Refactoring LDAP package
This commit is contained in:
Mercier Pierre-Olivier
parent
34c7a6b6f0
commit
a3bd738b0f
3 changed files with 190 additions and 261 deletions
272
ACU/LDAP.pm
272
ACU/LDAP.pm
|
|
@ -12,12 +12,25 @@ use Net::LDAP::Util qw(ldap_error_text);
|
|||
use ACU::Password;
|
||||
use ACU::Right;
|
||||
|
||||
my $ldaphost = "ldap.acu.epita.fr";
|
||||
my $binddn = "cn=intra,dc=acu,dc=epita,dc=fr";
|
||||
my $bindsecret = Password::get_password ".secret_ldap";
|
||||
## Connection functions
|
||||
|
||||
our $ldaphost = "ldap.acu.epita.fr";
|
||||
our $binddn = "cn=intra,dc=acu,dc=epita,dc=fr";
|
||||
my $bindsecret = "";
|
||||
|
||||
sub ldap_get_password
|
||||
{
|
||||
return Password::get_password ".secret_ldap";
|
||||
}
|
||||
|
||||
our $secret_search = \&ldap_get_password;
|
||||
|
||||
sub ldap_connect()
|
||||
{
|
||||
if ($bindsecret eq "") {
|
||||
$bindsecret = $secret_search->();
|
||||
}
|
||||
|
||||
my $ldap = Net::LDAPS->new($ldaphost) or die ("$@");
|
||||
my $mesg = $ldap->bind($binddn, password => $bindsecret) or die ("$@");
|
||||
|
||||
|
|
@ -40,36 +53,8 @@ sub ldap_connect_anon()
|
|||
return $ldap;
|
||||
}
|
||||
|
||||
sub add_attribute($$$)
|
||||
{
|
||||
my $dn = shift;
|
||||
my $what = shift;
|
||||
my $value = shift;
|
||||
|
||||
my $ldap = ldap_connect();
|
||||
|
||||
my $mesg = $ldap->search( # search
|
||||
base => "$dn",
|
||||
attrs => [ $what ],
|
||||
scope => "base"
|
||||
);
|
||||
if ($mesg->code != 0) { die $mesg->error; }
|
||||
if ($mesg->count != 1) { die "$dn not found or not a valid entry"; }
|
||||
|
||||
my @data = $mesg->entry(0)->get_value($what);
|
||||
if (! grep(/^$value$/, @data)) {
|
||||
push @data, $value;
|
||||
$mesg->entry(0)->replace($what => \@data) or die $!;
|
||||
$mesg->entry(0)->update($ldap) or die $!;
|
||||
|
||||
print "Add $what $value to $dn.";
|
||||
}
|
||||
else {
|
||||
print "$dn already has $what $value.";
|
||||
}
|
||||
|
||||
$ldap->unbind or die ("couldn't disconnect correctly");
|
||||
}
|
||||
## High end functions
|
||||
|
||||
sub add_group($$;$)
|
||||
{
|
||||
|
|
@ -83,6 +68,7 @@ sub add_group($$;$)
|
|||
|
||||
my $mesg = $ldap->add( $dn,
|
||||
attrs => [
|
||||
objectclass => "intraGroup",
|
||||
cn => $cn,
|
||||
]
|
||||
);
|
||||
|
|
@ -93,80 +79,6 @@ sub add_group($$;$)
|
|||
return $dn;
|
||||
}
|
||||
|
||||
sub delete_attribute($$$)
|
||||
{
|
||||
my $dn = shift;
|
||||
my $what = shift;
|
||||
my $value = shift;
|
||||
|
||||
my $ldap = ldap_connect();
|
||||
|
||||
my $mesg = $ldap->search( # search
|
||||
base => "$dn",
|
||||
attrs => [ $what ],
|
||||
scope => "base"
|
||||
);
|
||||
if ($mesg->code != 0) { die $mesg->error; }
|
||||
if ($mesg->count != 1) { die "$dn not found or not a valid entry"; }
|
||||
|
||||
my @data = $mesg->entry(0)->get_value($what);
|
||||
if (! grep(/^$value$/, @data)) {
|
||||
print "$dn has no $what $value.";
|
||||
}
|
||||
else {
|
||||
@data = grep(!/$value$/, @data);
|
||||
|
||||
$mesg->entry(0)->replace($what => \@data) or die $!;
|
||||
$mesg->entry(0)->update($ldap) or die $!;
