2008-12-26 20:18:23 +01:00
|
|
|
##@file
|
|
|
|
# LDAP user database backend file
|
|
|
|
|
|
|
|
##@class
|
|
|
|
# LDAP user database backend class
|
2008-10-05 20:42:50 +02:00
|
|
|
package Lemonldap::NG::Portal::UserDBLDAP;
|
|
|
|
|
2009-12-10 22:48:43 +01:00
|
|
|
use strict;
|
2008-10-05 20:42:50 +02:00
|
|
|
use Lemonldap::NG::Portal::Simple;
|
2009-02-15 09:53:44 +01:00
|
|
|
use Lemonldap::NG::Portal::_LDAP 'ldap'; #link protected ldap
|
2008-10-05 20:42:50 +02:00
|
|
|
|
2012-07-10 10:42:40 +02:00
|
|
|
our $VERSION = '1.2.2';
|
2008-10-05 20:42:50 +02:00
|
|
|
|
2008-12-28 09:36:52 +01:00
|
|
|
## @method int userDBInit()
|
2010-09-01 12:59:11 +02:00
|
|
|
# Transform ldapGroupAttributeNameSearch in ARRAY ref
|
2008-12-28 09:36:52 +01:00
|
|
|
# @return Lemonldap::NG::Portal constant
|
2008-10-05 20:42:50 +02:00
|
|
|
sub userDBInit {
|
2010-09-01 12:59:11 +02:00
|
|
|
my $self = shift;
|
|
|
|
|
|
|
|
unless ( ref $self->{ldapGroupAttributeNameSearch} eq 'ARRAY' ) {
|
|
|
|
my @values = split( /\s/, $self->{ldapGroupAttributeNameSearch} );
|
|
|
|
$self->{ldapGroupAttributeNameSearch} = \@values;
|
|
|
|
}
|
|
|
|
|
2008-10-07 22:15:48 +02:00
|
|
|
PE_OK;
|
2008-10-05 20:42:50 +02:00
|
|
|
}
|
|
|
|
|
2009-02-17 15:56:38 +01:00
|
|
|
## @apmethod int getUser()
|
2008-12-26 20:18:23 +01:00
|
|
|
# 7) Launch formateFilter() and search()
|
2008-12-28 09:36:52 +01:00
|
|
|
# @return Lemonldap::NG::Portal constant
|
2008-10-05 20:42:50 +02:00
|
|
|
sub getUser {
|
|
|
|
my $self = shift;
|
|
|
|
return $self->_subProcess(qw(formateFilter search));
|
|
|
|
}
|
|
|
|
|
2009-02-17 15:56:38 +01:00
|
|
|
## @apmethod protected int formateFilter()
|
2008-12-26 20:18:23 +01:00
|
|
|
# Set the LDAP filter.
|
|
|
|
# By default, the user is searched in the LDAP server with its UID.
|
2008-12-28 09:36:52 +01:00
|
|
|
# @return Lemonldap::NG::Portal constant
|
2008-10-05 20:42:50 +02:00
|
|
|
sub formateFilter {
|
|
|
|
my $self = shift;
|
2009-06-14 18:43:02 +02:00
|
|
|
$self->{LDAPFilter} =
|
|
|
|
$self->{mail}
|
|
|
|
? $self->{mailLDAPFilter}
|
|
|
|
: $self->{AuthLDAPFilter}
|
2009-04-05 10:12:16 +02:00
|
|
|
|| $self->{LDAPFilter};
|
2013-06-02 23:53:11 +02:00
|
|
|
if ( $self->{LDAPFilter} ) {
|
|
|
|
$self->lmLog( "LDAP submitted filter: " . $self->{LDAPFilter},
|
|
|
|
'debug' );
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
$self->{LDAPFilter} =
|
|
|
|
$self->{mail}
|
|
|
|
? '(&(mail=$mail)(objectClass=inetOrgPerson))'
|
|
|
|
: '(&(uid=$user)(objectClass=inetOrgPerson))';
|
|
|
|
}
|
2009-05-28 18:31:39 +02:00
|
|
|
$self->{LDAPFilter} =~ s/\$(user|_?password|mail)/$self->{$1}/g;
|
2009-04-05 10:12:16 +02:00
|
|
|
$self->{LDAPFilter} =~ s/\$(\w+)/$self->{sessionInfo}->{$1}/g;
|
2009-06-14 18:43:02 +02:00
|
|
|
$self->lmLog( "LDAP transformed filter: " . $self->{LDAPFilter}, 'debug' );
|
2008-10-05 20:42:50 +02:00
|
|
|
PE_OK;
