Programming Guides › Programming Guide for Perl › CLI Policy Management Methods › CLI User Directory Methods

CLI User Directory Methods

AnonymousIDAttr Method—Sets or Retrieves Anonymous DN Name

The AnonymousIDAttr method sets or retrieves the name of the user directory's anonymous user DN attribute. The DN, which is defined in the anonymous authentication scheme, gives anonymous users access to resources protected by the anonymous authentication scheme. You can use the AnonymousIDAttr method with LDAP directories and some custom directories.

Syntax

The AnonymousIDAttr method has the following format:

Netegrity::PolicyMgtUserDir‑>AnonymousIDAttr([anonIDAttr])

Parameters

The AnonymousIDAttr method accepts the following parameter:

anonIDAttr (string)

(Optional) Specifies a new name for the anonymous user DN attribute.

Return Value

The AnonymousIDAttr method returns one of the following values:

• anonymous_user_dn_attribute_name (string)

  Specifies the new or existing name of the anonymous user DN attribute.

• undef

  Specifies that the call is unsuccessful.

ChalRespAttr Method—Sets or Retrieves Challenge/Response Name

The ChalRespAttr method sets or retrieves the name of the user directory's challenge/response attribute. You can use the ChalRespAttr method with LDAP directories and some custom directories.

Syntax

The ChalRespAttr method has the following format:

Netegrity::PolicyMgtUserDir‑>ChalRespAttr([chalRespAttr])

Parameters

The ChalRespAttr method accepts the following parameter:

chalRespAttr (string)

(Optional) Specifies a new name for the user directory's challenge/response attribute.

Return Value

The ChalRespAttr method returns one of the following values:

• challenge_response_attribute_name (string)

  Specifies the new or existing name of the user directory's challenge/response attribute.

• undef

  Specifies that the call is unsuccessful.

Description Method—Sets or Retrieves Description of User Directory

The Description method sets or retrieves the description of the user directory.

Syntax

The Description method has the following format:

Netegrity::PolicyMgtUserDir‑>Description([userDirDesc])

Parameters

The Description method accepts the following parameter:

userDirDesc (string)

(Optional) Specifies a new description for the user directory.

Return Value

The Description method returns one of the following values:

• user_directory_description (string)

  Specifies the new or existing description of the user directory.

• "" (empty string)

  Specifies that the call is unsuccessful.

DisabledAttr Method—Sets or Retrieves Name of Disabled Attribute

The DisabledAttr method sets or retrieves the name of the user directory attribute that contains the user's disabled state. This method applies to LDAP and ODBC directories and some custom directories.

Syntax

The DisabledAttr method has the following format:

Netegrity::PolicyMgtUserDir‑>DisabledAttr([disabledAttr])

Parameters

The DisabledAttr method accepts the following parameter:

disabledAttr (string)

(Optional) Specifies a new name for the user directory attribute that contains the user's disabled state.

Return Value

The DisabledAttr method returns one of the following values:

• disabled_attribute_name (string)

  Specifies the new or existing name of the user directory attribute that contains the user's disabled state.

• undef

  Specifies that the call is unsuccessful.

EmailAttr Method—Sets or Retrieves Email Attribute Name

The EmailAttr method sets or retrieves the name of the email attribute.

Note: This method is reserved for future use.

Syntax

The EmailAttr method has the following format:

Netegrity::PolicyMgtUserDir‑>EmailAttr([emailAttr])

Parameters

The EmailAttr method accepts the following parameter:

emailAttr (string)

(Optional) Specifies a new name for the email attribute.

Return Value

The EmailAttr method returns one of the following values:

• email_attribute_name (string)

  Specifies the new or existing name of the email attribute.

• undef

  Specifies that the call is unsuccessful.

EnableSecurityContext Method—Sets or Retrieves Security Context Flag

The EnableSecurityContext method sets or retrieves the user directory flag that specifies whether security context is enabled.

Syntax

The EnableSecurityContext method has the following format:

Netegrity::PolicyMgtUserDir‑>EnableSecurityContext([securityctxflag])

Parameters

The EnableSecurityContext method accepts the following parameter:

securityctxflag (int)

(Optional) Specifies a new value for the user directory's security context flag :

• value = 1 (enabled)
• value = 0 (disabled)

Return Value

The EnableSecurityContext method returns the new or existing value for the security context flag:

• value = 1

  Specifies that security context is enabled.

• value = 0

  Specifies that security context is disabled.

• Sm_PolicyApi_Failure

  Specifies that the call is unsuccessful.

GetContents Method—Retrieves All Users in User Directory

The GetContents method retrieves all users in the user directory.

Syntax

The GetContents method has the following format:

Netegrity::PolicyMgtUserDir‑>GetContents()

Parameters

The GetContents method accepts no parameters.

