2008-12-26 20:18:23 +01:00
|
|
|
##@file
|
|
|
|
# LDAP user database backend file
|
|
|
|
|
|
|
|
##@class
|
|
|
|
# LDAP user database backend class
|
2008-10-05 20:42:50 +02:00
|
|
|
package Lemonldap::NG::Portal::UserDBLDAP;
|
|
|
|
|
|
|
|
use Lemonldap::NG::Portal::Simple;
|
2009-02-15 09:53:44 +01:00
|
|
|
use Lemonldap::NG::Portal::_LDAP 'ldap'; #link protected ldap
|
2008-10-05 20:42:50 +02:00
|
|
|
|
2009-06-04 17:33:53 +02:00
|
|
|
our $VERSION = '0.2';
|
2008-10-05 20:42:50 +02:00
|
|
|
|
2008-12-28 09:36:52 +01:00
|
|
|
## @method int userDBInit()
|
2008-12-26 20:18:23 +01:00
|
|
|
# Does nothing.
|
2008-12-28 09:36:52 +01:00
|
|
|
# @return Lemonldap::NG::Portal constant
|
2008-10-05 20:42:50 +02:00
|
|
|
sub userDBInit {
|
2008-10-07 22:15:48 +02:00
|
|
|
PE_OK;
|
2008-10-05 20:42:50 +02:00
|
|
|
}
|
|
|
|
|
2009-02-17 15:56:38 +01:00
|
|
|
## @apmethod int getUser()
|
2008-12-26 20:18:23 +01:00
|
|
|
# 7) Launch formateFilter() and search()
|
2008-12-28 09:36:52 +01:00
|
|
|
# @return Lemonldap::NG::Portal constant
|
2008-10-05 20:42:50 +02:00
|
|
|
sub getUser {
|
|
|
|
my $self = shift;
|
|
|
|
return $self->_subProcess(qw(formateFilter search));
|
|
|
|
}
|
|
|
|
|
2009-02-17 15:56:38 +01:00
|
|
|
## @apmethod protected int formateFilter()
|
2008-12-26 20:18:23 +01:00
|
|
|
# Set the LDAP filter.
|
|
|
|
# By default, the user is searched in the LDAP server with its UID.
|
2008-12-28 09:36:52 +01:00
|
|
|
# @return Lemonldap::NG::Portal constant
|
2008-10-05 20:42:50 +02:00
|
|
|
sub formateFilter {
|
|
|
|
my $self = shift;
|
2009-05-28 18:31:39 +02:00
|
|
|
$self->{LDAPFilter} = $self->{mail} ?
|
|
|
|
$self->{mailLDAPFilter} :
|
2009-04-05 10:12:16 +02:00
|
|
|
$self->{AuthLDAPFilter}
|
|
|
|
|| $self->{LDAPFilter};
|
2009-05-28 18:31:39 +02:00
|
|
|
$self->lmLog( "LDAP submitted filter: ".$self->{LDAPFilter}, 'debug' );
|
2009-04-05 10:12:16 +02:00
|
|
|
$self->{LDAPFilter} ||= '(&(uid=$user)(objectClass=inetOrgPerson))';
|
2009-05-28 18:31:39 +02:00
|
|
|
$self->{LDAPFilter} =~ s/\$(user|_?password|mail)/$self->{$1}/g;
|
2009-04-05 10:12:16 +02:00
|
|
|
$self->{LDAPFilter} =~ s/\$(\w+)/$self->{sessionInfo}->{$1}/g;
|
2009-05-28 18:31:39 +02:00
|
|
|
$self->lmLog( "LDAP transformed filter: ".$self->{LDAPFilter}, 'debug' );
|
2008-10-05 20:42:50 +02:00
|
|
|
PE_OK;
|
|
|
|
}
|
|
|
|
|
2009-02-17 15:56:38 +01:00
|
|
|
## @apmethod protected int search()
|
2008-12-26 20:18:23 +01:00
|
|
|
# Search the LDAP DN of the user.
|
2008-12-28 09:36:52 +01:00
|
|
|
# @return Lemonldap::NG::Portal constant
|
2008-10-05 20:42:50 +02:00
|
|
|
sub search {
|
|
|
|
my $self = shift;
|
2008-10-07 22:15:48 +02:00
|
|
|
unless ( $self->ldap ) {
|
|
|
|
return PE_LDAPCONNECTFAILED;
|
|
|
|
}
|
2008-10-05 20:42:50 +02:00
|
|
|
my $mesg = $self->ldap->search(
|
|
|
|
base => $self->{ldapBase},
|
|
|
|
scope => 'sub',
|
2009-04-05 10:12:16 +02:00
|
|
|
filter => $self->{LDAPFilter},
|
2008-10-05 20:42:50 +02:00
|
|
|
);
|
2009-05-28 18:31:39 +02:00
|
|
|
$self->lmLog( "LDAP Search with base: ".$self->{ldapBase}." and filter: ".$self->{LDAPFilter}, 'debug' );
|
2008-10-05 20:42:50 +02:00
|
|
|
if ( $mesg->code() != 0 ) {
|
2009-05-28 18:31:39 +02:00
|
|
|
$self->lmLog( "LDAP Search error: ".$mesg->error, 'error' );
|
2008-10-05 20:42:50 +02:00
|
|
|
return PE_LDAPERROR;
|
|
|
|
}
|
2009-02-15 09:53:44 +01:00
|
|
|
unless ( $self->{entry} = $mesg->entry(0) ) {
|
2009-06-02 17:34:13 +02:00
|
|
|
$user = $self->{mail} || $self->{user};
|
|
|
|
$self->_sub('userError',"$user was not found in LDAP directory");
|
2009-02-15 09:53:44 +01:00
|
|
|
return PE_BADCREDENTIALS;
|
|
|
|
}
|
2008-10-05 20:42:50 +02:00
|
|
|
$self->{dn} = $self->{entry}->dn();
|
|
|
|
PE_OK;