|
|
|
|
}
|
|
|
|
|
2009-02-17 15:56:38 +01:00
|
|
|
## @apmethod protected int search()
|
2008-12-26 20:18:23 +01:00
|
|
|
# Search the LDAP DN of the user.
|
2008-12-28 09:36:52 +01:00
|
|
|
# @return Lemonldap::NG::Portal constant
|
2008-10-05 20:42:50 +02:00
|
|
|
sub search {
|
|
|
|
my $self = shift;
|
2008-10-07 22:15:48 +02:00
|
|
|
unless ( $self->ldap ) {
|
|
|
|
return PE_LDAPCONNECTFAILED;
|
|
|
|
}
|
2011-05-16 11:17:31 +02:00
|
|
|
my @attrs =
|
|
|
|
ref( $self->{exportedVars} ) ? values( %{ $self->{exportedVars} } ) : ();
|
2008-10-05 20:42:50 +02:00
|
|
|
my $mesg = $self->ldap->search(
|
|
|
|
base => $self->{ldapBase},
|
|
|
|
scope => 'sub',
|
2009-04-05 10:12:16 +02:00
|
|
|
filter => $self->{LDAPFilter},
|
2011-05-16 11:17:31 +02:00
|
|
|
attrs => \@attrs,
|
2008-10-05 20:42:50 +02:00
|
|
|
);
|
2009-06-14 18:43:02 +02:00
|
|
|
$self->lmLog(
|
2009-12-10 22:48:43 +01:00
|
|
|
'LDAP Search with base: '
|
2009-06-14 18:43:02 +02:00
|
|
|
. $self->{ldapBase}
|
2009-12-10 22:48:43 +01:00
|
|
|
. ' and filter: '
|
2009-06-14 18:43:02 +02:00
|
|
|
. $self->{LDAPFilter},
|
|
|
|
'debug'
|
|
|
|
);
|
2008-10-05 20:42:50 +02:00
|
|
|
if ( $mesg->code() != 0 ) {
|
2009-12-10 22:48:43 +01:00
|
|
|
$self->lmLog( 'LDAP Search error: ' . $mesg->error, 'error' );
|
2008-10-05 20:42:50 +02:00
|
|
|
return PE_LDAPERROR;
|
|
|
|
}
|
2012-07-10 10:32:40 +02:00
|
|
|
if ( $mesg->count() > 1 ) {
|
2012-06-16 10:52:19 +02:00
|
|
|
$self->lmLog( 'More than one entry returned by LDAP directory',
|
|
|
|
'error' );
|
|
|
|
return PE_BADCREDENTIALS;
|
|
|
|
}
|
2009-02-15 09:53:44 +01:00
|
|
|
unless ( $self->{entry} = $mesg->entry(0) ) {
|
2009-12-10 22:48:43 +01:00
|
|
|
my $user = $self->{mail} || $self->{user};
|
2009-06-14 18:43:02 +02:00
|
|
|
$self->_sub( 'userError', "$user was not found in LDAP directory" );
|
2009-02-15 09:53:44 +01:00
|
|
|
return PE_BADCREDENTIALS;
|
|
|
|
}
|
2008-10-05 20:42:50 +02:00
|
|
|
$self->{dn} = $self->{entry}->dn();
|
|
|
|
PE_OK;
|
|
|
|
}
|
|
|
|
|
2009-02-17 15:56:38 +01:00
|
|
|
## @apmethod int setSessionInfo()
|
2008-12-26 20:18:23 +01:00
|
|
|
# 7) Load all parameters included in exportedVars parameter.
|
|
|
|
# Multi-value parameters are loaded in a single string with
|
2010-04-15 13:15:36 +02:00
|
|
|
# a separator (param multiValuesSeparator)
|
2008-12-28 09:36:52 +01:00
|
|
|
# @return Lemonldap::NG::Portal constant
|
2008-10-05 20:42:50 +02:00
|
|
|
sub setSessionInfo {
|
2010-01-31 09:25:05 +01:00
|
|
|
my $self = shift;
|
2008-10-05 20:42:50 +02:00
|
|
|
$self->{sessionInfo}->{dn} = $self->{dn};
|
|
|
|
unless ( $self->{exportedVars} ) {
|
|
|
|
foreach (qw(uid cn mail)) {
|
|
|
|
$self->{sessionInfo}->{$_} =
|
2010-04-15 13:15:36 +02:00
|
|
|
$self->{ldap}->getLdapValue( $self->{entry}, $_ ) || "";
|
2008-10-05 20:42:50 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
elsif ( ref( $self->{exportedVars} ) eq 'HASH' ) {
|
|
|
|
foreach ( keys %{ $self->{exportedVars} } ) {
|
2010-05-12 06:04:10 +02:00
|
|
|
$self->{sessionInfo}->{$_} =
|
|
|
|
$self->{ldap}
|
|
|
|
->getLdapValue( $self->{entry}, $self->{exportedVars}->{$_} )
|
|
|
|
|| "";
|
2008-10-05 20:42:50 +02:00
|
|
|
}
|
2010-05-12 06:04:10 +02:00
|
|
|
}
|
2008-10-05 20:42:50 +02:00
|
|
|
else {
|
2008-11-21 08:27:08 +01:00
|
|
|
$self->abort('Only hash reference are supported now in exportedVars');
|
2008-10-05 20:42:50 +02:00
|
|
|
}
|
|
|
|
PE_OK;