Return Value

The GetContents method returns one of the following values:

• PolicyMgtUser (array)
• undef if the call is unsuccessful

GetNamespace Method—Retrieves User Directory Namespace

The GetNamespace method retrieves the user directory namespace.

Syntax

The GetNamespace method has the following format:

Netegrity::PolicyMgtUserDir‑>GetNamespace()

Parameters

The GetNamespace method accepts no parameters.

Return Value

The GetNamespace method returns one of the following values:

• user_directory_namespace
• undef if the call is unsuccessful

IsSecure Method—Sets or Retrieves Secure Authentication Flag

The IsSecure method sets or retrieves the flag that specifies whether SiteMinder performs secure authentication for an LDAP or custom user directory. When this flag is enabled, SiteMinder authentication is secure and transmissions are encrypted. Enable this flag when using SSL.

Syntax

The IsSecure method has the following format:

Netegrity::PolicyMgtUserDir‑>IsSecure([secureFlag])

Parameters

The IsSecure method accepts the following parameter:

secureFlag (int)

(Optional) Specifies whether SiteMinder performs secure authentication:

• value = 1 (secure authentication is enabled)
• value = 0 (secure authentication is disabled)

Return Value

The IsSecure method returns the new or existing value for the secure authentication flag:

• value = 1

  Specifies that secure authentication is enabled.

• value = 0

  Specifies that secure authentication is disabled.

• value = -1

  Specifies that the call is unsuccessful.

LookupEntry Method—Retrieves Users that Match Specified Pattern

The LookupEntry method retrieves the user or users in the user directory that match the specified search pattern.

Syntax

The LookupEntry method has the following format:

Netegrity::PolicyMgtUserDir‑>LookupEntry(srchPattern)

Parameters

The LookupEntry method accepts the following parameter:

srchPattern (string)

Specifies the pattern to match when searching for users in the user directory.

Return Value

The LookupEntry method returns one of the following values:

• PolicyMgtUser (array)
• undef if the call is unsuccessful

MaxResults Method—Sets or Retrieves Maximum Search Results

The MaxResults method sets or retrieves the maximum number of search results to return from a search of an LDAP or custom user directory.

Syntax

The MaxResults method has the following format:

Netegrity::PolicyMgtUserDir‑>MaxResults([nResults])

Parameters

The MaxResults method accepts the following parameter:

nResults (int)

(Optional) Specifies a new number for the maximum results to return from a user directory search.

Return Value

The MaxResults method returns one of the following values:

• maximum_results (int)

  Specifies the new or existing maximum number of results to return from a user directory search.

• value = -1

  Specifies that the call is unsuccessful.

Name Method—Sets or Retrieves User Directory Name

The Name method sets or retrieves the name of the user directory.

Syntax

The Name method has the following format:

Netegrity::PolicyMgtUserDir‑>Name([userDirName])

Parameters

The Name method accepts the following parameter:

userDirName (string)

(Optional) Specifies a new name for the user directory.

Return Value

The Name method returns one of the following values:

• user_directory_name (string)

  Specifies the new or existing name of the user directory.

• undef

  Specifies that the call is unsuccessful.

ODBCQueryScheme Method—Sets or Retrieves ODBC Query Scheme

The ODBCQueryScheme method sets or retrieves the ODBC query scheme for the user directory.

Syntax

The ODBCQueryScheme method has the following format:

Netegrity::PolicyMgtUserDir‑>ODBCQueryScheme([odbcScheme])

Parameters

The ODBCQueryScheme method accepts the following parameters:

odbcScheme (PolicyMgtODBCQueryScheme)

(Optional) Specifies a new ODBC query scheme for the user directory.

Return Value

The ODBCQueryScheme method returns one of the following values:

• odbcScheme (PolicyMgtODBCQueryScheme)
• undef if no scheme exists or the call is unsuccessful

Password Method—Sets or Retrieves User Password

The Password method sets or retrieves the user password for access to the user directory.

Syntax

The Password method has the following format:

Netegrity::PolicyMgtUserDir‑>Password([pwd])

Parameters

The Password method accepts the following parameter:

pwd (string)

(Optional) Specifies a new user password for access to the user directory.

Return Value

The Password method returns one of the following values:

• password (string)

  Specifies the new or existing user password.

• undef

  Specifies that the call is unsuccessful.

PwdAttr Method—Sets or Retrieves Password Attribute Name

The PwdAttr method sets or retrieves the name of the user directory's password attribute.

Syntax

The PwdAttr method has the following format:

Netegrity::PolicyMgtUserDir‑>PwdAttr([pwdAttr])

Parameters

The PwdAttr method accepts the following parameter:

pwdAttr (string)

(Optional) Specifies a new name for the user directory's password attribute.

