NAME

TAM::Admin - Perl extension for Tivoli Access Manager (TAM) Admin API

SYNOPSIS

use TAM::Admin;

# Connect to the policy server as sec_master
my $pdadmin = TAM::Admin->new('sec_master', 'password');

# Get the user with the ID joe and print basic information
my $user = $pdadmin->get_user('joe');
print 'Login ID: ', $user->id, "\n";
print 'Login CN: ', $user->cn, "\n";
print 'Login DN: ', $user->dn, "\n";

# Make the user account valid
$user->valid(1);
# Make the user a Non-GSO user
$user->gso(0);

DESCRIPTION

TAM::Admin is a set of modules that utilize to TAM Admin C API to perform management functions within a Tivoli Access Manager environment.

METHODS

Constructor Method

new(<user>, <password>, [<options>])

Creates a new TAM::Admin object and connects to the policy server. The first two arguments specifies the user ID of the administration and the password. If no other options are specified, the API will utilize the configuration information of the local TAM runtime. Additional options are:

keyring => FILENAME

Specifies the filename for a CMS keyring database for SSL operations.

stash => FILENAME

Specifies the filename of the stash file for the keyring.

password => PASSWORD

Specifies the password for the keyring. This parameter will take precedence over the stash file.

dn => CERTIFICATE DN

Specifies the DN of a certificate to be utilized for authentication.

server => HOSTNAME

Specifies the location of the policy server.

port => PORT

Specifies the TCP port of the policy server process. Default port is 7135.

Examples

# Create a default context
$pdadmin = TAM::Admin->new('sec_master', 'password'); 

# Connect to policy server tam2.foobar.com
$pdadmin = TAM::Admin->new('sec_master', 'password', 
	keyfile => '/var/PolicyDirector/keytab/pd2.kdb',
	password => 'cmsopen',
	server => 'tam2.foobar.com'); 

User Management

These methods are used for basic user management, i.e. get, import, create, remove, and delete. Management of the individual user, e.g. set account valid, is done via the TAM::Admin::User module.

get_user(<userid>)

Retrieve a user object for the specified ID. This function will return a TAM::Admin::User object. A user object can also be retrieved by LDAP DN. To get a user by DN call the method in the following fashion...

$pdadmin->get_user(dn => <ldap dn>)

import_user(<userid>, <dn>)

Import a LDAP account into TAM. The first argument will used as the TAM logon ID and the second argument designates the LDAP of the existing account. This function will return a TAM::Admin::User object relating to the imported user.

remove_user(<userid>)

Remove a user from TAM only. This method is equivalent to the following pdadmin command.

pdadmin> user delete <userid>

delete_user(<userid>)

Remove a user from TAM and LDAP. This method is equivalent to the following pdadmin command.

pdadmin> user delete -registry <userid>

Group Methods

These methods are used for basic group management, i.e. get, import, create, remove, and delete. Management of the individual group, e.g. add users, is done via the TAM::Admin::Group module.

get_group(<groupid>)

Retrieve a group object for the specified ID. This function will return a TAM::Admin::Group object. A group object can also be retrieved by LDAP DN. To get a user by DN call the method in the following fashion...

$pdadmin->get_group(dn => <ldap dn>)
=head3 import_group(<groupid>, <dn>)

Import a LDAP group into TAM. The first argument will used as the TAM group ID and the second argument designates the LDAP object of the existing group. This function will return a TAM::Admin::Group object relating to the imported group.

remove_group(<groupid>)

Remove a group from TAM only. This method is equivalent to the following pdadmin command.

pdadmin> group delete <userid>

delete_group(<groupid>)

Remove a group from TAM and LDAP. This method is equivalent to the following pdadmin command.

pdadmin> group delete -registry <groupid>

GSO Methods

These methods are used for basic GSO management, i.e. get, create, and delete. Management of individual GSO objects is done via the TAM::Admin::GSO module.

get_gso(<type> => <id>)

Returns a TAM::Admin:GSO object for the specified resource. Type is either 'group' or 'resource' and the ID is the label of the GSO resource.

all_gso

Returns an array of all TAM::Admin:GSO objects.

list_gso(<type>)

Returns an array of IDs for all GSO resources of a given type. Type is either 'group' or 'resource'.

