             TLSVerifyClient       => "never"
            };

 my $res = YaPI::LdapServer->WriteTLS($hash);
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
 }

9.2.14. $loglevel = ReadLoglevel()

Read the loglevel bitmask.

Example 260.

 my $res = YaPI::LdapServer->ReadLoglevel();
 if( not defined $res ) {

 } else {
     print "OK: \n";
     print STDERR Data::Dumper->Dump([$res])."\n";
 }

Example 261.

 use Data::Dumper;

 my $res = YaPI::LdapServer->ReadTLS();
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
     print STDERR Data::Dumper->Dump([$res])."\n";
 }

Example 262.

 * TLSCipherSuite: cipher suite parameter
 
 * TLSCACertificateFile: Specifies the file that contains certificates for all of the Certificate Authorities that slapd will recognize.

 * TLSCACertificatePath: Specifies  the path of a directory that contains Certificate Authority certificates in separate individual files. Usually only one of this or the TLSCACertificateFile is used.

 * TLSCertificateFile: Specifies the file that contains the slapd server certificate.

 * TLSCertificateKeyFile: Specifies the file that contains the slapd server private key.

 * TLSVerifyClient: Specifies what checks to perform on client certificates in an incoming TLS session.

Example 263.

 my $hash = {
             TLSCipherSuite        => "HIGH:MEDIUM:+SSLv2",
             TLSCertificateFile    => "/etc/ssl/server_crt.pem",
             TLSCertificateKeyFile => "/etc/ssl/server_key.pem",
             TLSCACertificateFile  => "/etc/ssl/ca.pem",
             TLSVerifyClient       => "never"
            };

 my $res = YaPI::LdapServer->WriteTLS($hash);
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
 }

9.2.15. $bool = AddLoglevel($bit)

Set the given loglevel bit to 1 in the current bitmask.

Example 264.

 my $res = YaPI::LdapServer->AddLoglevel( 0x04 );
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
 }

Example 265.

 use Data::Dumper;

 my $res = YaPI::LdapServer->ReadTLS();
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
     print STDERR Data::Dumper->Dump([$res])."\n";
 }

Example 266.

 * TLSCipherSuite: cipher suite parameter
 
 * TLSCACertificateFile: Specifies the file that contains certificates for all of the Certificate Authorities that slapd will recognize.

 * TLSCACertificatePath: Specifies  the path of a directory that contains Certificate Authority certificates in separate individual files. Usually only one of this or the TLSCACertificateFile is used.

 * TLSCertificateFile: Specifies the file that contains the slapd server certificate.

 * TLSCertificateKeyFile: Specifies the file that contains the slapd server private key.

 * TLSVerifyClient: Specifies what checks to perform on client certificates in an incoming TLS session.

Example 267.

 my $hash = {
             TLSCipherSuite        => "HIGH:MEDIUM:+SSLv2",
             TLSCertificateFile    => "/etc/ssl/server_crt.pem",
             TLSCertificateKeyFile => "/etc/ssl/server_key.pem",
             TLSCACertificateFile  => "/etc/ssl/ca.pem",
             TLSVerifyClient       => "never"
            };

 my $res = YaPI::LdapServer->WriteTLS($hash);
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
 }

9.2.16. $bool = DeleteLoglevel($bit)

Set the given loglevel bit to 0 in the current bitmask.

Example 268.

 my $res = YaPI::LdapServer->DeleteLoglevel( 0x04 );
 if( not defined $res ) {

 } else {
     print "OK: \n";
 }

Example 269.

 use Data::Dumper;

 my $res = YaPI::LdapServer->ReadTLS();
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
     print STDERR Data::Dumper->Dump([$res])."\n";
 }

Example 270.

 * TLSCipherSuite: cipher suite parameter
 
 * TLSCACertificateFile: Specifies the file that contains certificates for all of the Certificate Authorities that slapd will recognize.

 * TLSCACertificatePath: Specifies  the path of a directory that contains Certificate Authority certificates in separate individual files. Usually only one of this or the TLSCACertificateFile is used.

 * TLSCertificateFile: Specifies the file that contains the slapd server certificate.

 * TLSCertificateKeyFile: Specifies the file that contains the slapd server private key.

 * TLSVerifyClient: Specifies what checks to perform on client certificates in an incoming TLS session.

Example 271.

 my $hash = {
             TLSCipherSuite        => "HIGH:MEDIUM:+SSLv2",
             TLSCertificateFile    => "/etc/ssl/server_crt.pem",
             TLSCertificateKeyFile => "/etc/ssl/server_key.pem",
             TLSCACertificateFile  => "/etc/ssl/ca.pem",
             TLSVerifyClient       => "never"
            };

 my $res = YaPI::LdapServer->WriteTLS($hash);
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
 }

9.2.17. $bool = WriteLoglevel($loglevel)

Replaces the loglevel bitmask.

