From 9c27bf131ecbaff96224a1bd63935ad2043f1a73 Mon Sep 17 00:00:00 2001
From: Mercier Pierre-Olivier <nemunaire@acu.epita.fr>
Date: Tue, 3 Sep 2013 07:20:58 +0200
Subject: [PATCH] Some fixes in LDAP

---
 ACU/LDAP.pm                  | 67 ++++++++++++++++++++++---------
 process/ldap/update_group.pl | 78 +++++++++++++++++++++++++++++++-----
 2 files changed, 116 insertions(+), 29 deletions(-)

diff --git a/ACU/LDAP.pm b/ACU/LDAP.pm
index dc69f35..4a0c846 100644
--- a/ACU/LDAP.pm
+++ b/ACU/LDAP.pm
@@ -11,6 +11,7 @@ use Net::LDAP::Util qw(ldap_error_text);
 
 use ACU::Password;
 use ACU::Right;
+use ACU::Log;
 
 ## Connection functions
 
@@ -27,15 +28,17 @@ our $secret_search = \&ldap_get_password;
 
 sub ldap_connect()
 {
-    if ($bindsecret eq "") {
+    if (!$bindsecret) {
 	$bindsecret = $secret_search->();
     }
 
     my $ldap = Net::LDAPS->new($ldaphost) or die ("$@");
     my $mesg = $ldap->bind($binddn, password => $bindsecret) or die ("$@");
 
+    ACU::Log::do_debug("Connect to LDAP with $binddn");
+
     if ($mesg->code) {
-	die "An error occurred: " .ldap_error_text($mesg->code)."\n";
+	ACU::Log::do_err("An error occurred: " .ldap_error_text($mesg->code));
     }
 
     return $ldap;
@@ -46,8 +49,10 @@ sub ldap_connect_anon()
     my $ldap = Net::LDAPS->new($ldaphost) or die ("$@");
     my $mesg = $ldap->bind or die ("$@");
 
+    ACU::Log::do_debug("Connect to LDAP anonymously");
+
     if ($mesg->code) {
-	die "An error occurred: " .ldap_error_text($mesg->code)."\n";
+	ACU::Log::do_err("An error occurred: " .ldap_error_text($mesg->code));
     }
 
     return $ldap;
@@ -65,13 +70,15 @@ sub add_group($$$;$)
 
     my $dn = "cn=$cn,ou=$year,ou=$ou,ou=groups,dc=acu,dc=epita,dc=fr";
 
+    ACU::Log::do_debug("Add group $dn");
+
     my $mesg = $ldap->add( $dn,
 		attrs => [
 		    objectclass => "intraGroup",
 		    cn => $cn,
 		]
 	);
-    if ($mesg->code != 0) { die $mesg->error; }
+    if ($mesg->code != 0) { ACU::Log::do_warn($mesg->error); return 0; }
 
     return $dn;
 }
@@ -84,17 +91,19 @@ sub delete_group($$;$)
 
     my $ldap = ldap_connect();
 
+    ACU::Log::do_debug("Delete group ou=groups,dc=acu,dc=epita,dc=fr");
+
     my $mesg = $ldap->search( # search
 			      base   => "ou=groups,dc=acu,dc=epita,dc=fr",
 			      filter => "cn=$cn",
 			      scope => "sub"
 	);
-    if ($mesg->code != 0) { die $mesg->error; }
-    if ($mesg->count != 1) { die  "$cn not found or multiple entries match"; }
+    if ($mesg->code != 0) { ACU::Log::do_warn($mesg->error); return 0; }
+    if ($mesg->count != 1) { ACU::Log::do_warn("$cn not found or multiple entries match"); return 0; }
 
     $ldap->delete( $mesg->entry(0)->dn );
 
-    $ldap->unbind or die ("couldn't disconnect correctly");
+    $ldap->unbind or ACU::Log::do_warn ("couldn't disconnect correctly");
 }
 
 sub get_year(;$)
@@ -118,8 +127,8 @@ sub get_dn($$@)
 			      attrs => @_,
 			      scope => "base"
 	);
-    if ($mesg->code != 0) { print $mesg->error; return undef; }
-    if ($mesg->count != 1) { return undef; }
+    if ($mesg->code != 0) { ACU::Log::do_warn($mesg->error); return undef; }
+    if ($mesg->count != 1) { ACU::Log::do_warn("$cn not found or multiple entries match"); return undef; }
 
