lemonldap-ng/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_LDAP.pm

##@file
# LDAP common functions

##@class
# LDAP common functions
package Lemonldap::NG::Portal::_LDAP;

require Net::LDAP;
use Exporter;
use base qw(Exporter Net::LDAP);
use strict;

our @EXPORT = qw(ldap);

our $VERSION = '0.11';

## @cmethod Lemonldap::NG::Portal::_LDAP new(Lemonldap::NG::Portal::Simple portal)
# Build a Net::LDAP object using parameters issued from $portal
# @return Lemonldap::NG::Portal::_LDAP object
sub new {
    my $class  = shift;
    my $portal = shift;
    my $self;
    unless ($portal) {
        $class->abort("$class : portal argument required !");
    }
    my $useTls = 0;
    my $tlsParam;
    my @servers = ();
    foreach my $server ( split /[\s,]+/, $portal->{ldapServer} ) {
        if ( $server =~ m{^ldap\+tls://([^/]+)/?\??(.*)$} ) {
            $useTls   = 1;
            $server   = $1;
            $tlsParam = $2 || "";
        }
        else {
            $useTls = 0;
        }
        push @servers, $server;
    }
    $self = Net::LDAP->new(
        \@servers,
            onerror => undef,
        ( $portal->{ldapPort} ? ( port => $portal->{ldapPort} ) : () ),
          );
    unless ($self) {
        $portal->lmLog( $@, 'error' );
        return 0;
    }
    bless $self, $class;
    if ($useTls) {
        my %h = split( /[&=]/, $tlsParam );
        $h{cafile} = $portal->{caFile} if ( $portal->{caFile} );
        $h{capath} = $portal->{caPath} if ( $portal->{caPath} );
        my $mesg = $self->start_tls(%h);
        if ( $mesg->code ) {
            $portal->lmLog( 'StartTLS failed', 'error' );
            return 0;
        }
    }
    $self->{portal} = $portal;
    return $self;
}

## @method Net::LDAP::Message bind(string dn, %args)
# Reimplementation of Net::LDAP::bind(). Connection is done :
# - with $dn and $args->{password} as dn/password if defined,
# - or with Lemonldap::NG account,
# - or with an anonymous bind.
# @param $dn LDAP distinguish name
# @param %args See Net::LDAP(3) manpage for more
# @return Net::LDAP::Message
sub bind {
    my $self = shift;
    my $mesg;
    my ( $dn, %args ) = @_;
    unless ($dn) {
        $dn = $self->{portal}->{managerDn};
        $args{password} = $self->{portal}->{managerPassword};
    }
    if ( $dn && $args{password} ) {
        $mesg = $self->SUPER::bind( $dn, %args );
    }
    else {
        $mesg = $self->SUPER::bind();
    }
    return $mesg;
}

## @method protected Lemonldap::NG::Portal::_LDAP ldap()
# @return Lemonldap::NG::Portal::_LDAP object
sub ldap {
    my $self = shift;
    return $self->{ldap} if ( ref( $self->{ldap} ) );
    if ( $self->{ldap} = Lemonldap::NG::Portal::_LDAP->new($self)
        and my $mesg = $self->{ldap}->bind )
    {
        return $self->{ldap} if ( $mesg->code == 0 );
        $self->lmLog( "LDAP error : " . $mesg->error, 'error' );
    }
    else {
        $self->lmLog( "LDAP error : $@", 'error' );
    }
    return 0;
}

1;
LEMONLDAP::NG Doxygen in progress 2008-12-31 16:10:02 +01:00			`##@file`
			`# LDAP common functions`

			`##@class`
			`# LDAP common functions`
LEMONLDAP::NG : LDAP User database module 2008-10-05 20:42:50 +02:00			`package Lemonldap::NG::Portal::_LDAP;`

User actions are now registered with 3 functions : * log : normal access to the portal * userNotice : authentications, logout,... * userError : bad password,... A new parameter 'syslog => "auth"' can be set to log userNotice and userError via syslog 2009-02-15 09:53:44 +01:00			`require Net::LDAP;`
			`use Exporter;`
			`use base qw(Exporter Net::LDAP);`
			`use strict;`