Return Value

The PwdAttr method returns one of the following values:

• password_attribute_name (string)

  Specifies the new or existing name of the user directory's password attribute.

• undef

  Specifies that the call is unsuccessful.

PwdDataAttr Method—Sets or Retrieves Password Data Attribute Name

The PwdDataAttr method sets or retrieves the name of the user directory's password data attribute.

Syntax

The PwdDataAttr method has the following format:

Netegrity::PolicyMgtUserDir‑>PwdDataAttr([pwdDataAttr])

Parameters

The PwdDataAttr method accepts the following parameter:

pwdDataAttr (string)

(Optional) Specifies a new name for the user directory's password data attribute.

Return Value

The PwdDataAttr method returns one of the following values:

• password_data_attribute_name (string)

  Specifies the new or existing name of the user directory's password data attribute.

• undef

  Specifies that the call is unsuccessful.

RequireCredentials Method—Sets or Retrieves Whether Credentials Are Required

The RequireCredentials method sets or retrieves the flag that specifies whether SiteMinder is required to check user credentials.

Syntax

The RequireCredentials method has the following format:

Netegrity::PolicyMgtUserDir‑>RequireCredentials([credFlag])

Parameters

The RequireCredentials method accepts the following parameter:

credFlag (int)

(Optional) Specifies whether SiteMinder is required to check user credentials:

• value = 1 (credentials required)
• value = 0 (credentials are not required)

Return Value

The RequireCredentials method returns the new or existing value for the require credentials flag:

• value = 1

  Specifies that credentials are required.

• value = 0

  Specifies that credentials are not required.

• value = -1

  Specifies that the call is unsuccessful.

SearchRoot Method—Sets or Retrieves Directory Search Root

The SearchRoot method sets or retrieves different values for different directory types:

LDAP Directories

The SearchRoot method sets or retrieves the location in the LDAP tree that is the starting point for the directory connection, for example, the organization (o) or organizational unit (ou). This location, called the search root, is the point where the Policy Server starts the search for a user.

Custom Directories

The SearchRoot method sets or retrieves a string of parameters to pass to the custom library.

Syntax

The SearchRoot method has the following format:

Netegrity::PolicyMgtUserDir‑>SearchRoot([srchRoot])

Parameters

The SearchRoot method accepts the following parameter:

srchRoot (string)

Specifies a new search root for an LDAP directory or parameter string for a custom directory.

Return Value

The SearchRoot method returns one of the following values:

• search_root (string)

  Specifies the new or existing search root for an LDAP directory or parameter string for a custom directory.

• undef

  Specifies that the call is unsuccessful.

SearchScope Method—Sets or Retrieves LDAP Directory Search Scope

The SearchScope method sets or retrieves the search scope for an LDAP user directory. The search scope specifies how many levels SiteMinder searches for users or user groups in the LDAP directory.

Syntax

The SearchScope method has the following format:

Netegrity::PolicyMgtUserDir‑>SearchScope([searchScope])

Parameters

The SearchScope method accepts the following parameter:

searchScope (int)

(Optional) Specifies a new search scope for an LDAP user directory:

• USERDIR_SCOPE_SUBTREE

  Specifies searching the root and all levels below.

• USERDIR_SCOPE_ONELEVEL

  Specifies searching the root and one level below.

Return Value

The SearchScope method returns one of the following new or existing values:

• USERDIR_SCOPE_SUBTREE

  Specifies searching the root and all levels below.

• USERDIR_SCOPE_ONELEVEL

  Specifies searching the root and one level below.

• value = -1

  Specifies that the call is unsuccessful.

SearchTimeout Method—Sets or Retrieves Maximum Directory Search Time

The SearchTimeout method sets or retrieves the maximum time, in seconds, allowed for searching an LDAP or custom user directory.

Syntax

The SearchTimeout method has the following format:

Netegrity::PolicyMgtUserDir‑>SearchTimeout([maxTimeout])

Parameters

The SearchTimeout method accepts the following parameter:

maxTimeout (int)

(Optional) Specifies a new maximum time (in seconds) allowed for searching an LDAP or custom user directory.

Return Value

The SearchTimeout method returns one of the following values:

• maximum_time_allowed (int)

  Specifies the new or existing maximum time (in seconds) allowed for searching an LDAP or custom user directory.

• value = -1

  Specifies that the call is unsuccessful.

Server Method—Sets or Retrieves a Directory-Dependent Value

The Server method sets or retrieves a value. The type of value depends on the type of user directory, as follows:

LDAP and AD Directories

The Server method sets or retrieves the LDAP server's IP address and port number.

ODBC Directories

The Server method sets or retrieves the data source name.

