Infoblox::Grid::Admin::AuthPolicy - Authentication Policy object

NAME

Infoblox::Grid::Admin::AuthPolicy - Authentication Policy object

DESCRIPTION

This object represents the grid authentication policy.

SESSION METHODS

This section describes all the methods in the Infoblox::Session module that you can apply to the Grid Authentication Policy object.

Infoblox::Session->get( )

Use this method to retrieve the grid authentication policy from the Infoblox appliance. See Infoblox::Session->get() for parameters and return values.

Key Reference

No parameters are required.

Example 
 my $auth_policy = $session->get(
         object => "Infoblox::Grid::Admin::AuthPolicy",
     );

Infoblox::Session->modify( )

Use this method to modify the grid authentication policy on the Infoblox appliance. See Infoblox::Session->modify() for parameters and return values.

Example 
 #Changing the default group
 $auth_policy->default_group($group);
 #Submit modification
 my $response = $session->modify( $auth_policy );

METHODS

This section describes all the methods that you can use to set or retrieve the attribute values of the grid authentication policy.

admin_groups( )

Use this method to set or retrieve the list of local admin groups that are mapped to remote administration groups. The default value is an empty list.

Include the specified parameter to set the attribute value. Omit the parameter to retrieve the attribute value.

Parameter

The valid value is an array reference that contains Infoblox::Grid::Admin::Group objects.

Returns

If you specified a parameter, the method returns "true" when the modification succeeds, and returns "false" when the operation fails.

If you did not specify a parameter, the method returns the attribute value.

Example 
 #Get the admin groups list
 my $admin_groups = $auth_policy->admin_groups();

 #Modify the admin_groups
 $auth_policy->admin_groups([$admingroup1,$admingroup2]);

auth_services( )

Use this method to set or retrieve the list of authentication services that grid members use to authenticate admins. The default is a list that contains the LocalUserAuthService object.

Include the specified parameter to set the attribute value. Omit the parameter to retrieve the attribute value.

Parameter

The valid value is an array reference that contains an ordered list of Infoblox::Grid::Admin::AdAuthService, Infoblox::Grid::Admin::LocalUserAuthService, Infoblox::Grid::Admin::TACACSPlusAuthService, Infoblox::LDAP::AuthService, Infoblox::Grid::Admin::CertificateAuthService, Infoblox::Grid::Admin::RadiusAuthService objects.

Returns

If you specified a parameter, the method returns "true" when the modification succeeds, and returns "false" when the operation fails.

If you did not specify a parameter, the method returns the attribute value.

Example 
 #Get the services list
 my $auth_services = $auth_policy->auth_services();
 #Modify the auth_services
 $auth_policy->auth_services([$radius1, $local, $ad2]);

default_group( )

Use this method to set or retrieve the default admin group that provides authentication in case no valid group is found. The default value is none (represented by undef).

Include the specified parameter to set the attribute value. Omit the parameter to retrieve the attribute value.

Parameter

The valid value is an Infoblox::Grid::Admin::Group object.

Returns

If you specified a parameter, the method returns "true" when the modification succeeds, and returns "false" when the operation fails.

If you did not specify a parameter, the method returns the attribute value.

Example 
 #Get the default group
 my $default_group = $auth_policy->default_group();

 #Modify the default_group
 $auth_policy->default_group($group2);

usage_type( )

Use this method to set or retrieve remote policies usage.

Include the specified parameter to set the attribute value. Omit the parameter to retrieve the attribute value.

Parameter

Specify 'FULL' to define the list of remote users, their passwords and their group ownership, and specify 'AUTH_ONLY' to validate passwords of local users only. The default value is 'FULL'.

Returns

If you specified a parameter, the method returns "true" when the modification succeeds, and returns "false" when the operation fails.

If you did not specify a parameter, the method returns the attribute value.

Example 
 #Get usage_type value 
 my $usage_type = $auth_policy->usage_type();

 #Modify usage_type value
 $auth_policy->usage_type('AUTH_ONLY');

SAMPLE CODE

The following sample code demonstrates the different functions that can be applied to an object, such as get and modify. This sample code also includes error handling for the operations.

#Preparation prior to getting and modifying an auth policy object

 use strict;
 use Infoblox;

 #Creating a session to appliance.
 my $session = Infoblox::Session->new(
     master   => "192.168.1.2",
     username => "admin",
     password => "infoblox"
     );
 unless( $session ){
     die("Constructor for session failed:",
     Infoblox::status_code() . ":" . Infoblox::status_detail());
 }
 print" Session object created successfully \n";

#Retrieving the auth policy object

 my $policy = $session->get(
                            object => 'Infoblox::Grid::Admin::AuthPolicy',
                           ) || die("Retrieval of the auth policy failed: ",
                  Infoblox::status_code() . ":" . Infoblox::status_detail());

#Retrieving the local user auth service

 my $local_auth = $session->get(
                                object => 'Infoblox::Grid::Admin::LocalUserAuthService',
                               ) || die("Retrieval of the local user auth service failed: ",
                  Infoblox::status_code() . ":" . Infoblox::status_detail());

#Creation of a Radius auth server/service pair

 my $ads = Infoblox::Grid::Admin::RadiusAuthServer->new(
                                                        fqdn_or_ip => '10.1.0.1',
                                                        shared_secret => 'secret',
                                                       ) ||
   die("Couldn't create the auth server: ",
       Infoblox::status_code() . ":" . Infoblox::status_detail());

 my $service = Infoblox::Grid::Admin::RadiusAuthService->new(
                                                             acct_timeout => 1100,
                                                             auth_timeout => 1100,
                                                             name => 'some.name.com',
                                                             radius_servers => [$ads]
                                                            ) ||
   die("Couldn't create the auth service: ",
       Infoblox::status_code() . ":" . Infoblox::status_detail());

 $session->add($service) || die("Couldn't add the auth service: ",
         Infoblox::status_code() . ":" . Infoblox::status_detail());

#Retrieving the auth service created above

 my $radius_auth = $session->get(
                                 object => 'Infoblox::Grid::Admin::RadiusAuthService',
                                 name   => 'some.name.com',
                          ) || die("Retrieval of the radius auth service failed: ",
                  Infoblox::status_code() . ":" . Infoblox::status_detail());

#Modify the authpolicy

 $policy->auth_services([$radius_auth,$local_auth]);

 $session->modify($policy) || die("Policy modify failed: ",
         Infoblox::status_code() . ":" . Infoblox::status_detail());

 ####PROGRAM ENDS####

AUTHOR

Infoblox Inc. http://www.infoblox.com/

SEE ALSO

Infoblox::Grid::Admin::Group, Infoblox::Grid::Admin::AdAuthService, Infoblox::Grid::Admin::TACACSPlusAuthService, Infoblox::Grid::Admin::LocalUserAuthService, Infoblox::Grid::Admin::RadiusAuthService, Infoblox::LDAP::AuthService, Infoblox::Grid::Admin::CertificateAuthService, Infoblox::Session->get(), Infoblox::Session->get()

COPYRIGHT

Copyright (c) 2017 Infoblox Inc.