|
|
|
|
}
|
|
|
|
|
2009-02-17 15:56:38 +01:00
|
|
|
## @apmethod int setSessionInfo()
|
2008-12-26 20:18:23 +01:00
|
|
|
# 7) Load all parameters included in exportedVars parameter.
|
|
|
|
# Multi-value parameters are loaded in a single string with
|
|
|
|
# '; ' separator
|
2008-12-28 09:36:52 +01:00
|
|
|
# @return Lemonldap::NG::Portal constant
|
2008-10-05 20:42:50 +02:00
|
|
|
sub setSessionInfo {
|
|
|
|
my ($self) = @_;
|
|
|
|
$self->{sessionInfo}->{dn} = $self->{dn};
|
|
|
|
unless ( $self->{exportedVars} ) {
|
|
|
|
foreach (qw(uid cn mail)) {
|
|
|
|
$self->{sessionInfo}->{$_} =
|
|
|
|
join( '; ', $self->{entry}->get_value($_) ) || "";
|
|
|
|
}
|
|
|
|
}
|
|
|
|
elsif ( ref( $self->{exportedVars} ) eq 'HASH' ) {
|
|
|
|
foreach ( keys %{ $self->{exportedVars} } ) {
|
|
|
|
if ( my $tmp = $ENV{$_} ) {
|
|
|
|
$tmp =~ s/[\r\n]/ /gs;
|
|
|
|
$self->{sessionInfo}->{$_} = $tmp;
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
$self->{sessionInfo}->{$_} = join( '; ',
|
|
|
|
$self->{entry}->get_value( $self->{exportedVars}->{$_} ) )
|
|
|
|
|| "";
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else {
|
2008-11-21 08:27:08 +01:00
|
|
|
$self->abort('Only hash reference are supported now in exportedVars');
|
2008-10-05 20:42:50 +02:00
|
|
|
}
|
|
|
|
PE_OK;
|
|
|
|
}
|
|
|
|
|
2009-06-04 11:13:03 +02:00
|
|
|
## @apmethod int setGroups()
|
|
|
|
# Load all groups in $groups.
|
|
|
|
# @return Lemonldap::NG::Portal constant
|
|
|
|
sub setGroups {
|
|
|
|
my ($self) = @_;
|
2009-06-04 17:33:53 +02:00
|
|
|
my $groups = $self->{sessionInfo}->{groups};
|
|
|
|
|
|
|
|
$self->{ldapGroupObjectClass} ||= "groupOfNames";
|
|
|
|
$self->{ldapGroupAttributeName} ||= "member";
|
|
|
|
$self->{ldapGroupAttributeNameUser} ||= "dn";
|
|
|
|
$self->{ldapGroupAttributeNameSearch} ||= ["cn"];
|
|
|
|
|
|
|
|
if ( $self->{ldapGroupBase} && $self->{sessionInfo}->{$self->{ldapGroupAttributeNameUser}} )
|
|
|
|
{
|
|
|
|
my $searchFilter = "(&(objectClass=" . $self->{ldapGroupObjectClass} . ")(|";
|
|
|
|
foreach ( split( /[,;]/, $self->{sessionInfo}->{$self->{ldapGroupAttributeNameUser}} ) )
|
|
|
|
{
|
|
|
|
$searchFilter .= "(" . $self->{ldapGroupAttributeName} . "=" . $_ . ")";
|
|
|
|
}
|
|
|
|
$searchFilter .= "))";
|
|
|
|
my $mesg = $self->{ldap}->search(
|
|
|
|
base => $self->{ldapGroupBase},
|
|
|
|
filter => $searchFilter,
|
|
|
|
attrs => $self->{ldapGroupAttributeNameSearch},
|
|
|
|
);
|
|
|
|
if ( $mesg->code() == 0 )
|
|
|
|
{
|
|
|
|
foreach my $entry ( $mesg->all_entries )
|
|
|
|
{
|
|
|
|
my $nbAttrs = @{$self->{ldapGroupAttributeNameSearch}};
|
|
|
|
for (my $i = 0; $i < $nbAttrs; $i++)
|
|
|
|
{
|
|
|
|
my @data = $entry->get_value($self->{ldapGroupAttributeNameSearch}[$i]);
|
|
|
|
if (@data)
|
|
|
|
{
|
|
|
|
$groups .= $data[0];
|
|
|
|
$groups .= "|"
|
|
|
|
if ($i+1 < $nbAttrs && $entry->get_value($self->{ldapGroupAttributeNameSearch}[$i+1]));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
$groups .= "; ";
|
2009-06-04 11:13:03 +02:00
|
|
|
}
|
2009-06-04 17:33:53 +02:00
|
|
|
$groups =~ s/; $//g;
|
2009-06-04 11:13:03 +02:00
|
|
|
}
|
|
|
|
}
|
2009-06-04 17:33:53 +02:00
|
|
|
|
2009-06-04 11:13:03 +02:00
|
|
|
$self->{sessionInfo}->{groups} = $groups;
|
|
|
|
PE_OK;
|
|
|
|
}
|
|
|
|
|
2008-10-05 20:42:50 +02:00
|
|
|
1;
|
|
|
|
|