From 8139248c1530516b5da5cbec54f0f8c6babe0ffb Mon Sep 17 00:00:00 2001
From: Xavier Guimard <xavier.guimard@laposte.net>
Date: Mon, 21 Jun 2010 14:47:27 +0000
Subject: [PATCH] Closes: #113 : Lemonldap::NG is not compatible with the use
 of a LDAP server using a different encoding than UTF-8 for storing passwords

---
 .../lib/Lemonldap/NG/Manager/_Struct.pm            |  8 +++++++-
 .../lib/Lemonldap/NG/Manager/_i18n.pm              |  4 +++-
 .../lib/Lemonldap/NG/Portal/_LDAP.pm               | 14 ++++++++++++++
 .../lib/Lemonldap/NG/Portal/_i18n.pm               |  2 +-
 4 files changed, 25 insertions(+), 3 deletions(-)

diff --git a/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm b/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm
index cb1900e94..92b69c69f 100644
--- a/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm
+++ b/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm
@@ -309,12 +309,13 @@ sub struct {
 
                     ldapPassword => {
                         _nodes => [
-                            qw(ldapPpolicyControl ldapSetPassword ldapChangePasswordAsUser)
+                            qw(ldapPpolicyControl ldapSetPassword ldapChangePasswordAsUser ldapPwdEnc)
                         ],
                         ldapPpolicyControl => 'bool:/ldapPpolicyControl',
                         ldapSetPassword    => 'bool:/ldapSetPassword',
                         ldapChangePasswordAsUser =>
                           'bool:/ldapChangePasswordAsUser',
+                        ldapPwdEnc => 'text:/ldapPwdEnc',
                     },
 
                 },
@@ -952,6 +953,10 @@ sub testStruct {
                 return 1;
             },
         },
+        ldapPwdEnc => {
+            test    => qr/^\w[\w\-]*\w$/,
+            msgFail => 'Bad encoding',
+        },
         ldapPpolicyControl           => $boolean,
         ldapSetPassword              => $boolean,
         ldapChangePasswordAsUser     => $boolean,
@@ -1261,6 +1266,7 @@ sub defaultConf {
         issuerDB        => 'Null',
         ldapBase        => 'dc=example,dc=com',
         ldapPort        => '389',
+        ldapPwdEnc      => 'utf-8',
         ldapServer      => 'localhost',
         locationRules   => { 'test.example.com' => { default => 'accept' }, },
         managerDn       => '',
diff --git a/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm b/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm
index 1c4bce912..9b9d8f322 100644
--- a/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm
+++ b/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm
@@ -117,6 +117,7 @@ sub en {
         ldapPassword                 => 'Password',
         ldapPpolicyControl           => 'Password policy control',
         ldapPort                     => 'Server port',
+        ldapPwdEnc                   => 'LDAP password encoding',
         ldapServer                   => 'Server host',
         ldapSetPassword              => 'Password modify extended operation',
         logParams                    => 'Logs',
@@ -382,9 +383,10 @@ sub fr {
         ldapGroupRecursive           => 'Recursif',
         ldapGroups                   => 'Groupes',
         ldapParams                   => 'Paramètres LDAP',
-        ldapPassword                 => 'Mode de passe',
+        ldapPassword                 => 'Mot de passe',
         ldapPpolicyControl           => 'Contrôle password policy',
         ldapPort                     => 'Port',
+        ldapPwdEnc                   => 'Encodage des mots de passe LDAP',
         ldapServer                   => 'Hôte',
         ldapSetPassword              => 'Opération étendue password modify',
         logParams                    => 'Journalisation',
diff --git a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_LDAP.pm b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_LDAP.pm
index 315c02a3c..88dda5a2e 100644
--- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_LDAP.pm
+++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_LDAP.pm
@@ -9,6 +9,7 @@ use Net::LDAP;    #inherits
 use Exporter;
 use base qw(Exporter Net::LDAP);
 use Lemonldap::NG::Portal::Simple;
+use Encode;
 use strict;
 
 our @EXPORT = qw(ldap);
@@ -60,6 +61,9 @@ sub new {
         }
     }
     $self->{portal} = $portal;
+
+    # Setting default LDAP password storage encoding to utf-8
+    $self->{portal}->{ldapPwdEnc} ||= 'utf-8';
     return $self;
 }
 
@@ -80,6 +84,16 @@ sub bind {
         $args{password} = $self->{portal}->{managerPassword};
     }
     if ( $dn && $args{password} ) {
+        if ( $self->{portal}->{ldapPwdEnc} ne 'utf-8' ) {
+            eval {
+                my $tmp = encode(
+                    $self->{portal}->{ldapPwdEnc},
+                    decode( 'utf-8', $args{password} )
+                );
+                $args{password} = $tmp;
+            };
+            print STDERR "$@\n" if ($@);
+        }
         $mesg = $self->SUPER::bind( $dn, %args );
     }
     else {
diff --git a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_i18n.pm b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_i18n.pm
index af0f2f83a..b6a54eaea 100644
--- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_i18n.pm
+++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_i18n.pm
@@ -126,7 +126,7 @@ sub error_fr {
         "Connexion impossible au serveur LDAP",
         "Erreur anormale du serveur LDAP",
         "Erreur du module Apache::Session choisi",
-        "Authentification exigée",
+        "Veuillez-vous authentifier",
         "Certificat invalide",
         "Échec de l'initialisation de Lasso:Login ou Lasso:Logout",
         "Échec de la résolution de l'artefact Liberty Alliance",