2008-12-26 20:18:23 +01:00
|
|
|
##@file
|
|
|
|
# LDAP user database backend file
|
|
|
|
|
|
|
|
##@class
|
|
|
|
# LDAP user database backend class
|
2008-10-05 20:42:50 +02:00
|
|
|
package Lemonldap::NG::Portal::UserDBLDAP;
|
|
|
|
|
|
|
|
use Lemonldap::NG::Portal::Simple;
|
2009-02-15 09:53:44 +01:00
|
|
|
use Lemonldap::NG::Portal::_LDAP 'ldap'; #link protected ldap
|
2008-10-05 20:42:50 +02:00
|
|
|
|
2009-06-04 17:33:53 +02:00
|
|
|
our $VERSION = '0.2';
|
2008-10-05 20:42:50 +02:00
|
|
|
|
2008-12-28 09:36:52 +01:00
|
|
|
## @method int userDBInit()
|
2008-12-26 20:18:23 +01:00
|
|
|
# Does nothing.
|
2008-12-28 09:36:52 +01:00
|
|
|
# @return Lemonldap::NG::Portal constant
|
2008-10-05 20:42:50 +02:00
|
|
|
sub userDBInit {
|
2008-10-07 22:15:48 +02:00
|
|
|
PE_OK;
|
2008-10-05 20:42:50 +02:00
|
|
|
}
|
|
|
|
|
2009-02-17 15:56:38 +01:00
|
|
|
## @apmethod int getUser()
|
2008-12-26 20:18:23 +01:00
|
|
|
# 7) Launch formateFilter() and search()
|
2008-12-28 09:36:52 +01:00
|
|
|
# @return Lemonldap::NG::Portal constant
|
2008-10-05 20:42:50 +02:00
|
|
|
sub getUser {
|
|
|
|
my $self = shift;
|
|
|
|
return $self->_subProcess(qw(formateFilter search));
|
|
|
|
}
|
|
|
|
|
2009-02-17 15:56:38 +01:00
|
|
|
## @apmethod protected int formateFilter()
|
2008-12-26 20:18:23 +01:00
|
|
|
# Set the LDAP filter.
|
|
|
|
# By default, the user is searched in the LDAP server with its UID.
|
2008-12-28 09:36:52 +01:00
|
|
|
# @return Lemonldap::NG::Portal constant
|
2008-10-05 20:42:50 +02:00
|
|
|
sub formateFilter {
|
|
|
|
my $self = shift;
|
2009-06-14 18:43:02 +02:00
|
|
|
$self->{LDAPFilter} =
|
|
|
|
$self->{mail}
|
|
|
|
? $self->{mailLDAPFilter}
|
|
|
|
: $self->{AuthLDAPFilter}
|
2009-04-05 10:12:16 +02:00
|
|
|
|| $self->{LDAPFilter};
|
2009-06-14 18:43:02 +02:00
|
|
|
$self->lmLog( "LDAP submitted filter: " . $self->{LDAPFilter}, 'debug' )
|
|
|
|
if ( $self->{LDAPFilter} );
|
2009-04-05 10:12:16 +02:00
|
|
|
$self->{LDAPFilter} ||= '(&(uid=$user)(objectClass=inetOrgPerson))';
|
2009-05-28 18:31:39 +02:00
|
|
|
$self->{LDAPFilter} =~ s/\$(user|_?password|mail)/$self->{$1}/g;
|
2009-04-05 10:12:16 +02:00
|
|
|
$self->{LDAPFilter} =~ s/\$(\w+)/$self->{sessionInfo}->{$1}/g;
|
2009-06-14 18:43:02 +02:00
|
|
|
$self->lmLog( "LDAP transformed filter: " . $self->{LDAPFilter}, 'debug' );
|
2008-10-05 20:42:50 +02:00
|
|
|
PE_OK;