Protected Object Methods

These methods are used for basic management of TAM protected objects.

list_objects(<path>)

Returns an array of objects that are contained in the path given. This method is equivalent to the following pdadmin command

pdadmin> object list <path>

Response Methods

These methods help manage and retrive messages from actions performed. These mehoted are inherited by all TAM::Admin objects.

ok

Returns true if the last action was successful.

error

Returns true if the last action was unsuccessful.

message([<index>])

Returns the error message for the last action. The index will specify which error message to return if the last action resulted in more that one error condition. The index is 0 based.

code([<index>])

Returns the error code for the last action. The index will specify which error code to return if the last ction resulted in more that one error condition. The index is 0 based.

msg_count

Returns the number of errors generated for the last action.

EXPORT

None by default.

Exportable constants

IVADMINAPI_H
IVADMIN_AUDIT_ADMIN
IVADMIN_AUDIT_ALL
IVADMIN_AUDIT_DENY
IVADMIN_AUDIT_ERROR
IVADMIN_AUDIT_NONE
IVADMIN_AUDIT_PERMIT
IVADMIN_CALLTYPE
IVADMIN_CONTEXT_ADUSERREG
IVADMIN_CONTEXT_DCEUSERREG
IVADMIN_CONTEXT_DOMINOUSERREG
IVADMIN_CONTEXT_LDAPUSERREG
IVADMIN_CONTEXT_MULTIDOMAIN_ADUSERREG
IVADMIN_DECLSPEC
IVADMIN_FALSE
IVADMIN_MAXRETURN
IVADMIN_PROTOBJ_TYPE_UNKNOWN
IVADMIN_PROTOBJ_TYPE__APP_CONTAINER
IVADMIN_PROTOBJ_TYPE__APP_LEAF
IVADMIN_PROTOBJ_TYPE__CONTAINER
IVADMIN_PROTOBJ_TYPE__DIR
IVADMIN_PROTOBJ_TYPE__DOMAIN
IVADMIN_PROTOBJ_TYPE__EXTERN_AUTH_SVR
IVADMIN_PROTOBJ_TYPE__FILE
IVADMIN_PROTOBJ_TYPE__HTTP_SVR
IVADMIN_PROTOBJ_TYPE__JNCT
IVADMIN_PROTOBJ_TYPE__LEAF
IVADMIN_PROTOBJ_TYPE__MGMT_OBJ
IVADMIN_PROTOBJ_TYPE__NETSEAL_NET
IVADMIN_PROTOBJ_TYPE__NETSEAL_SVR
IVADMIN_PROTOBJ_TYPE__NON_EXIST_OBJ
IVADMIN_PROTOBJ_TYPE__PORT
IVADMIN_PROTOBJ_TYPE__PROGRAM
IVADMIN_PROTOBJ_TYPE__WEBSEAL_SVR
IVADMIN_REASON_ALREADY_EXISTS
IVADMIN_RESPONSE_ERROR
IVADMIN_RESPONSE_INFO
IVADMIN_RESPONSE_WARNING
IVADMIN_SSOCRED_SSOGROUP
IVADMIN_SSOCRED_SSOWEB
IVADMIN_TIME_LOCAL
IVADMIN_TIME_UTC
IVADMIN_TOD_ALL
IVADMIN_TOD_ANY
IVADMIN_TOD_FRI
IVADMIN_TOD_MINUTES
IVADMIN_TOD_MON
IVADMIN_TOD_OCLOCK
IVADMIN_TOD_SAT
IVADMIN_TOD_SUN
IVADMIN_TOD_THU
IVADMIN_TOD_TUE
IVADMIN_TOD_WED
IVADMIN_TOD_WEEKDAY
IVADMIN_TOD_WEEKEND
IVADMIN_TRUE

AUTHOR

George Chlipala, george@walnutcs.com

SEE ALSO

perl(1).

1 POD Error

The following errors were encountered while parsing the POD:

Around line 455:

You forgot a '=back' before '=head2'