     return $mesg->entry(0);
 }
@@ -138,6 +147,9 @@ sub add_attribute($$$@)
     {
 	if (! grep(/^$value$/, @data)) {
 	    $mod = 1;
+
+	    ACU::Log::do_debug("Add attribute $value to $dn");
+
 	    push @data, $value;
 	}
     }
@@ -145,7 +157,11 @@ sub add_attribute($$$@)
     if ($mod)
     {
 	$entry->replace($what => \@data) or die $!;
-	$entry->update($ldap) or die $!;
+	my $mesg = $entry->update($ldap) or die $!;
+
+	if ($mesg->code != 0) { ACU::Log::do_warn($mesg->error); return 0; }
+	if ($mesg->count != 1) { ACU::Log::do_warn("$cn not found or multiple entries match"); return 0; }
+
 	return 1;
     }
     else {
@@ -166,6 +182,8 @@ sub delete_attribute($$$@)
     for my $value (@_)
     {
 	if (grep(/^$value$/, @data)) {
+	    ACU::Log::do_debug("Remove attribute $what ($value) from $dn");
+
 	    @data = grep(!/$value$/, @data);
 	    $mod = 1;
 	}
@@ -174,7 +192,8 @@ sub delete_attribute($$$@)
     if ($mod)
     {
 	$entry->replace($what => \@data) or die $!;
-	$entry->update($ldap) or die $!;
+	my $mesg = $entry->update($ldap) or die $!;
+	if ($mesg->code != 0) { ACU::Log::do_warn($mesg->error); return 0; }
 	return 1;
     }
     else {
@@ -186,9 +205,11 @@ sub delete_entry($$)
 {
     my $ldap = shift // ldap_connect();
 
-    $ldap->delete( shift );
+    my $mesg = $ldap->delete( shift );
 
-    $ldap->unbind or die ("couldn't disconnect correctly");
+    if ($mesg->code != 0) { ACU::Log::do_warn($mesg->error); return 0; }
+
+    return 1;
 }
 
 sub flush_attribute($$@)
@@ -196,7 +217,11 @@ sub flush_attribute($$@)
     my $ldap = shift // ldap_connect();
     my $dn = shift;
 
-    return !($ldap->modify($dn, delete => \@_)->code);
+    $ldap->modify($dn, delete => \@_)->code;
+
+    if ($mesg->code != 0) { ACU::Log::do_warn($mesg->error); return 0; }
+
+    return 1;
 }
 
 sub get_attribute($$$)
@@ -224,8 +249,8 @@ sub search_dn($$@)
 			      attrs => [ ],
 			      scope => "sub"
 	);
-    if ($mesg->code != 0) { print $mesg->error; return undef; }
-    if ($mesg->count != 1) { return undef; }
+    if ($mesg->code != 0) { ACU::Log::do_warn($mesg->error); return undef; }
+    if ($mesg->count != 1) { ACU::Log::do_warn("$cn not found or multiple entries match"); return undef; }
 
     return $mesg->entry(0)->dn;
 }
@@ -237,8 +262,14 @@ sub update_attribute($$$@)
     my $what = shift;
 
     my $entry = get_dn($ldap, $dn, $what);
-    $entry->replace($what => \@_) or die $!;
-    $entry->update($ldap) or die $!;
+    $entry->replace($what => \@_);
+    my $mesg = $entry->update($ldap);
+
+    if ($mesg->code != 0) {
+	ACU::Log::do_warn($mesg->error);
+	return 0;
+    }
+
     return 1;
 }
 
diff --git a/process/ldap/update_group.pl b/process/ldap/update_group.pl
index c20a7d3..25d0b22 100644
--- a/process/ldap/update_group.pl
+++ b/process/ldap/update_group.pl
@@ -9,6 +9,7 @@ BEGIN {
     push @INC, "../../";
 }
 
+use ACU::Log;
 use ACU::LDAP;
 use ACU::Process;
 
@@ -32,6 +33,8 @@ my %user_actions =
  "update" => \&_update,
 );
 
+my $_get_type;
+
 sub _new($$$)
 {
     my $ldap = shift;
@@ -53,7 +56,7 @@ sub _add($$$)
     my $dn = shift;
     my $args = shift;
 
-    my $cnt_type = group_get_type $args->{param};
+    my $cnt_type = $_get_type->($args->{param});
 
     # Add content if any
     for (my $i = $args->{unamed}; $i > 0; $i--) {
@@ -72,7 +75,7 @@ sub _flush($$)
     my $dn = shift;
     my $args = shift;
 
-    my $cnt_type = group_get_type $args->{param};
+    my $cnt_type = $_get_type->($args->{param});
 
     return LDAP::flush_attribute($ldap, $dn, $cnt_type);
 }
@@ -83,7 +86,7 @@ sub _remove($$)
     my $dn = shift;
     my $args = shift;
 
-    my $cnt_type = group_get_type $args->{param};
+    my $cnt_type = $_get_type->($args->{param});
 
     my @data;
     for (my $i = $args->{unamed}; $i > 0; $i--) {
@@ -99,7 +102,9 @@ sub _update($$)
     my $dn = shift;
     my $args = shift;
 