|
|
|
|
}
|
|
|
|
|
2009-02-17 15:56:38 +01:00
|
|
|
## @apmethod protected int search()
|
2008-12-26 20:18:23 +01:00
|
|
|
# Search the LDAP DN of the user.
|
2008-12-28 09:36:52 +01:00
|
|
|
# @return Lemonldap::NG::Portal constant
|
2008-10-05 20:42:50 +02:00
|
|
|
sub search {
|
|
|
|
my $self = shift;
|
2008-10-07 22:15:48 +02:00
|
|
|
unless ( $self->ldap ) {
|
|
|
|
return PE_LDAPCONNECTFAILED;
|
|
|
|
}
|
2008-10-05 20:42:50 +02:00
|
|
|
my $mesg = $self->ldap->search(
|
|
|
|
base => $self->{ldapBase},
|
|
|
|
scope => 'sub',
|
2009-04-05 10:12:16 +02:00
|
|
|
filter => $self->{LDAPFilter},
|
2008-10-05 20:42:50 +02:00
|
|
|
);
|
2009-06-14 18:43:02 +02:00
|
|
|
$self->lmLog(
|
|
|
|
"LDAP Search with base: "
|
|
|
|
. $self->{ldapBase}
|
|
|
|
. " and filter: "
|
|
|
|
. $self->{LDAPFilter},
|
|
|
|
'debug'
|
|
|
|
);
|
2008-10-05 20:42:50 +02:00
|
|
|
if ( $mesg->code() != 0 ) {
|
2009-06-14 18:43:02 +02:00
|
|
|
$self->lmLog( "LDAP Search error: " . $mesg->error, 'error' );
|
2008-10-05 20:42:50 +02:00
|
|
|
return PE_LDAPERROR;
|
|
|
|
}
|
2009-02-15 09:53:44 +01:00
|
|
|
unless ( $self->{entry} = $mesg->entry(0) ) {
|
2009-06-02 17:34:13 +02:00
|
|
|
$user = $self->{mail} || $self->{user};
|
2009-06-14 18:43:02 +02:00
|
|
|
$self->_sub( 'userError', "$user was not found in LDAP directory" );
|
2009-02-15 09:53:44 +01:00
|
|
|
return PE_BADCREDENTIALS;
|
|
|
|
}
|
2008-10-05 20:42:50 +02:00
|
|
|
$self->{dn} = $self->{entry}->dn();
|
|
|
|
PE_OK;
|
|
|
|
}
|
|
|
|
|
2009-02-17 15:56:38 +01:00
|
|
|
## @apmethod int setSessionInfo()
|
2008-12-26 20:18:23 +01:00
|
|
|
# 7) Load all parameters included in exportedVars parameter.
|
|
|
|
# Multi-value parameters are loaded in a single string with
|
|
|
|
# '; ' separator
|
2008-12-28 09:36:52 +01:00
|
|
|
# @return Lemonldap::NG::Portal constant
|
2008-10-05 20:42:50 +02:00
|
|
|
sub setSessionInfo {
|
|
|
|
my ($self) = @_;
|
|
|
|
$self->{sessionInfo}->{dn} = $self->{dn};
|
|
|
|
unless ( $self->{exportedVars} ) {
|
|
|
|
foreach (qw(uid cn mail)) {
|
|
|
|
$self->{sessionInfo}->{$_} =
|
|
|
|
join( '; ', $self->{entry}->get_value($_) ) || "";
|
|
|
|
}
|
|
|
|
}
|
|
|
|
elsif ( ref( $self->{exportedVars} ) eq 'HASH' ) {
|
|
|
|
foreach ( keys %{ $self->{exportedVars} } ) {
|
|
|
|
if ( my $tmp = $ENV{$_} ) {
|
|
|
|
$tmp =~ s/[\r\n]/ /gs;
|
|
|
|
$self->{sessionInfo}->{$_} = $tmp;
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
$self->{sessionInfo}->{$_} = join( '; ',
|
|
|
|
$self->{entry}->get_value( $self->{exportedVars}->{$_} ) )
|
|
|
|
|| "";
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else {
|
2008-11-21 08:27:08 +01:00
|
|
|
$self->abort('Only hash reference are supported now in exportedVars');
|
2008-10-05 20:42:50 +02:00
|
|
|
}
|
|
|
|
PE_OK;