Example 272.

 my $res = YaPI::LdapServer->WriteLoglevel( 0x06 );
 if( not defined $res ) {

 } else {
     print "OK: \n";
 }

Example 273.

 use Data::Dumper;

 my $res = YaPI::LdapServer->ReadTLS();
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
     print STDERR Data::Dumper->Dump([$res])."\n";
 }

Example 274.

 * TLSCipherSuite: cipher suite parameter
 
 * TLSCACertificateFile: Specifies the file that contains certificates for all of the Certificate Authorities that slapd will recognize.

 * TLSCACertificatePath: Specifies  the path of a directory that contains Certificate Authority certificates in separate individual files. Usually only one of this or the TLSCACertificateFile is used.

 * TLSCertificateFile: Specifies the file that contains the slapd server certificate.

 * TLSCertificateKeyFile: Specifies the file that contains the slapd server private key.

 * TLSVerifyClient: Specifies what checks to perform on client certificates in an incoming TLS session.

Example 275.

 my $hash = {
             TLSCipherSuite        => "HIGH:MEDIUM:+SSLv2",
             TLSCertificateFile    => "/etc/ssl/server_crt.pem",
             TLSCertificateKeyFile => "/etc/ssl/server_key.pem",
             TLSCACertificateFile  => "/etc/ssl/ca.pem",
             TLSVerifyClient       => "never"
            };

 my $res = YaPI::LdapServer->WriteTLS($hash);
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
 }

9.2.18. ModifyService($status)

with this function you can turn on and off the LDAP server runlevel script. Turning off means, no LDAP server start at boot time.

Example 276.

 ModifyService(0); # turn LDAP server off at boot time
 ModifyService(1); # turn LDAP server on at boot time

Example 277.

 use Data::Dumper;

 my $res = YaPI::LdapServer->ReadTLS();
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
     print STDERR Data::Dumper->Dump([$res])."\n";
 }

Example 278.

 * TLSCipherSuite: cipher suite parameter
 
 * TLSCACertificateFile: Specifies the file that contains certificates for all of the Certificate Authorities that slapd will recognize.

 * TLSCACertificatePath: Specifies  the path of a directory that contains Certificate Authority certificates in separate individual files. Usually only one of this or the TLSCACertificateFile is used.

 * TLSCertificateFile: Specifies the file that contains the slapd server certificate.

 * TLSCertificateKeyFile: Specifies the file that contains the slapd server private key.

 * TLSVerifyClient: Specifies what checks to perform on client certificates in an incoming TLS session.

Example 279.

 my $hash = {
             TLSCipherSuite        => "HIGH:MEDIUM:+SSLv2",
             TLSCertificateFile    => "/etc/ssl/server_crt.pem",
             TLSCertificateKeyFile => "/etc/ssl/server_key.pem",
             TLSCACertificateFile  => "/etc/ssl/ca.pem",
             TLSVerifyClient       => "never"
            };

 my $res = YaPI::LdapServer->WriteTLS($hash);
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
 }

9.2.19. SwitchService($status)

with this function you can start and stop the LDAP server service.

Example 280.

 SwitchService( 0 ); # turning off the LDAP server service
 SwitchService( 1 ); # turning on the LDAP server service

Example 281.

 use Data::Dumper;

 my $res = YaPI::LdapServer->ReadTLS();
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
     print STDERR Data::Dumper->Dump([$res])."\n";
 }

Example 282.

 * TLSCipherSuite: cipher suite parameter
 
 * TLSCACertificateFile: Specifies the file that contains certificates for all of the Certificate Authorities that slapd will recognize.

 * TLSCACertificatePath: Specifies  the path of a directory that contains Certificate Authority certificates in separate individual files. Usually only one of this or the TLSCACertificateFile is used.

 * TLSCertificateFile: Specifies the file that contains the slapd server certificate.

 * TLSCertificateKeyFile: Specifies the file that contains the slapd server private key.

 * TLSVerifyClient: Specifies what checks to perform on client certificates in an incoming TLS session.

Example 283.

 my $hash = {
             TLSCipherSuite        => "HIGH:MEDIUM:+SSLv2",
             TLSCertificateFile    => "/etc/ssl/server_crt.pem",
             TLSCertificateKeyFile => "/etc/ssl/server_key.pem",
             TLSCACertificateFile  => "/etc/ssl/ca.pem",
             TLSVerifyClient       => "never"
            };

 my $res = YaPI::LdapServer->WriteTLS($hash);
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
 }

9.2.20. $status = ReadService()

with this function you can read out the state of the LDAP server runlevel script (starting LDAP server at boot time).