			`our @EXPORT = qw(ldap);`
LEMONLDAP::NG : LDAP User database module 2008-10-05 20:42:50 +02:00
Versions update 2009-02-10 18:28:27 +01:00			`our $VERSION = '0.11';`
LEMONLDAP::NG : LDAP User database module 2008-10-05 20:42:50 +02:00
LEMONLDAP::NG Doxygen in progress 2008-12-31 16:10:02 +01:00			`## @cmethod Lemonldap::NG::Portal::_LDAP new(Lemonldap::NG::Portal::Simple portal)`
			`# Build a Net::LDAP object using parameters issued from $portal`
			`# @return Lemonldap::NG::Portal::_LDAP object`
LEMONLDAP::NG : LDAP User database module 2008-10-05 20:42:50 +02:00			`sub new {`
LEMONLDAP::NG : UserDB system updated + general perltidy 2008-10-07 22:15:48 +02:00			`my $class = shift;`
LEMONLDAP::NG : LDAP User database module 2008-10-05 20:42:50 +02:00			`my $portal = shift;`
LEMONLDAP::NG : UserDB system updated + general perltidy 2008-10-07 22:15:48 +02:00			`my $self;`
			`unless ($portal) {`
LEMONLDAP::NG : die replaced by $self->abort in CGIs 2008-11-21 08:27:08 +01:00			`$class->abort("$class : portal argument required !");`
LEMONLDAP::NG : LDAP User database module 2008-10-05 20:42:50 +02:00			`}`
			`my $useTls = 0;`
			`my $tlsParam;`
Use Net::LDAP high availability system %ENV was not shared 2009-03-08 18:37:31 +01:00			`my @servers = ();`
LEMONLDAP::NG : UserDB system updated + general perltidy 2008-10-07 22:15:48 +02:00			`foreach my $server ( split /[\s,]+/, $portal->{ldapServer} ) {`
LEMONLDAP::NG : LDAP User database module 2008-10-05 20:42:50 +02:00			`if ( $server =~ m{^ldap\+tls://([^/]+)/?\??(.*)$} ) {`
			`$useTls = 1;`
			`$server = $1;`
			`$tlsParam = $2 \|\| "";`
			`}`
			`else {`
			`$useTls = 0;`
			`}`
Use Net::LDAP high availability system %ENV was not shared 2009-03-08 18:37:31 +01:00			`push @servers, $server;`
			`}`
			`$self = Net::LDAP->new(`
			`\@servers,`
LEMONLDAP::NG : LDAP User database module 2008-10-05 20:42:50 +02:00			`onerror => undef,`
Use Net::LDAP high availability system %ENV was not shared 2009-03-08 18:37:31 +01:00			`( $portal->{ldapPort} ? ( port => $portal->{ldapPort} ) : () ),`
LEMONLDAP::NG : LDAP User database module 2008-10-05 20:42:50 +02:00			`);`
LEMONLDAP::NG : UserDB system updated + general perltidy 2008-10-07 22:15:48 +02:00			`unless ($self) {`
log & debug method lmLog() for CGIs 2009-02-12 20:48:53 +01:00			`$portal->lmLog( $@, 'error' );`
LEMONLDAP::NG : UserDB system updated + general perltidy 2008-10-07 22:15:48 +02:00			`return 0;`
			`}`
LEMONLDAP::NG : _LDAP inherits now from Net::LDAP 2008-10-08 10:45:15 +02:00			`bless $self, $class;`
LEMONLDAP::NG : LDAP User database module 2008-10-05 20:42:50 +02:00			`if ($useTls) {`
			`my %h = split( /[&=]/, $tlsParam );`
LEMONLDAP::NG : UserDB system updated + general perltidy 2008-10-07 22:15:48 +02:00			`$h{cafile} = $portal->{caFile} if ( $portal->{caFile} );`
			`$h{capath} = $portal->{caPath} if ( $portal->{caPath} );`
LEMONLDAP::NG : bug with ldap+tls (Closes: #312418) 2009-01-17 20:45:21 +01:00			`my $mesg = $self->start_tls(%h);`
LEMONLDAP::NG : UserDB system updated + general perltidy 2008-10-07 22:15:48 +02:00			`if ( $mesg->code ) {`
log & debug method lmLog() for CGIs 2009-02-12 20:48:53 +01:00			`$portal->lmLog( 'StartTLS failed', 'error' );`
LEMONLDAP::NG : UserDB system updated + general perltidy 2008-10-07 22:15:48 +02:00			`return 0;`
			`}`
LEMONLDAP::NG : LDAP User database module 2008-10-05 20:42:50 +02:00			`}`
LEMONLDAP::NG : UserDB system updated + general perltidy 2008-10-07 22:15:48 +02:00			`$self->{portal} = $portal;`
			`return $self;`
LEMONLDAP::NG : LDAP User database module 2008-10-05 20:42:50 +02:00			`}`

