This sample shows how to use the perl-ldap module to add an acl to an object in eDirectory. This will change an objects assigned rights.
#!perl
# Each of the ACL value is in the format of
# "privileges#scope#trustee#attrname".
# privileges: sum of the decimal values associated with the rights.
# scope: either 'entry' or 'subtree'.
# truestee: full trustee DN.
# attrname: [Entry Rights], or [All Attributes Rights],
# or a single attribute name.
#
# [All Attribute Rights]
# BROWSE = 1;
# ADD = 2;
# DELETE = 4;
# RENAME = 8;
# SUPERVISOR = 32;
#
# [Entry Rights]
# COMPARE = 1;
# READ = 2;
# WRITE = 4;
# SELF = 8;
# SUPERVISOR = 32;
#
# Example: 6#entry#cn=pjones,o=novell#[All Attribute Rights]
# Example: 32#entry#cn=admin,o=novell#groupMembership
use Net::LDAP;
use Net::LDAP::LDIF;
use File::Path qw(rmtree);
use File::Basename qw(basename);
print "Content-type: text/html\n\n";
$HOST = '137.65.138.159';
$PORT = 389;
$PASSWD = 'novell';
$BASEDN = "o=novell";
$ADMIN= "cn=admin,o=novell";
$searchstring="(&(objectclass=user)(cn=pjones))";
$attnames=["dn","acl"];
#connect to the server
until($ldap = Net::LDAP->new($HOST, port => $PORT)) {
die "Can not connect to ldap://$HOST:$PORT/" if ++$count > 10;
sleep 1;
}
$r = $ldap->bind($ADMIN, password => $PASSWD, version=>3);
die $r->error if $r->code;
$newacl = "47#entry#cn=pjones,o=novell#[Entry Rights]";
$r = $ldap->modify("cn=pjones,ou=users,o=novell", add => { acl => $newacl });
die $r->error if $r->code;
$r = $ldap->search( base => $BASEDN,
scope => 'sub',
filter => $searchstring,
attrs => $attnames);
foreach my $entry ($r->entries){
print "<p><b>dn: ".$entry->dn."</b><br>";
my @attrs = $entry->attributes;
foreach my $attr (@attrs) {
my @value = $entry->get_value($attr);
foreach my $value (@value){
print "$attr: $value <br>";
}
}
print "</p>";
}
$ldap->unbind;
© 2008 Novell, Inc. All Rights Reserved.