Example 284.

 print "LDAP is ".( (ReadService())?('on'):('off') )."\n";

Example 285.

 use Data::Dumper;

 my $res = YaPI::LdapServer->ReadTLS();
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
     print STDERR Data::Dumper->Dump([$res])."\n";
 }

Example 286.

 * TLSCipherSuite: cipher suite parameter
 
 * TLSCACertificateFile: Specifies the file that contains certificates for all of the Certificate Authorities that slapd will recognize.

 * TLSCACertificatePath: Specifies  the path of a directory that contains Certificate Authority certificates in separate individual files. Usually only one of this or the TLSCACertificateFile is used.

 * TLSCertificateFile: Specifies the file that contains the slapd server certificate.

 * TLSCertificateKeyFile: Specifies the file that contains the slapd server private key.

 * TLSVerifyClient: Specifies what checks to perform on client certificates in an incoming TLS session.

Example 287.

 my $hash = {
             TLSCipherSuite        => "HIGH:MEDIUM:+SSLv2",
             TLSCertificateFile    => "/etc/ssl/server_crt.pem",
             TLSCertificateKeyFile => "/etc/ssl/server_key.pem",
             TLSCACertificateFile  => "/etc/ssl/ca.pem",
             TLSVerifyClient       => "never"
            };

 my $res = YaPI::LdapServer->WriteTLS($hash);
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
 }

9.2.21. \%valueMap = ReadTLS()

Return the current TLS settings

Example 288.

 use Data::Dumper;

 my $res = YaPI::LdapServer->ReadTLS();
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
     print STDERR Data::Dumper->Dump([$res])."\n";
 }

9.2.22. $bool = WriteTLS(\%valueMap)

Edit the TLS options in the configuration file.

Example 289.

 * TLSCipherSuite: cipher suite parameter
 
 * TLSCACertificateFile: Specifies the file that contains certificates for all of the Certificate Authorities that slapd will recognize.

 * TLSCACertificatePath: Specifies  the path of a directory that contains Certificate Authority certificates in separate individual files. Usually only one of this or the TLSCACertificateFile is used.

 * TLSCertificateFile: Specifies the file that contains the slapd server certificate.

 * TLSCertificateKeyFile: Specifies the file that contains the slapd server private key.

 * TLSVerifyClient: Specifies what checks to perform on client certificates in an incoming TLS session.

Example 290.

 my $hash = {
             TLSCipherSuite        => "HIGH:MEDIUM:+SSLv2",
             TLSCertificateFile    => "/etc/ssl/server_crt.pem",
             TLSCertificateKeyFile => "/etc/ssl/server_key.pem",
             TLSCACertificateFile  => "/etc/ssl/ca.pem",
             TLSVerifyClient       => "never"
            };

 my $res = YaPI::LdapServer->WriteTLS($hash);
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
 }

9.2.23. $bool = CheckCommonServerCertificate()

Check, if a server certificate is available which can be used for more then one service. Such common certificate is saved at '/etc/ssl/servercerts/servercert.pem'.

Example 291.

 my $res = YaPI::LdapServer->CheckCommonServerCertificate();
 if( not defined $res ) {
     # error
 } else {
     print "Available \n" if($res);
     print "Not Avalable \n" if(!res);
 }

9.2.24. $bool = ConfigureCommonServerCertificate()

Configure the LDAP server to use the common server certificate.

Example 292.

 my $res = YaPI::LdapServer->ConfigureCommonServerCertificate();
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
 }

9.2.25. $bool = ImportCertificates(\%valueMap)

Import certificates and configure TLS for the LDAP Server.

Example 293.

 my $hash = {
              ServerCertificateFile => '/path/to/the/certificate.pem',
              ServerKeyFile         => '/path/to/the/key.pem',
              CACertificatesFile    => '/path/to/the/CAcertificate.pem',
            }

 my $res = YaPI::LdapServer->ImportCertificates($hash);
 if( not defined $res ) {
     # error
 } else {
     print "OK: \n";
 }

9.2.26. $bool = ReadSLPEnabled()

This function reads the OPENLDAP_REGISTER_SLP entry in /etc/sysconfig/openldap. It returns 'true' if it reads 'yes' and 'false' if it reads 'no'.

Example 294.

 print "SLP registering is ".( (ReadSLPEnabled())?('activated'):('deactivated') )."\n";

9.2.27. $bool = WriteSLPEnabled( $bool )

This function sets OPENLDAP_REGISTER_SLP in /etc/sysconfig/openldap. The entry is set to 'yes' if the argument is true or 'no' if the argument is false.

Example 295.

  WriteSLPEnabled( 1 );


8. YaPI::HTTPD		10. YaPI::MailServer