2016-05-05 22:26:41 +02:00
|
|
|
package Lemonldap::NG::Portal::Lib::LDAP;
|
2016-04-20 07:09:23 +02:00
|
|
|
|
|
|
|
use strict;
|
2017-01-15 14:18:01 +01:00
|
|
|
use Mouse;
|
|
|
|
use Lemonldap::NG::Portal::Lib::Net::LDAP;
|
2016-04-20 07:09:23 +02:00
|
|
|
|
2017-01-15 14:18:01 +01:00
|
|
|
extends 'Lemonldap::NG::Common::Module';
|
2016-04-20 07:09:23 +02:00
|
|
|
|
2017-01-15 14:18:01 +01:00
|
|
|
our $VERSION = '2.0.0';
|
2016-04-20 07:09:23 +02:00
|
|
|
|
2017-01-15 14:18:01 +01:00
|
|
|
# PROPERTIES
|
2016-04-20 07:09:23 +02:00
|
|
|
|
2017-01-15 14:18:01 +01:00
|
|
|
has ldap => (
|
|
|
|
is => 'rw',
|
|
|
|
lazy => 1,
|
|
|
|
builder => 'newLdap',
|
|
|
|
);
|
2016-04-20 07:09:23 +02:00
|
|
|
|
2017-01-15 14:18:01 +01:00
|
|
|
sub newLdap {
|
|
|
|
my $self = $_[0];
|
|
|
|
my $ldap;
|
2016-04-20 07:09:23 +02:00
|
|
|
|
2017-01-15 14:18:01 +01:00
|
|
|
# Build object and test LDAP connexion
|
|
|
|
if (
|
|
|
|
$ldap = Lemonldap::NG::Portal::Lib::Net::LDAP->new(
|
|
|
|
{ p => $self->{p}, conf => $self->{conf} }
|
|
|
|
)
|
|
|
|
and my $msg = $ldap->bind
|
|
|
|
)
|
2016-04-20 07:09:23 +02:00
|
|
|
{
|
2017-01-15 14:18:01 +01:00
|
|
|
if ( $msg->code != 0 ) {
|
2017-02-15 07:41:50 +01:00
|
|
|
$self->logger->error( "LDAP error: " . $msg->error );
|
2016-04-20 07:09:23 +02:00
|
|
|
}
|
|
|
|
else {
|
2017-01-15 14:18:01 +01:00
|
|
|
if ( $self->{conf}->{ldapPpolicyControl} and not $ldap->loadPP() ) {
|
2017-02-15 07:41:50 +01:00
|
|
|
$self->logger->error("LDAP password policy error");
|
2016-04-20 07:09:23 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else {
|
2017-02-15 07:41:50 +01:00
|
|
|
$self->logger->error("LDAP error: $@");
|
2016-04-20 07:09:23 +02:00
|
|
|
}
|
2017-01-15 14:18:01 +01:00
|
|
|
return $ldap;
|
2016-04-20 07:09:23 +02:00
|
|
|
}
|
|
|
|
|
2017-01-15 14:18:01 +01:00
|
|
|
has filter => (
|
|
|
|
is => 'rw',
|
|
|
|
lazy => 1,
|
|
|
|
builder => 'buildFilter',
|
|
|
|
);
|
|
|
|
|
2018-01-22 21:57:48 +01:00
|
|
|
has mailFilter => (
|
|
|
|
is => 'rw',
|
|
|
|
lazy => 1,
|
|
|
|
builder => 'buildMailFilter',
|
|
|
|
);
|
|
|
|
|
2018-01-24 22:32:08 +01:00
|
|
|
sub buildFilter {
|
|
|
|
return $_[0]->_buildFilter( $_[0]->conf->{AuthLDAPFilter}
|
|
|
|
|| $_[0]->conf->{LDAPFilter}
|
|
|
|
|| '(&(uid=$user)(objectClass=inetOrgPerson))' );
|
|
|
|
}
|
|
|
|
|
2018-01-22 21:57:48 +01:00
|
|
|
sub buildMailFilter {
|
2018-01-24 22:32:08 +01:00
|
|
|
my $f = $_[0]->conf->{mailLDAPFilter}
|
|
|
|
|| '(&(mail=$user)(objectClass=inetOrgPerson))';
|
|
|
|
$f =~ s/\$mail\b/\$user/g;
|
|
|
|
return $_[0]->_buildFilter($f);
|
2018-01-22 21:57:48 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
sub _buildFilter {
|
2017-01-15 14:18:01 +01:00
|
|
|
my $conf = $_[0]->{conf};
|
2017-02-15 07:41:50 +01:00
|
|
|
$_[0]->{p}->logger->debug("LDAP Search base: $_[0]->{conf}->{ldapBase}");
|
2018-01-24 22:32:08 +01:00
|
|
|
my $filter = $_[1];
|
2017-01-15 14:18:01 +01:00
|
|
|
$filter =~ s/"/\\"/g;
|
|
|
|
$filter =~ s/\$(\w+)/".\$req->{sessionInfo}->{$1}."/g;
|
|
|
|
$filter =~ s/\$req->\{sessionInfo\}->\{user\}/\$req->{user}/g;
|
|
|
|
$filter =~
|
|
|
|
s/\$req->\{sessionInfo\}->\{(_?password|mail)\}/\$req->{datas}->{$1}/g;
|
2017-02-15 07:41:50 +01:00
|
|
|
$_[0]->{p}->logger->debug("LDAP transformed filter: $filter");
|
2017-01-15 14:18:01 +01:00
|
|
|
$filter = "sub{my(\$req)=\$_[0];return \"$filter\";}";
|
|
|
|
return eval $filter;
|
2016-04-20 07:09:23 +02:00
|
|
|
}
|
|
|
|
|
2017-01-15 14:18:01 +01:00
|
|
|
# INITIALIZATION
|
2016-04-20 07:09:23 +02:00
|
|
|
|
2017-01-15 14:18:01 +01:00
|
|
|
sub init {
|
|
|
|
my ($self) = @_;
|
|
|
|
$self->ldap and $self->filter;
|
|
|
|
}
|
2017-02-15 07:41:50 +01:00
|
|
|
|
2017-01-15 14:18:01 +01:00
|
|
|
# RUNNING METHODS
|
2016-04-20 07:09:23 +02:00
|
|
|
|
2017-01-15 14:18:01 +01:00
|
|
|
# Test LDAP connection before trying to bind
|
|
|
|
sub bind {
|
|
|
|
my $self = shift;
|
|
|
|
unless ($self->ldap
|
|
|
|
and $self->ldap->root_dse( attrs => ['supportedLDAPVersion'] ) )
|
|
|
|
{
|
2018-03-13 14:43:12 +01:00
|
|
|
$self->ldap->DESTROY if ( $self->ldap );
|
2017-01-15 14:18:01 +01:00
|
|
|
$self->ldap( $self->newLdap );
|
|
|
|
}
|
2017-02-15 07:41:50 +01:00
|
|
|
return undef unless ( $self->ldap );
|
2017-01-15 14:18:01 +01:00
|
|
|
my $msg = $self->ldap->bind(@_);
|
|
|
|
if ( $msg->code ) {
|
2017-02-15 07:41:50 +01:00
|
|
|
$self->logger->error( $msg->error );
|
2017-01-15 14:18:01 +01:00
|
|
|
return undef;
|
|
|
|
}
|
|
|
|
return 1;
|
2016-04-20 07:09:23 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
1;
|