|
||||
|
||||
print "Delete $what $value to $dn.";
|
||||
}
|
||||
|
||||
$ldap->unbind or die ("couldn't disconnect correctly");
|
||||
}
|
||||
|
||||
sub delete_attributes($$$)
|
||||
{
|
||||
my $dn = shift;
|
||||
my $what = shift;
|
||||
my $values = shift;
|
||||
|
||||
my $ldap = ldap_connect();
|
||||
|
||||
my $mesg = $ldap->search( # search
|
||||
base => "$dn",
|
||||
attrs => [ $what ],
|
||||
scope => "base"
|
||||
);
|
||||
if ($mesg->code != 0) { die $mesg->error; }
|
||||
if ($mesg->count != 1) { die "$dn not found or not a valid entry"; }
|
||||
|
||||
my @data = $mesg->entry(0)->get_value($what);
|
||||
for my $value ($values) {
|
||||
if (! grep(/^$value$/, @data)) {
|
||||
print "$dn has no $what $value.";
|
||||
}
|
||||
else {
|
||||
@data = grep(!/$value$/, @data);
|
||||
|
||||
print "Delete $what $value to $dn.";
|
||||
}
|
||||
}
|
||||
$mesg->entry(0)->replace($what => \@data) or die $!;
|
||||
$mesg->entry(0)->update($ldap) or die $!;
|
||||
|
||||
$ldap->unbind or die ("couldn't disconnect correctly");
|
||||
}
|
||||
|
||||
sub delete_entry($$;$)
|
||||
{
|
||||
my $ldap = ldap_connect();
|
||||
|
||||
$ldap->delete( shift );
|
||||
|
||||
$ldap->unbind or die ("couldn't disconnect correctly");
|
||||
}
|
||||
|
||||
sub delete_group($$;$)
|
||||
{
|
||||
my $cn = shift;
|
||||
|
|
@ -188,87 +100,129 @@ sub delete_group($$;$)
|
|||
$ldap->unbind or die ("couldn't disconnect correctly");
|
||||
}
|
||||
|
||||
sub flush_attribute($$)
|
||||
sub get_year(;$)
|
||||
{
|
||||
my $dn = shift;
|
||||
my $what = shift;
|
||||
my $ldap = shift // ldap_connect_anon();
|
||||
|
||||
my $ldap = ldap_connect();
|
||||
return get_attribute($ldap, "cn=year,dc=acu,dc=epita,dc=fr", "year");
|
||||
}
|
||||
|
||||
|
||||
## Low level functions
|
||||
|
||||
sub get_dn($$@)
|
||||
{
|
||||
my $ldap = shift // ldap_connect();
|
||||
my $dn = shift;
|
||||
|
||||
my $mesg = $ldap->search( # search
|
||||
base => "$dn",
|
||||
filter => "(objectClass=top)",
|
||||
attrs => @_,
|
||||
scope => "base"
|
||||
);
|
||||
if ($mesg->code != 0) { die $mesg->error; }
|
||||
if ($mesg->count != 1) { die "$dn not found or not a valid entry"; }
|
||||
if ($mesg->code != 0) { print $mesg->error; return undef; }
|
||||
if ($mesg->count != 1) { return undef; }
|
||||
|
||||
$ldap->modify($mesg->entry(0)->dn, delete => [$what]);
|
||||
|
||||
print "Flush $what for $dn.";
|
||||
|
||||
$ldap->unbind or die ("couldn't disconnect correctly");
|
||||
return $mesg->entry(0);
|
||||
}
|
||||
|
||||
sub get_attribute($$)
|
||||
sub add_attribute($$$@)
|
||||
{
|
||||
my $ldap = shift // ldap_connect();
|
||||
my $dn = shift;
|
||||
my $what = shift;
|
||||
|
||||
my $ldap = ldap_connect();
|
||||
my $mod = 0;
|
||||
|
||||
my $mesg = $ldap->search( # search
|
||||
base => "$dn",
|
||||
attrs => [ $what ],
|
||||
scope => "sub"
|
||||
);
|
||||
if ($mesg->code != 0) { die $mesg->error; }
|
||||
if ($mesg->count != 1) { die "$dn not found or not a valid entry"; }
|
||||
my $entry = get_dn($ldap, $dn, $what);
|
||||