-    my $cnt_type = group_get_type $args->{param};
+    my $cnt_type = $_get_type->($args->{param});
+
+    return user_update($ldap, $dn, $args) if ($cnt_type eq "userInfos");
 
     my @data;
     for (my $i = $args->{unamed}; $i > 0; $i--) {
@@ -109,20 +114,66 @@ sub _update($$)
     return LDAP::update_attribute($ldap, $dn, $cnt_type, @data);
 }
 
+sub user_update($$)
+{
+    my $ldap = shift;
+    my $dn = shift;
+    my $args = shift;
 
-sub _get_type($)
+    LDAP::update_attribute($ldap, $dn, "cn", $args->{param}{cn}) if ($args->{param}{cn});
+    LDAP::update_attribute($ldap, $dn, "cn", $args->{param}{firstname}." ".$args->{param}{lastname}) if ($args->{param}{firstname} && $args->{param}{lastname});
+    LDAP::update_attribute($ldap, $dn, "l", $args->{param}{l}) if ($args->{param}{l});
+    LDAP::update_attribute($ldap, $dn, "mail", $args->{param}{mail}) if ($args->{param}{mail});
+    LDAP::update_attribute($ldap, $dn, "postalAddress", $args->{param}{postalAddress}) if ($args->{param}{postalAddress});
+    LDAP::update_attribute($ldap, $dn, "postalCode", $args->{param}{postalCode}) if ($args->{param}{postalCode});
+    LDAP::update_attribute($ldap, $dn, "sn", $args->{param}{sn}) if ($args->{param}{sn});
+    LDAP::update_attribute($ldap, $dn, "telephoneNumber", $args->{param}{telephoneNumber}) if ($args->{param}{telephoneNumber});
+    LDAP::update_attribute($ldap, $dn, "sshPublicKey", $args->{param}{sshPublicKey}) if ($args->{param}{sshPublicKey});
+    LDAP::update_attribute($ldap, $dn, "strongAuthKey", $args->{param}{strongAuthKey}) if ($args->{param}{strongAuthKey});
+    LDAP::update_attribute($ldap, $dn, "c", $args->{param}{c}) if ($args->{param}{c});
+    LDAP::update_attribute($ldap, $dn, "title", $args->{param}{title}) if ($args->{param}{title});
+    LDAP::update_attribute($ldap, $dn, "intraRight", $args->{param}{intraRight}) if ($args->{param}{intraRight});
+    LDAP::update_attribute($ldap, $dn, "intraTheme", $args->{param}{intraTheme}) if ($args->{param}{intraTheme});
+    LDAP::update_attribute($ldap, $dn, "birthdate", $args->{param}{birthdate}) if ($args->{param}{birthdate});
+}
+
+
+sub group_get_type($)
 {
     my $param = shift;
 
+    my $type = $param->{type} // "members";
+
     # Extract data type
-    if ($param->{type} eq "members") {
+    if ($type eq "members") {
 	return "memberUid";
     }
-    elsif ($param->{type} eq "rights") {
+    elsif ($type eq "rights") {
 	return "intraRights" ;
     }
     else {
-	die ("Unknown type to add: ".$param->{type});
+	die ("Unknown type to add: ".$type);
+    }
+}
+
+sub user_get_type($)
+{
+    my $param = shift;
+
+    my $type = $param->{type} // "userInfos";
+
+    # Extract data type
+    if ($type eq "rights") {
+	return "intraRights" ;
+    }
+    elsif ($type eq "sshkeys") {
+	return "sshPublicKey" ;
+    }
+    elsif ($type eq "userInfos") {
+	return "userInfos" ;
+    }
+    else {
+	die ("Unknown type to add: ".$type);
     }
 }
 
@@ -133,7 +184,7 @@ sub process_group
 
     my $year = $args->{param}{year} // LDAP::get_year;
     my $dn = "cn=".$args->{param}{cn}."ou=$year,ou=$ou,ou=groups,dc=acu,dc=epita,dc=fr";
-    my $action = $args->{param}{type} // "update";
+    my $action = $args->{param}{action} // "update";
 
     # Read action
     if (! exists $group_actions{$action}) {
@@ -145,13 +196,15 @@ sub process_group
     $group_actions{$action}($ldap, $dn, $args);
 
     $ldap->unbind or warn "couldn't disconnect correctly";
+
+    return "Ok";
 }
 
 sub process_user
 {
     my ($given_args, $args) = @_;
 
-    my $action = $args->{param}{type} // "update";
+    my $action = $args->{param}{action} // "update";
 
     # Read action
     if (! exists $user_actions{$action}) {
@@ -165,13 +218,16 @@ sub process_user
     $user_actions{$action}($ldap, $dn, $args);
 
     $ldap->unbind or warn "couldn't disconnect correctly";
+
+    return "Ok";
 }
 
-
 if ($0 =~ /^update_group/) {
+    $_get_type = \&group_get_type;
     Process::register("update_group", \&process_group);
 }
 elsif ($0 =~ /^update_user/) {
+    $_get_type = \&user_get_type;
     Process::register("update_user", \&process_user);
 }
 else {