Sanities LDAP code
This commit is contained in:
Mercier Pierre-Olivier
parent
8132fdb3e1
commit
672740685c
1 changed files with 93 additions and 108 deletions
201
ACU/LDAP.pm
201
ACU/LDAP.pm
|
|
@ -42,7 +42,8 @@ sub ldap_connect()
|
|||
log(DEBUG, "Connect to LDAP with $binddn");
|
||||
|
||||
if ($mesg->code) {
|
||||
log(FATAL, "An error occurred: " .ldap_error_text($mesg->code));
|
||||
log(ERROR, "An error occurred: " .ldap_error_text($mesg->code));
|
||||
croak "An error occurred: " .ldap_error_text($mesg->code);
|
||||
}
|
||||
|
||||
return $ldap;
|
||||
|
|
@ -56,7 +57,8 @@ sub ldap_connect_anon()
|
|||
log(DEBUG, "Connect to LDAP anonymously");
|
||||
|
||||
if ($mesg->code) {
|
||||
log(FATAL, "An error occurred: " .ldap_error_text($mesg->code));
|
||||
log(ERROR, "An error occurred: " .ldap_error_text($mesg->code));
|
||||
croak "An error occurred: " .ldap_error_text($mesg->code);
|
||||
}
|
||||
|
||||
return $ldap;
|
||||
|
|
@ -87,29 +89,6 @@ sub add_group($$$;$)
|
|||
return $dn;
|
||||
}
|
||||
|
||||
sub delete_group($$;$)
|
||||
{
|
||||
my $cn = shift;
|
||||
my $year = shift;
|
||||
my $ou = shift // "intra"; # expected roles or intra
|
||||
|
||||
my $ldap = ldap_connect();
|
||||
|
||||
log(DEBUG, "Delete group ou=groups,dc=acu,dc=epita,dc=fr");
|
||||
|
||||
my $mesg = $ldap->search( # search
|
||||
base => "ou=groups,dc=acu,dc=epita,dc=fr",
|
||||
filter => "cn=$cn",
|
||||
scope => "sub"
|
||||
);
|
||||
if ($mesg->code != 0) { log(WARN, $mesg->error); return 0; }
|
||||
if ($mesg->count != 1) { log(WARN, "$cn not found or multiple entries match"); return 0; }
|
||||
|
||||
$ldap->delete( $mesg->entry(0)->dn );
|
||||
|
||||
$ldap->unbind or log(WARN, "couldn't disconnect correctly");
|
||||
}
|
||||
|
||||
sub get_year(;$)
|
||||
{
|
||||
my $ldap = shift // ldap_connect_anon();
|
||||
|
|
@ -117,6 +96,90 @@ sub get_year(;$)
|
|||
return get_attribute($ldap, "cn=year,dc=acu,dc=epita,dc=fr", "year");
|
||||
}
|
||||
|
||||
sub get_rights($)
|
||||
{
|
||||
my $login = shift;
|
||||
my @rights;
|
||||
|
||||
my $ldap = ldap_connect_anon();
|
||||
|
||||
my $mesg = $ldap->search( # search
|
||||
base => "ou=roles,ou=groups,dc=acu,dc=epita,dc=fr",
|
||||
filter => "&(memberUid=$login)(objectClass=intraGroup)",
|
||||
attrs => [ 'intraRight' ],
|
||||
scope => "sub"
|
||||
);
|
||||
if ($mesg->code != 0) { die $mesg->error; }
|
||||
|
||||
for my $entry ($mesg->entries)
|
||||
{
|
||||
for my $r ($entry->get_value('intraRight'))
|
||||
{
|
||||
if ($r =~ /^!(.*)$/) {
|
||||
@rights = grep { $r ne $_ } @rights;
|
||||
}
|
||||
else {
|
||||
push @rights, Right->new($r);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
$mesg = $ldap->search( # search
|
||||
base => "ou=intra,ou=groups,dc=acu,dc=epita,dc=fr",
|
||||
filter => "&(memberUid=$login)(objectClass=intraGroup)",
|
||||
attrs => [ 'intraRight' ],
|
||||
scope => "sub"
|
||||
);
|
||||
if ($mesg->code != 0) { die $mesg->error; }
|
||||
if ($mesg->count != 1) { die "User $login not found or multiple presence"; }
|
||||
|
||||
for my $entry ($mesg->entries)
|
||||
{
|
||||
for my $r ($entry->get_value('intraRight')) {
|
||||
push @rights, Right->new($r);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
$mesg = $ldap->search( # search
|
||||
base => "ou=users,dc=acu,dc=epita,dc=fr",
|
||||
filter => "&(uid=$login)(objectClass=intraAccount)",
|
||||
attrs => [ 'intraRight' ],
|
||||
scope => "sub"
|
||||
);
|
||||
if ($mesg->code != 0) { die $mesg->error; }
|
||||
if ($mesg->count != 1) { die "User $login not found or multiple presence"; }
|
||||
|
||||