LEMONLDAP::NG Doxygen in progress 2008-12-31 16:10:02 +01:00			`## @method Net::LDAP::Message bind(string dn, %args)`
			`# Reimplementation of Net::LDAP::bind(). Connection is done :`
			`# - with $dn and $args->{password} as dn/password if defined,`
			`# - or with Lemonldap::NG account,`
			`# - or with an anonymous bind.`
			`# @param $dn LDAP distinguish name`
			`# @param %args See Net::LDAP(3) manpage for more`
			`# @return Net::LDAP::Message`
LEMONLDAP::NG : LDAP User database module 2008-10-05 20:42:50 +02:00			`sub bind {`
			`my $self = shift;`
LEMONLDAP::NG : UserDB system updated + general perltidy 2008-10-07 22:15:48 +02:00			`my $mesg;`
			`my ( $dn, %args ) = @_;`
log & debug method lmLog() for CGIs 2009-02-12 20:48:53 +01:00			`unless ($dn) {`
LEMONLDAP::NG Doxygen in progress 2008-12-31 16:10:02 +01:00			`$dn = $self->{portal}->{managerDn};`
			`$args{password} = $self->{portal}->{managerPassword};`
			`}`
LEMONLDAP::NG : correct bug on anonymous manager authentication and no ppolicy authentication 2008-11-05 22:26:37 +01:00			`if ( $dn && $args{password} ) {`
			`$mesg = $self->SUPER::bind( $dn, %args );`
LEMONLDAP::NG : * Handler/SharedConf.pm is more simple now since it use the new Conf.pm capabilities * CGIs now use abort() instead of die * debug system in COnf.pm (set "LogLevel debug" in Apache) 2008-11-21 18:51:52 +01:00			`}`
			`else {`
			`$mesg = $self->SUPER::bind();`
LEMONLDAP::NG : correct bug on anonymous manager authentication and no ppolicy authentication 2008-11-05 22:26:37 +01:00			`}`
			`return $mesg;`
LEMONLDAP::NG : LDAP User database module 2008-10-05 20:42:50 +02:00			`}`

User actions are now registered with 3 functions : * log : normal access to the portal * userNotice : authentications, logout,... * userError : bad password,... A new parameter 'syslog => "auth"' can be set to log userNotice and userError via syslog 2009-02-15 09:53:44 +01:00			`## @method protected Lemonldap::NG::Portal::_LDAP ldap()`
			`# @return Lemonldap::NG::Portal::_LDAP object`
			`sub ldap {`
			`my $self = shift;`
			`return $self->{ldap} if ( ref( $self->{ldap} ) );`
			`if ( $self->{ldap} = Lemonldap::NG::Portal::_LDAP->new($self)`
			`and my $mesg = $self->{ldap}->bind )`
			`{`
			`return $self->{ldap} if ( $mesg->code == 0 );`
			`$self->lmLog( "LDAP error : " . $mesg->error, 'error' );`
			`}`
			`else {`
			`$self->lmLog( "LDAP error : $@", 'error' );`
			`}`
			`return 0;`
			`}`

LEMONLDAP::NG : LDAP User database module 2008-10-05 20:42:50 +02:00			`1;`