|
|
|
|
}
|
|
|
|
|
2009-06-04 11:13:03 +02:00
|
|
|
## @apmethod int setGroups()
|
|
|
|
# Load all groups in $groups.
|
|
|
|
# @return Lemonldap::NG::Portal constant
|
|
|
|
sub setGroups {
|
2010-03-01 21:32:28 +01:00
|
|
|
my $self = shift;
|
2009-06-04 17:33:53 +02:00
|
|
|
my $groups = $self->{sessionInfo}->{groups};
|
|
|
|
|
2010-02-05 15:17:55 +01:00
|
|
|
if ( $self->{ldapGroupBase} ) {
|
|
|
|
|
|
|
|
# Push group attribute value for recursive search
|
|
|
|
push(
|
|
|
|
@{ $self->{ldapGroupAttributeNameSearch} },
|
|
|
|
$self->{ldapGroupAttributeNameGroup}
|
2009-06-14 18:43:02 +02:00
|
|
|
)
|
2010-02-05 15:17:55 +01:00
|
|
|
if ( $self->{ldapGroupRecursive}
|
|
|
|
and $self->{ldapGroupAttributeNameGroup} ne "dn" );
|
|
|
|
|
|
|
|
# Get value for group search
|
2010-03-01 21:32:28 +01:00
|
|
|
my $group_value =
|
|
|
|
$self->{ldap}
|
|
|
|
->getLdapValue( $self->{entry}, $self->{ldapGroupAttributeNameUser} );
|
2010-02-05 15:17:55 +01:00
|
|
|
|
|
|
|
$self->lmLog(
|
|
|
|
"Searching LDAP groups in "
|
|
|
|
. $self->{ldapGroupBase}
|
|
|
|
. " for $group_value",
|
|
|
|
'debug'
|
2009-06-14 18:43:02 +02:00
|
|
|
);
|
2010-02-05 15:17:55 +01:00
|
|
|
|
|
|
|
# Call searchGroups
|
|
|
|
$groups .= $self->{ldap}->searchGroups(
|
|
|
|
$self->{ldapGroupBase}, $self->{ldapGroupAttributeName},
|
|
|
|
$group_value, $self->{ldapGroupAttributeNameSearch}
|
2010-03-01 21:32:28 +01:00
|
|
|
);
|
|
|
|
}
|
2009-06-04 17:33:53 +02:00
|
|
|
|
2009-06-04 11:13:03 +02:00
|
|
|
$self->{sessionInfo}->{groups} = $groups;
|
|
|
|
PE_OK;
|
|
|
|
}
|
|
|
|
|
2010-08-23 16:52:53 +02:00
|
|
|
## @method boolean setUserDBValue(string key, string value)
|
|
|
|
# Store a value in UserDB
|
|
|
|
# @param key Key in user information
|
|
|
|
# @param value Value to store
|
|
|
|
# @return result
|
|
|
|
sub setUserDBValue {
|
|
|
|
my ( $self, $key, $value ) = splice @_;
|
|
|
|
|
|
|
|
# Mandatory attributes
|
|
|
|
return 0 unless defined $key;
|
|
|
|
|
|
|
|
# Write in LDAP
|
|
|
|
$self->lmLog( "Replace $key attribute in LDAP with value $value", 'debug' );
|
|
|
|
my $modification =
|
|
|
|
$self->{ldap}->modify( $self->{dn}, replace => { $key => $value } );
|
|
|
|
|
|
|
|
# Check result
|
|
|
|
if ( $modification->code ) {
|
|
|
|
$self->lmLog(
|
|
|
|
"LDAP error " . $modification->code . ": " . $modification->error,
|
|
|
|
'error' );
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2008-10-05 20:42:50 +02:00
|
|
|
1;
|
|
|
|
|