my @data = $entry->get_value($what);
|
||||
for my $value (@_)
|
||||
{
|
||||
if (! grep(/^$value$/, @data)) {
|
||||
$mod = 1;
|
||||
push @data, $value;
|
||||
}
|
||||
}
|
||||
|
||||
$ldap->unbind or die ("couldn't disconnect correctly");
|
||||
|
||||
return $mesg->entry(0)->get_value($what);
|
||||
if ($mod)
|
||||
{
|
||||
$entry->replace($what => \@data) or die $!;
|
||||
$entry->update($ldap) or die $!;
|
||||
return 1;
|
||||
}
|
||||
else {
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
sub get_year()
|
||||
{
|
||||
my $ldap = ldap_connect_anon();
|
||||
|
||||
my $mesg = $ldap->search( # search
|
||||
base => "cn=year,dc=acu,dc=epita,dc=fr",
|
||||
filter => "(cn=year)",
|
||||
attrs => [ "year" ],
|
||||
scope => "base"
|
||||
);
|
||||
if ($mesg->code != 0) { die $mesg->error; }
|
||||
if ($mesg->count != 1) { die "Year not found or not a valid entry"; }
|
||||
|
||||
$ldap->unbind or die ("couldn't disconnect correctly");
|
||||
|
||||
return $mesg->entry(0)->get_value("year");
|
||||
}
|
||||
|
||||
sub update_attribute($$$)
|
||||
sub delete_attribute($$$@)
|
||||
{
|
||||
my $ldap = shift // ldap_connect();
|
||||
my $dn = shift;
|
||||
my $what = shift;
|
||||
my $value = shift;
|
||||
|
||||
my $ldap = ldap_connect();
|
||||
my $mod = 0;
|
||||
|
||||
my $mesg = $ldap->search( # search
|
||||
base => "$dn",
|
||||
attrs => [ $what ],
|
||||
scope => "sub"
|
||||
);
|
||||
if ($mesg->code != 0) { die $mesg->error; }
|
||||
if ($mesg->count != 1) { die "$dn not found or not a valid entry"; }
|
||||
my $entry = get_dn($ldap, $dn, $what);
|
||||
my @data = $entry->get_value($what);
|
||||
for my $value (@_)
|
||||
{
|
||||
if (grep(/^$value$/, @data)) {
|
||||
@data = grep(!/$value$/, @data);
|
||||
$mod = 1;
|
||||
}
|
||||
}
|
||||
|
||||
$mesg->entry(0)->replace($what => $value) or die $!;
|
||||
$mesg->entry(0)->update($ldap) or die $!;
|
||||
if ($mod)
|
||||
{
|
||||
$entry->replace($what => \@data) or die $!;
|
||||
$entry->update($ldap) or die $!;
|
||||
return 1;
|
||||
}
|
||||
else {
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
sub delete_entry($$)
|
||||
{
|
||||
my $ldap = shift // ldap_connect();
|
||||
|
||||
$ldap->delete( shift );
|
||||
|
||||
$ldap->unbind or die ("couldn't disconnect correctly");
|
||||
}
|
||||
|
||||
sub flush_attribute($$@)
|
||||
{
|
||||
my $ldap = shift // ldap_connect();
|
||||
my $dn = shift;
|
||||
|
||||
return !($ldap->modify($dn, delete => \@_)->code);
|
||||
}
|
||||
|
||||
sub get_attribute($$$)
|
||||
{
|
||||
my $ldap = shift // ldap_connect();
|
||||
my $dn = shift;
|
||||
my $what = shift;
|
||||
|
||||
return get_dn($ldap, $dn, $what)->get_value($what);
|
||||
}
|
||||
|
||||
sub update_attribute($$$@)
|
||||
{
|
||||
my $ldap = shift // ldap_connect();
|
||||
my $dn = shift;
|
||||
my $what = shift;
|
||||
|
||||
my $entry = get_dn($ldap, $dn, $what);
|
||||
$entry->replace($what => \@_) or die $!;
|
||||
$entry->update($ldap) or die $!;
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
sub has_right($$)
|
||||
{
|
||||
|
|
|
|||
Reference in a new issue