for my $r ($mesg->entry(0)->get_value('intraRight')) {
|
||||
push @rights, Right->new($r);
|
||||
}
|
||||
|
||||
|
||||
$ldap->unbind or die ("couldn't disconnect correctly");
|
||||
|
||||
return @rights;
|
||||
}
|
||||
|
||||
sub has_right($$)
|
||||
{
|
||||
my $login = shift;
|
||||
my $right = shift;
|
||||
|
||||
my $ok = 0;
|
||||
|
||||
for my $r (get_rights($login))
|
||||
{
|
||||
if ($r->{right} eq $right)
|
||||
{
|
||||
return 0 if ($r->{negate});
|
||||
$ok = $r;
|
||||
}
|
||||
}
|
||||
|
||||
return $ok;
|
||||
}
|
||||
|
||||
|
||||
## Low level functions
|
||||
|
||||
|
|
@ -154,7 +217,8 @@ sub add_attribute($$$@)
|
|||
my @data = $entry->get_value($what);
|
||||
for my $value (@_)
|
||||
{
|
||||
if (! grep { /^\Q$value\E$/ } @data) {
|
||||
if (! grep { $value eq $_ } @data)
|
||||
{
|
||||
$mod = 1;
|
||||
|
||||
log(DEBUG, "Add attribute $value to $dn");
|
||||
|
|
@ -192,10 +256,11 @@ sub delete_attribute($$$@)
|
|||
my @data = $entry->get_value($what);
|
||||
for my $value (@_)
|
||||
{
|
||||
if (grep { /^\Q$value\E$/ } @data) {
|
||||
if (grep { $value eq $_ } @data)
|
||||
{
|
||||
log(DEBUG, "Remove attribute $what ($value) from $dn");
|
||||
|
||||
@data = grep { ! /^\Q$value\E$/ } @data;
|
||||
@data = grep { ! $value eq $_ } @data;
|
||||
$mod = 1;
|
||||
}
|
||||
else {
|
||||
|
|
@ -310,84 +375,4 @@ sub update_attribute($$$@)
|
|||
return 1;
|
||||
}
|
||||
|
||||
|
||||
sub has_right($$)
|
||||
{
|
||||
my $login = shift;
|
||||
my $right = shift;
|
||||
|
||||
my $ok = 0;
|
||||
|
||||
for my $r (get_rights($login)) {
|
||||
if ($r->{right} eq $right) {
|
||||
return 0 if ($r->{negate});
|
||||
$ok = $r;
|
||||
}
|
||||
}
|
||||
|
||||
return $ok;
|
||||
}
|
||||
|
||||
sub get_rights($)
|
||||
{
|
||||
my $login = shift;
|
||||
my @rights;
|
||||
|
||||
my $ldap = ldap_connect_anon();
|
||||
|
||||
my $mesg = $ldap->search( # search
|
||||
base => "ou=roles,ou=groups,dc=acu,dc=epita,dc=fr",
|
||||
filter => "&(memberUid=$login)(objectClass=intraGroup)",
|
||||
attrs => [ 'intraRight' ],
|
||||
scope => "sub"
|
||||
);
|
||||
if ($mesg->code != 0) { die $mesg->error; }
|
||||
|
||||
for my $entry ($mesg->entries) {
|
||||
for my $r ($entry->get_value('intraRight')) {
|
||||
if ($r =~ /^!(.*)$/) {
|
||||
@rights = grep { ! /^\Q$r\E$/ } @rights;
|
||||
}
|
||||
else {
|
||||
push @rights, Right->new($r);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
$mesg = $ldap->search( # search
|
||||
base => "ou=intra,ou=groups,dc=acu,dc=epita,dc=fr",
|
||||
filter => "&(memberUid=$login)(objectClass=intraGroup)",
|
||||
attrs => [ 'intraRight' ],
|
||||
scope => "sub"
|
||||
);
|
||||
if ($mesg->code != 0) { die $mesg->error; }
|
||||
if ($mesg->count != 1) { die "User $login not found or multiple presence"; }
|
||||
|
||||
for my $entry ($mesg->entries) {
|
||||
for my $r ($entry->get_value('intraRight')) {
|
||||
push @rights, Right->new($r);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
$mesg = $ldap->search( # search
|
||||
base => "ou=users,dc=acu,dc=epita,dc=fr",
|
||||
filter => "&(uid=$login)(objectClass=intraAccount)",
|
||||
attrs => [ 'intraRight' ],
|
||||
scope => "sub"
|
||||
);
|
||||
if ($mesg->code != 0) { die $mesg->error; }
|
||||
if ($mesg->count != 1) { die "User $login not found or multiple presence"; }
|
||||
|
||||
for my $r ($mesg->entry(0)->get_value('intraRight')) {
|
||||
push @rights, Right->new($r);
|
||||
}
|
||||
|
||||
|
||||
$ldap->unbind or die ("couldn't disconnect correctly");
|
||||
|
||||
return @rights;
|
||||
}
|
||||
|
||||
1;
|
||||
|
|
|
|||
Reference in a new issue