The London Perl and Raku Workshop takes place on 26th Oct 2024. If your company depends on Perl, please consider sponsoring and/or attending.




    use TAMeb::Admin;
    my ($pop,$resp,$obj);
    my $pd = TAMeb::Admin->new( password => $pswd);

    # Instantiate a new pop
    $pop = TAMeb::Admin::POP->new($pd, name => 'test');

    # Actually create the POP in the policy db
    $resp = $pop->create();

    # Set its description
    $resp = $pop->description( "POP goes the monkey" );

    # Attach it
    $resp = $pop->attach('/test/monkey');

    # See where it is now attached
    $resp = $pop->find;

    # Detach it now
    $resp = $pop->detach('/test/monkey');

    # Get a full list of POPs
    $resp = TAMeb::Admin::POP->list($pd);

    # Set the level for any other network
    $resp = $pop->anyothernw( 2 );
    # Forbid access from any other network
    $resp = $pop->anyothernw( 'forbidden' );

    # Set an IP auth level for a few networks
    $resp = $pop->ipauth(add => {'' => {NETMASK => '',
                                                   AUTHLEVEL => 1 }.
                                 '' => {NETMASK => '',
                                                   AUTHLEVEL => 2}

    # Forbid the entire 10.x.x.x network
    $resp = $pop->ipauth(forbidden => {'' => {NETMASK=>''}});

    # Set the audit level
    $resp = $pop->audit( [qw/all/] );

    # Set the QoP level
    $resp = $pop->qop('privacy');

    # Set Time of Day access
    $resp = $pop->tod( days => [qw/monday tuesday wednesday/],
                       start => '0800',
                       end   => '1800',

    # Set the warn mode
    $resp = $pop->warnmode(1);

    # Set an extended attribute or two
    $resp = $pop->attributes( add => { foobar => 'baz',
                                       silly  => [qw/one two three/] }
    # Clean up after myself


TAMeb::Admin::POP allows manipulation of POPs via perl.


new( PDADMIN[, name => NAME] )

Creates a blessed TAMeb::Admin::POP object. It should be noted that creating the object in perl is not the same thing as creating it in TAM's policy database. See "create" to do that.



An initialized TAMeb::Admin::Context object. This parameter is, as usual, required.

name => NAME

The POP's name. This is technically speaking optional, but it may have some unintentional side effects if not provided. Namely, the object will assume it doesn't exist, which will cause problems when trying to do anything to it.

In short, if you intend on calling "create" you can forget this parameter. Otherwise, include it.


A blessed TAMeb::Admin::POP object. If there is an error, you will get undef.

create(PDADMIN, name => NAME)

Creates the object in TAM's policy database and returns the blessed reference.



An initialized TAMeb::Admin::Context object. This parameter is required.

name => NAME

The POP's name. When using "create" as a constructor, this parameter is required.


A TAMeb::Admin::Response object containing the newly created object. I refer you to that module's documentation for digging the value out.


Class methods behave like instance methods in that they all return a TAMeb::Admin::Response object.


List all of the POPs defined in TAM.



The standard, initialized TAMeb::Admin::Context object.


The list of all defined POPs.


All of the methods return a TAMeb::Admin::Response object unless otherwise explicitly stated. See the documentation for that module on how to coax the values out.

The methods, for the most part, follow the same pattern. If the optional parameters are sent, it has the effect of setting the attributes. All methods calls will embed the results of a 'get' in the TAMeb::Admin::Response object.

create([name => NAME])

Creates a new POP in TAM's policy db. This method can be used as both class and instance method.


name => NAME

The name of the new POP. This parameter is only required when you did not use it in the "new" call.


The success or failure of the create operation.


Deletes the object.




The success or failure of the operation. Please note that you really should detach a POP before trying to delete it.

objects( [detach => OBJECTS[, [attach => OBJECTS]] )

Attaches or detaches a POP. Weird little fact. The C API for ACLs does not contain an attach or detach method -- you have to use the methods for the protected objects. POPs have their own attach and detach calls.

If both parameters are used, all of the detaches will be done before attaching.


detach => OBJECTS

Detach the POP from the listed objects. OBJECTS can be a list or a single value. It can be either a string (e.g., '/test/monkey') or a TAMeb::Admin::ProtObject object or a mix of them.

attach => OBJECTS

Attach the POP to the listed objects. The same combination of values can be used as listed above.


The success or failure of the operation. You will also get a list of the current places the POP is attached.

attach OBJECTS[,...]

A convenience method that wraps "objects" with an attach message. See "objects" for a full description of the parameters and returns.

detach OBJECTS[,...]

A convenience method that wraps "objects" with a detach message. See "objects" for a full description of the parameters and returns.


Finds and lists everyplace the POP is attached.




A possibly empty list of everyplace the POP is attached,


"list" can also be used as an instance method, although I personally do not think it makes much sense.


None, when used as an instance method.


A list of all defined POPs.


Set the authentication level for any other network.



Sets the authentication level to the provided number, unset or forbidden.


The success or failure of the operation, along with the current (possibly new) level.


Sets or gets the POP's description.



The new description. This parameter is optional.


The POP's description if set, an empty string otherwise.

audit( [BITMASK|[STRING[,STRING...]]] )

Sets the audit level on the POP.



The underlying C library uses a bit mask to set the audit level. You can either send this bitmask, a single word that will be translated into a bitmask or a list of words that will be translated into a bit mask.

If the words "all" or "none" appear anywhere in the list, the bitmask will be set as indicated below.

The name to bitmask mapping looks like this:

  • none => 0

  • permit => 1

  • deny => 2

  • error => 4

  • admin => 8

  • all => 15


The numeric bitmask if evaluated in scalar context; the wordier list if used in list context.

ipauth( [add => HASHREF, remove => HASHREF, forbidden => HASHREF] )

Sets the IP based authentication restrictions.


add => HASHREF

Sets the required authentication level for an IP address and/or network. The referant of the hash ref is a hash of hashes, keyed off the IP address. The contents of the subhashes look like:


The netmask for the ip address. It should be requested in the quad-dot format (e.g., I should likely be smart enough to handle CIDR notation and what ever IPV6 users, but I am not.


Required only when adding, this specifies the authentication level for the IP/netmask. There is no default -- I didn't think it safe to guess.

remove => HASHREF

Removes the IP auth restriction from the POP. The referant of the hash ref should look just like it does for adding.

forbidden => HASHREF

Forbids access from some subnet. The referant of the hash ref should look just like it does for adding.