lemonldap-ng/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDBLDAP.pm

##@file
# LDAP user database backend file

##@class
# LDAP user database backend class
package Lemonldap::NG::Portal::UserDBLDAP;

use Lemonldap::NG::Portal::Simple;
use Lemonldap::NG::Portal::_LDAP 'ldap';    #link protected ldap

our $VERSION = '0.2';

## @method int userDBInit()
# Does nothing.
# @return Lemonldap::NG::Portal constant
sub userDBInit {
    PE_OK;
}

## @apmethod int getUser()
# 7) Launch formateFilter() and search()
# @return Lemonldap::NG::Portal constant
sub getUser {
    my $self = shift;
    return $self->_subProcess(qw(formateFilter search));
}

## @apmethod protected int formateFilter()
# Set the LDAP filter.
# By default, the user is searched in the LDAP server with its UID.
# @return Lemonldap::NG::Portal constant
sub formateFilter {
    my $self = shift;
    $self->{LDAPFilter} = $self->{mail} ?
         $self->{mailLDAPFilter} : 
         $self->{AuthLDAPFilter}
      || $self->{LDAPFilter};
    $self->lmLog( "LDAP submitted filter: ".$self->{LDAPFilter}, 'debug' );
    $self->{LDAPFilter} ||= '(&(uid=$user)(objectClass=inetOrgPerson))';
    $self->{LDAPFilter} =~ s/\$(user|_?password|mail)/$self->{$1}/g;
    $self->{LDAPFilter} =~ s/\$(\w+)/$self->{sessionInfo}->{$1}/g;
    $self->lmLog( "LDAP transformed filter: ".$self->{LDAPFilter}, 'debug' );
    PE_OK;
}

## @apmethod protected int search()
# Search the LDAP DN of the user.
# @return Lemonldap::NG::Portal constant
sub search {
    my $self = shift;
    unless ( $self->ldap ) {
        return PE_LDAPCONNECTFAILED;
    }
    my $mesg = $self->ldap->search(
        base   => $self->{ldapBase},
        scope  => 'sub',
        filter => $self->{LDAPFilter},
    );
    $self->lmLog( "LDAP Search with base: ".$self->{ldapBase}." and filter: ".$self->{LDAPFilter}, 'debug' );
    if ( $mesg->code() != 0 ) {
        $self->lmLog( "LDAP Search error: ".$mesg->error, 'error' );
        return PE_LDAPERROR;
    }
    unless ( $self->{entry} = $mesg->entry(0) ) {
        $user = $self->{mail} || $self->{user};
        $self->_sub('userError',"$user was not found in LDAP directory");
        return PE_BADCREDENTIALS;
    }
    $self->{dn} = $self->{entry}->dn();
    PE_OK;
}

## @apmethod int setSessionInfo()
# 7) Load all parameters included in exportedVars parameter.
# Multi-value parameters are loaded in a single string with
# '; ' separator
# @return Lemonldap::NG::Portal constant
sub setSessionInfo {
    my ($self) = @_;
    $self->{sessionInfo}->{dn} = $self->{dn};
    unless ( $self->{exportedVars} ) {
        foreach (qw(uid cn mail)) {
            $self->{sessionInfo}->{$_} =
              join( '; ', $self->{entry}->get_value($_) ) || "";
        }
    }
    elsif ( ref( $self->{exportedVars} ) eq 'HASH' ) {
        foreach ( keys %{ $self->{exportedVars} } ) {
            if ( my $tmp = $ENV{$_} ) {
                $tmp =~ s/[\r\n]/ /gs;
                $self->{sessionInfo}->{$_} = $tmp;
            }
            else {
                $self->{sessionInfo}->{$_} = join( '; ',
                    $self->{entry}->get_value( $self->{exportedVars}->{$_} ) )
                  || "";
            }
        }
    }
    else {
        $self->abort('Only hash reference are supported now in exportedVars');
    }
    PE_OK;
}

## @apmethod int setGroups()
# Load all groups in $groups.
# @return Lemonldap::NG::Portal constant
sub setGroups {
    my ($self) = @_;
    my $groups = $self->{sessionInfo}->{groups};