WinNT Directories

The Server method sets or retrieves the domain name.

Custom Directories

The Server method sets or retrieves the library name.

Syntax

The Server method has the following format:

Netegrity::PolicyMgtUserDir‑>Server([server])

Parameters

The Server method accepts the following parameter:

server (string)

(Optional) Specifies a new value for one of the following types of directories:

• LDAP and AD Directories

  Specifies a new IP address and port number for the LDAP server.

  Format: IP_address:port_number

  Default port number: 389

• ODBC Directories

  Specifies a new data source name.

• WinNT Directories

  Specifies a new domain name.

• Custom Directories

  Specifies a new library name.

Return Value

The Server method returns one of the following values:

• value (string)

  Specifies the new or existing value for the user directory.

• undef

  Specifies that the call is unsuccessful.

UIDAttr Method—Sets or Retrieves Universal ID Attribute Name

The UIDAttr method sets or retrieves the name of the user directory's universal ID attribute. The universal ID is different from the user's login ID and is used to look up user information. This method applies to LDAP, ODBC, and WinNT directories and to some custom directories.

Syntax

The UIDAttr method has the following format:

Netegrity::PolicyMgtUserDir‑>UIDAttr([uidAttr])

Parameters

The UIDAttr method accepts the following parameter:

uidAttr (string)

(Optional) Specifies a new name for the universal ID attribute.

Return Value

The UIDAttr method returns one of the following values:

• uid_attribute_name (string)

  Specifies the new or existing name of the universal ID attribute.

• undef

  Specifies that the call is unsuccessful.

UserLookupEnd Method—Sets or Retrieves User DN Lookup Endpoint

The UserLookupEnd method sets or retrieves the endpoint for a user DN lookup in an LDAP directory.

Syntax

The UserLookupEnd method has the following format:

Netegrity::PolicyMgtUserDir‑>UserLookupEnd([lookupEnd])

Parameters

The UserLookupEnd method accepts the following parameter:

lookupEnd (string)

(Optional) Specifies a new value for the user DN lookup endpoint.

Return Value

The UserLookupEnd method returns one of the following values:

• user_dn_lookup_endpoint (string)

  Specifies the new or existing user DN lookup endpoint.

• undef

  Specifies that the call is unsuccessful.

Remarks

Specifying values for the user DN lookup starting point and endpoint allows users to enter part of the DN string when authenticating. In the following example, the user only needs to specify the string "JSmith" and not the whole DN string when logging in:

• DN = "uid=JSmith,ou=marketing,o=myorg.org"
• starting_point = "uid="
• endpoint = ",ou=marketing,o=myorg.org"
• login = "JSmith"

UserLookupStart Method—Sets or Retrieves User DN Lookup Starting Point

The UserLookupStart method sets or retrieves the starting point for a user DN lookup in an LDAP directory.

Syntax

The UserLookupStart method has the following format:

Netegrity::PolicyMgtUserDir‑>UserLookupStart([lookupStart])

Parameters

The UserLookupStart method accepts the following parameter:

lookupStart (string)

(Optional) Specifies a new value for the user DN lookup starting point.

Return Value

The UserLookupStart method returns one of the following values:

• user_dn_lookup_starting_point (string)

  Specifies the new or existing user DN lookup starting point.

• undef

  Specifies that the call is unsuccessful.

Remarks

Specifying values for the user DN lookup starting point and endpoint allows users to enter part of the DN string when authenticating. In the following example, the user only needs to specify the string "JSmith" and not the whole DN string when logging in:

• DN = "uid=JSmith,ou=marketing,o=myorg.org"
• starting_point = "uid="
• endpoint = ",ou=marketing,o=myorg.org"
• login = "JSmith"

Username Method—Sets or Retrieves Username

The Username method sets or retrieves the username required for accessing the user directory. Set the username only if the RequireCredentials method returns the value of 1.

Syntax

The Username method has the following format:

Netegrity::PolicyMgtUserDir‑>Username([username])

Parameters

The Username method accepts the following parameters:

username (string)

(Optional) Specifies a new name for the user.

Return Value

The Username method returns one of the following values:

• user_name (string)

  Specifies the new or existing name of the user.

• undef

  Specifies that the call is unsuccessful.

ValidateEntry Method—Validates User Directory Entry

The ValidateEntry method validates a user directory entry.

Syntax

The ValidateEntry method has the following format:

Netegrity::PolicyMgtUserDir‑>ValidateEntry(path)

Parameters

The ValidateEntry method accepts the following parameter:

path (string)

Specifies the path of the user or user group to validate.

Return Value

The ValidateEntry method returns one of the following values:

• value = 0

  Specifies that the method is successful.

• value = -1

  Specifies that the method is unsuccessful.