epita-std/ACU
Archived
1
0
Fork 0
Code Releases Activity

LDAP: Fix for stabilization

Browse source
This commit is contained in:
Mercier Pierre-Olivier 2013-10-28 15:11:04 +01:00
parent 2d7c59694a
commit 5857719f94
1 changed files with 31 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

63
ACU/LDAP.pm
View file

@ -8,16 +8,22 @@ use warnings;
use Carp; use Carp;
use Net::LDAPS; use Net::LDAPS;
use Net::LDAP::Filter;
use Net::LDAP::Util qw(ldap_error_text); use Net::LDAP::Util qw(ldap_error_text);
use ACU::Password; use ACU::Password;
use ACU::Right; use ACU::Right;
use ACU::Log; use ACU::Log;
use constant {
BASE_DN => "dc=acu,dc=epita,dc=fr",
YEAR_DN => "cn=year,dc=acu,dc=epita,dc=fr",
};
## Connection functions ## Connection functions
our $ldaphost = "ldap.acu.epita.fr"; our $ldaphost = "ldap.acu.epita.fr";
our $binddn = "cn=intra,dc=acu,dc=epita,dc=fr"; our $binddn = "cn=intra," . BASE_DN;
my $bindsecret = ""; my $bindsecret = "";
sub ldap_get_password sub ldap_get_password
@ -42,10 +48,7 @@ sub ldap_connect()
log(DEBUG, "Connect to LDAP with $binddn"); log(DEBUG, "Connect to LDAP with $binddn");
if ($mesg->code) { croak ldap_error_text($mesg->code) if ($mesg->code);
log(ERROR, "An error occurred: " .ldap_error_text($mesg->code));
croak "An error occurred: " .ldap_error_text($mesg->code);
}
return $ldap; return $ldap;
} }
@ -57,10 +60,7 @@ sub ldap_connect_anon()
log(DEBUG, "Connect to LDAP anonymously"); log(DEBUG, "Connect to LDAP anonymously");
if ($mesg->code) { croak ldap_error_text($mesg->code) if ($mesg->code);
log(ERROR, "An error occurred: " .ldap_error_text($mesg->code));
croak "An error occurred: " .ldap_error_text($mesg->code);
}
return $ldap; return $ldap;
} }
@ -75,7 +75,7 @@ sub add_group($$$;$)
my $year = shift // get_year(); my $year = shift // get_year();
my $ou = shift // "intra"; # expected roles or intra my $ou = shift // "intra"; # expected roles or intra
my $dn = "cn=$cn,ou=$year,ou=$ou,ou=groups,dc=acu,dc=epita,dc=fr"; my $dn = "cn=$cn,ou=$year,ou=$ou,ou=groups," . BASE_DN;
log(DEBUG, "Add group $dn"); log(DEBUG, "Add group $dn");
@ -94,7 +94,7 @@ sub get_year(;$)
{ {
my $ldap = shift // ldap_connect_anon(); my $ldap = shift // ldap_connect_anon();
return get_attribute($ldap, "cn=year,dc=acu,dc=epita,dc=fr", "year"); return get_attribute($ldap, YEAR_DN, "year");
} }
sub get_rights($) sub get_rights($)
@ -105,8 +105,8 @@ sub get_rights($)
my $ldap = ldap_connect_anon(); my $ldap = ldap_connect_anon();
my $mesg = $ldap->search( # search my $mesg = $ldap->search( # search
base => "ou=roles,ou=groups,dc=acu,dc=epita,dc=fr", base => "ou=roles,ou=groups," . BASE_DN,
filter => "&(memberUid=$login)(objectClass=intraGroup)", filter => Net::LDAP::Filter->new("&(memberUid=$login)(objectClass=intraGroup)"),
attrs => [ 'intraRight' ], attrs => [ 'intraRight' ],
scope => "sub" scope => "sub"
); );
@ -127,8 +127,8 @@ sub get_rights($)
$mesg = $ldap->search( # search $mesg = $ldap->search( # search
base => "ou=intra,ou=groups,dc=acu,dc=epita,dc=fr", base => "ou=intra,ou=groups," . BASE_DN,
filter => "&(memberUid=$login)(objectClass=intraGroup)", filter => Net::LDAP::Filter->new("&(memberUid=$login)(objectClass=intraGroup)"),
attrs => [ 'intraRight' ], attrs => [ 'intraRight' ],
scope => "sub" scope => "sub"
); );
@ -144,8 +144,8 @@ sub get_rights($)
$mesg = $ldap->search( # search $mesg = $ldap->search( # search
base => "ou=users,dc=acu,dc=epita,dc=fr", base => "ou=users," . BASE_DN,
filter => "&(uid=$login)(objectClass=intraAccount)", filter => Net::LDAP::Filter->new("&(uid=$login)(objectClass=intraAccount)"),
attrs => [ 'intraRight' ], attrs => [ 'intraRight' ],
scope => "sub" scope => "sub"
); );
@ -191,7 +191,7 @@ sub get_dn($$@)
my $mesg = $ldap->search( # search my $mesg = $ldap->search( # search
base => "$dn", base => "$dn",
filter => "(objectClass=*)", filter => Net::LDAP::Filter->new("(objectClass=*)"),
attrs => \@_, attrs => \@_,
scope => "sub" scope => "sub"
); );
@ -321,18 +321,19 @@ sub search_dn($$@)
my $base = shift; my $base = shift;
my $filter = shift; my $filter = shift;
if ($base) { $base .= "," if ($base);
$base .= ","
} log (DEBUG, "Looking for $filter in $base" . BASE_DN);
my $mesg = $ldap->search( # search my $mesg = $ldap->search( # search
base => $base."dc=acu,dc=epita,dc=fr", base => $base . BASE_DN,
filter => $filter, filter => Net::LDAP::Filter->new($filter),
attrs => [ ], attrs => [ ],
scope => "sub" scope => "sub"
); );
if ($mesg->code != 0) { log(WARN, $mesg->error); return undef; } croak($mesg->error) if ($mesg->code != 0);
if ($mesg->count != 1) { log(WARN, "$filter not found or multiple entries match"); return undef; } croak("$filter not found") if ($mesg->count == 0);
croak("$filter not unique") if ($mesg->count > 1);
return $mesg->entry(0)->dn; return $mesg->entry(0)->dn;
} }
@ -343,17 +344,15 @@ sub search_dns($$$@)
my $base = shift; my $base = shift;
my $filter = shift; my $filter = shift;
if ($base) { $base .= "," if ($base);
$base .= ","
}
my $mesg = $ldap->search( # search my $mesg = $ldap->search( # search
base => $base."dc=acu,dc=epita,dc=fr", base => $base . BASE_DN,
filter => $filter, filter => Net::LDAP::Filter->new($filter),
attrs => @_, attrs => \@_,
scope => "sub" scope => "sub"
); );
if ($mesg->code != 0) { log(WARN, $mesg->error); return undef; } if ($mesg->code != 0) { log(WARN, $mesg->error); return []; }
return $mesg->entries; return $mesg->entries;
} }