    $self->{ldapGroupObjectClass}           ||= "groupOfNames";
    $self->{ldapGroupAttributeName}         ||= "member";
    $self->{ldapGroupAttributeNameUser}     ||= "dn";
    $self->{ldapGroupAttributeNameSearch}   ||= ["cn"];

    if ( $self->{ldapGroupBase} && $self->{sessionInfo}->{$self->{ldapGroupAttributeNameUser}} )
    {
        my $searchFilter = "(&(objectClass=" . $self->{ldapGroupObjectClass} . ")(|";
        foreach ( split( /[,;]/, $self->{sessionInfo}->{$self->{ldapGroupAttributeNameUser}} ) )
        {
            $searchFilter .= "(" . $self->{ldapGroupAttributeName} . "=" . $_ . ")";
        }
        $searchFilter .= "))";
        my $mesg = $self->{ldap}->search(
                base => $self->{ldapGroupBase},
                filter => $searchFilter,
                attrs => $self->{ldapGroupAttributeNameSearch},
            );
        if ( $mesg->code() == 0 )
        {
            foreach my $entry ( $mesg->all_entries )
            {
                my $nbAttrs = @{$self->{ldapGroupAttributeNameSearch}};
                for (my $i = 0; $i < $nbAttrs; $i++)
                {
                    my @data = $entry->get_value($self->{ldapGroupAttributeNameSearch}[$i]);
                    if (@data)
                    {
                        $groups .= $data[0];
                        $groups .= "|"
                            if ($i+1 < $nbAttrs && $entry->get_value($self->{ldapGroupAttributeNameSearch}[$i+1]));
                    }
                }
                $groups .= "; ";
            }
            $groups =~ s/; $//g;
        }
    }

    $self->{sessionInfo}->{groups} = $groups;
    PE_OK;
}

1;
LEMONLDAP::NG : Doxygen in progress 2008-12-26 20:18:23 +01:00			`##@file`
			`# LDAP user database backend file`

			`##@class`
			`# LDAP user database backend class`
LEMONLDAP::NG : LDAP User database module 2008-10-05 20:42:50 +02:00			`package Lemonldap::NG::Portal::UserDBLDAP;`

			`use Lemonldap::NG::Portal::Simple;`
User actions are now registered with 3 functions : * log : normal access to the portal * userNotice : authentications, logout,... * userError : bad password,... A new parameter 'syslog => "auth"' can be set to log userNotice and userError via syslog 2009-02-15 09:53:44 +01:00			`use Lemonldap::NG::Portal::_LDAP 'ldap'; #link protected ldap`
LEMONLDAP::NG : LDAP User database module 2008-10-05 20:42:50 +02:00
adding extended groups functionality 2009-06-04 17:33:53 +02:00			`our $VERSION = '0.2';`
LEMONLDAP::NG : LDAP User database module 2008-10-05 20:42:50 +02:00
LEMONLDAP::NG : Doxygen in progress. 2008-12-28 09:36:52 +01:00			`## @method int userDBInit()`
LEMONLDAP::NG : Doxygen in progress 2008-12-26 20:18:23 +01:00			`# Does nothing.`
LEMONLDAP::NG : Doxygen in progress. 2008-12-28 09:36:52 +01:00			`# @return Lemonldap::NG::Portal constant`
LEMONLDAP::NG : LDAP User database module 2008-10-05 20:42:50 +02:00			`sub userDBInit {`
LEMONLDAP::NG : UserDB system updated + general perltidy 2008-10-07 22:15:48 +02:00			`PE_OK;`
LEMONLDAP::NG : LDAP User database module 2008-10-05 20:42:50 +02:00			`}`

Doxygen filter modification to show authentication process methods 2009-02-17 15:56:38 +01:00			`## @apmethod int getUser()`
LEMONLDAP::NG : Doxygen in progress 2008-12-26 20:18:23 +01:00			`# 7) Launch formateFilter() and search()`
LEMONLDAP::NG : Doxygen in progress. 2008-12-28 09:36:52 +01:00			`# @return Lemonldap::NG::Portal constant`
LEMONLDAP::NG : LDAP User database module 2008-10-05 20:42:50 +02:00			`sub getUser {`
			`my $self = shift;`
			`return $self->_subProcess(qw(formateFilter search));`
			`}`