|
|
|
|
}
|
|
|
|
|
2009-06-04 11:13:03 +02:00
|
|
|
## @apmethod int setGroups()
|
|
|
|
# Load all groups in $groups.
|
|
|
|
# @return Lemonldap::NG::Portal constant
|
|
|
|
sub setGroups {
|
|
|
|
my ($self) = @_;
|
2009-06-04 17:33:53 +02:00
|
|
|
my $groups = $self->{sessionInfo}->{groups};
|
|
|
|
|
2009-06-14 18:43:02 +02:00
|
|
|
$self->{ldapGroupObjectClass} ||= "groupOfNames";
|
|
|
|
$self->{ldapGroupAttributeName} ||= "member";
|
|
|
|
$self->{ldapGroupAttributeNameUser} ||= "dn";
|
|
|
|
$self->{ldapGroupAttributeNameSearch} ||= ["cn"];
|
2009-06-04 17:33:53 +02:00
|
|
|
|
2009-06-14 18:43:02 +02:00
|
|
|
if ( $self->{ldapGroupBase}
|
|
|
|
&& $self->{sessionInfo}->{ $self->{ldapGroupAttributeNameUser} } )
|
2009-06-04 17:33:53 +02:00
|
|
|
{
|
2009-06-14 18:43:02 +02:00
|
|
|
my $searchFilter =
|
|
|
|
"(&(objectClass=" . $self->{ldapGroupObjectClass} . ")(|";
|
|
|
|
foreach (
|
|
|
|
split(
|
2009-06-25 09:51:39 +02:00
|
|
|
/[;]/,
|
2009-06-14 18:43:02 +02:00
|
|
|
$self->{sessionInfo}->{ $self->{ldapGroupAttributeNameUser} }
|
|
|
|
)
|
|
|
|
)
|
2009-06-04 17:33:53 +02:00
|
|
|
{
|
2009-06-14 18:43:02 +02:00
|
|
|
$searchFilter .=
|
|
|
|
"(" . $self->{ldapGroupAttributeName} . "=" . $_ . ")";
|
2009-06-04 17:33:53 +02:00
|
|
|
}
|
|
|
|
$searchFilter .= "))";
|
|
|
|
my $mesg = $self->{ldap}->search(
|
2009-06-14 18:43:02 +02:00
|
|
|
base => $self->{ldapGroupBase},
|
|
|
|
filter => $searchFilter,
|
|
|
|
attrs => $self->{ldapGroupAttributeNameSearch},
|
|
|
|
);
|
|
|
|
if ( $mesg->code() == 0 ) {
|
|
|
|
foreach my $entry ( $mesg->all_entries ) {
|
|
|
|
my $nbAttrs = @{ $self->{ldapGroupAttributeNameSearch} };
|
|
|
|
for ( my $i = 0 ; $i < $nbAttrs ; $i++ ) {
|
|
|
|
my @data =
|
|
|
|
$entry->get_value(
|
|
|
|
$self->{ldapGroupAttributeNameSearch}[$i] );
|
|
|
|
if (@data) {
|
2009-06-04 17:33:53 +02:00
|
|
|
$groups .= $data[0];
|
|
|
|
$groups .= "|"
|
2009-06-14 18:43:02 +02:00
|
|
|
if (
|
|
|
|
$i + 1 < $nbAttrs
|
|
|
|
&& $entry->get_value(
|
|
|
|
$self->{ldapGroupAttributeNameSearch}[ $i + 1 ]
|
|
|
|
)
|
|
|
|
);
|
2009-06-04 17:33:53 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
$groups .= "; ";
|
2009-06-04 11:13:03 +02:00
|
|
|
}
|
2009-06-04 17:33:53 +02:00
|
|
|
$groups =~ s/; $//g;
|
2009-06-04 11:13:03 +02:00
|
|
|
}
|
|
|
|
}
|
2009-06-04 17:33:53 +02:00
|
|
|
|
2009-06-04 11:13:03 +02:00
|
|
|
$self->{sessionInfo}->{groups} = $groups;
|
|
|
|
PE_OK;
|
|
|
|
}
|
|
|
|
|
2008-10-05 20:42:50 +02:00
|
|
|
1;
|
|
|
|
|