Doxygen filter modification to show authentication process methods 2009-02-17 15:56:38 +01:00			`## @apmethod protected int formateFilter()`
LEMONLDAP::NG : Doxygen in progress 2008-12-26 20:18:23 +01:00			`# Set the LDAP filter.`
			`# By default, the user is searched in the LDAP server with its UID.`
LEMONLDAP::NG : Doxygen in progress. 2008-12-28 09:36:52 +01:00			`# @return Lemonldap::NG::Portal constant`
LEMONLDAP::NG : LDAP User database module 2008-10-05 20:42:50 +02:00			`sub formateFilter {`
			`my $self = shift;`
LEMONLDAP::NG : Reset password by mail (new functionnality) 2009-05-28 18:31:39 +02:00			`$self->{LDAPFilter} = $self->{mail} ?`
			`$self->{mailLDAPFilter} :`
Safelib + LDAPFilter parameter 2009-04-05 10:12:16 +02:00			`$self->{AuthLDAPFilter}`
			`\|\| $self->{LDAPFilter};`
LEMONLDAP::NG : Reset password by mail (new functionnality) 2009-05-28 18:31:39 +02:00			`$self->lmLog( "LDAP submitted filter: ".$self->{LDAPFilter}, 'debug' );`
Safelib + LDAPFilter parameter 2009-04-05 10:12:16 +02:00			`$self->{LDAPFilter} \|\|= '(&(uid=$user)(objectClass=inetOrgPerson))';`
LEMONLDAP::NG : Reset password by mail (new functionnality) 2009-05-28 18:31:39 +02:00			`$self->{LDAPFilter} =~ s/\$(user\|_?password\|mail)/$self->{$1}/g;`
Safelib + LDAPFilter parameter 2009-04-05 10:12:16 +02:00			`$self->{LDAPFilter} =~ s/\$(\w+)/$self->{sessionInfo}->{$1}/g;`
LEMONLDAP::NG : Reset password by mail (new functionnality) 2009-05-28 18:31:39 +02:00			`$self->lmLog( "LDAP transformed filter: ".$self->{LDAPFilter}, 'debug' );`
LEMONLDAP::NG : LDAP User database module 2008-10-05 20:42:50 +02:00			`PE_OK;`
			`}`

Doxygen filter modification to show authentication process methods 2009-02-17 15:56:38 +01:00			`## @apmethod protected int search()`
LEMONLDAP::NG : Doxygen in progress 2008-12-26 20:18:23 +01:00			`# Search the LDAP DN of the user.`
LEMONLDAP::NG : Doxygen in progress. 2008-12-28 09:36:52 +01:00			`# @return Lemonldap::NG::Portal constant`
LEMONLDAP::NG : LDAP User database module 2008-10-05 20:42:50 +02:00			`sub search {`
			`my $self = shift;`
LEMONLDAP::NG : UserDB system updated + general perltidy 2008-10-07 22:15:48 +02:00			`unless ( $self->ldap ) {`
			`return PE_LDAPCONNECTFAILED;`
			`}`
LEMONLDAP::NG : LDAP User database module 2008-10-05 20:42:50 +02:00			`my $mesg = $self->ldap->search(`
			`base => $self->{ldapBase},`
			`scope => 'sub',`
Safelib + LDAPFilter parameter 2009-04-05 10:12:16 +02:00			`filter => $self->{LDAPFilter},`
LEMONLDAP::NG : LDAP User database module 2008-10-05 20:42:50 +02:00			`);`
LEMONLDAP::NG : Reset password by mail (new functionnality) 2009-05-28 18:31:39 +02:00			`$self->lmLog( "LDAP Search with base: ".$self->{ldapBase}." and filter: ".$self->{LDAPFilter}, 'debug' );`
LEMONLDAP::NG : LDAP User database module 2008-10-05 20:42:50 +02:00			`if ( $mesg->code() != 0 ) {`
LEMONLDAP::NG : Reset password by mail (new functionnality) 2009-05-28 18:31:39 +02:00			`$self->lmLog( "LDAP Search error: ".$mesg->error, 'error' );`
LEMONLDAP::NG : LDAP User database module 2008-10-05 20:42:50 +02:00			`return PE_LDAPERROR;`
			`}`
User actions are now registered with 3 functions : * log : normal access to the portal * userNotice : authentications, logout,... * userError : bad password,... A new parameter 'syslog => "auth"' can be set to log userNotice and userError via syslog 2009-02-15 09:53:44 +01:00			`unless ( $self->{entry} = $mesg->entry(0) ) {`
Use PasswordDBLDAP in Menu 2009-06-02 17:34:13 +02:00			`$user = $self->{mail} \|\| $self->{user};`
			`$self->_sub('userError',"$user was not found in LDAP directory");`
User actions are now registered with 3 functions : * log : normal access to the portal * userNotice : authentications, logout,... * userError : bad password,... A new parameter 'syslog => "auth"' can be set to log userNotice and userError via syslog 2009-02-15 09:53:44 +01:00			`return PE_BADCREDENTIALS;`
			`}`
LEMONLDAP::NG : LDAP User database module 2008-10-05 20:42:50 +02:00			`$self->{dn} = $self->{entry}->dn();`
			`PE_OK;`
			`}`

Doxygen filter modification to show authentication process methods 2009-02-17 15:56:38 +01:00			`## @apmethod int setSessionInfo()`
LEMONLDAP::NG : Doxygen in progress 2008-12-26 20:18:23 +01:00			`# 7) Load all parameters included in exportedVars parameter.`
			`# Multi-value parameters are loaded in a single string with`
			`# '; ' separator`
LEMONLDAP::NG : Doxygen in progress. 2008-12-28 09:36:52 +01:00			`# @return Lemonldap::NG::Portal constant`
LEMONLDAP::NG : LDAP User database module 2008-10-05 20:42:50 +02:00			`sub setSessionInfo {`
			`my ($self) = @_;`
			`$self->{sessionInfo}->{dn} = $self->{dn};`
			`unless ( $self->{exportedVars} ) {`
			`foreach (qw(uid cn mail)) {`
			`$self->{sessionInfo}->{$_} =`
			`join( '; ', $self->{entry}->get_value($_) ) \|\| "";`
			`}`
			`}`
			`elsif ( ref( $self->{exportedVars} ) eq 'HASH' ) {`
			`foreach ( keys %{ $self->{exportedVars} } ) {`
			`if ( my $tmp = $ENV{$_} ) {`
			`$tmp =~ s/[\r\n]/ /gs;`
			`$self->{sessionInfo}->{$_} = $tmp;`
			`}`
			`else {`
			`$self->{sessionInfo}->{$_} = join( '; ',`
			`$self->{entry}->get_value( $self->{exportedVars}->{$_} ) )`
			`\|\| "";`
			`}`
			`}`
			`}`
			`else {`
LEMONLDAP::NG : die replaced by $self->abort in CGIs 2008-11-21 08:27:08 +01:00			`$self->abort('Only hash reference are supported now in exportedVars');`
LEMONLDAP::NG : LDAP User database module 2008-10-05 20:42:50 +02:00			`}`
			`PE_OK;`
			`}`

Move setGroups in UserDB 2009-06-04 11:13:03 +02:00			`## @apmethod int setGroups()`
			`# Load all groups in $groups.`
			`# @return Lemonldap::NG::Portal constant`
			`sub setGroups {`
			`my ($self) = @_;`
adding extended groups functionality 2009-06-04 17:33:53 +02:00			`my $groups = $self->{sessionInfo}->{groups};`

			`$self->{ldapGroupObjectClass} \|\|= "groupOfNames";`
			`$self->{ldapGroupAttributeName} \|\|= "member";`
			`$self->{ldapGroupAttributeNameUser} \|\|= "dn";`
			`$self->{ldapGroupAttributeNameSearch} \|\|= ["cn"];`

			`if ( $self->{ldapGroupBase} && $self->{sessionInfo}->{$self->{ldapGroupAttributeNameUser}} )`
			`{`
			`my $searchFilter = "(&(objectClass=" . $self->{ldapGroupObjectClass} . ")(\|";`
			`foreach ( split( /[,;]/, $self->{sessionInfo}->{$self->{ldapGroupAttributeNameUser}} ) )`
			`{`
			`$searchFilter .= "(" . $self->{ldapGroupAttributeName} . "=" . $_ . ")";`
			`}`
			`$searchFilter .= "))";`
			`my $mesg = $self->{ldap}->search(`
			`base => $self->{ldapGroupBase},`
			`filter => $searchFilter,`
			`attrs => $self->{ldapGroupAttributeNameSearch},`
			`);`
			`if ( $mesg->code() == 0 )`
			`{`
			`foreach my $entry ( $mesg->all_entries )`
			`{`
			`my $nbAttrs = @{$self->{ldapGroupAttributeNameSearch}};`
			`for (my $i = 0; $i < $nbAttrs; $i++)`
			`{`
			`my @data = $entry->get_value($self->{ldapGroupAttributeNameSearch}[$i]);`
			`if (@data)`
			`{`
			`$groups .= $data[0];`
			`$groups .= "\|"`
			`if ($i+1 < $nbAttrs && $entry->get_value($self->{ldapGroupAttributeNameSearch}[$i+1]));`
			`}`
			`}`
			`$groups .= "; ";`
Move setGroups in UserDB 2009-06-04 11:13:03 +02:00			`}`
adding extended groups functionality 2009-06-04 17:33:53 +02:00			`$groups =~ s/; $//g;`
Move setGroups in UserDB 2009-06-04 11:13:03 +02:00			`}`
			`}`
adding extended groups functionality 2009-06-04 17:33:53 +02:00
Move setGroups in UserDB 2009-06-04 11:13:03 +02:00			`$self->{sessionInfo}->{groups} = $groups;`
			`PE_OK;`
			`}`

LEMONLDAP::NG : LDAP User database module 2008-10-05 20:42:50 +02:00			`1;`