Refactoring LDAP package
This commit is contained in:
Mercier Pierre-Olivier
parent
34c7a6b6f0
commit
a3bd738b0f
3 changed files with 195 additions and 266 deletions
164
utils/lpt
164
utils/lpt
|
|
@ -18,18 +18,18 @@ use Quota;
|
|||
#use File::Basename;
|
||||
#use File::Find;
|
||||
|
||||
BEGIN {
|
||||
push @INC, "../";
|
||||
}
|
||||
|
||||
use ACU::LDAP;
|
||||
|
||||
###########################################################
|
||||
# #
|
||||
# Global variables #
|
||||
# #
|
||||
###########################################################
|
||||
|
||||
my $ldaphost = "ldap.acu.epita.fr";
|
||||
my $ldapuri = "ldaps://ldap.acu.epita.fr";
|
||||
my $binddn = "cn=admin,dc=acu,dc=epita,dc=fr";
|
||||
my $bindsecret = '';
|
||||
my $login = "";
|
||||
|
||||
my $wksHomePrefix = "/home/";
|
||||
my $nfsHomePrefix = "/srv/nfs/accounts/";
|
||||
|
||||
|
|
@ -147,6 +147,7 @@ my %cmds_list =
|
|||
|
||||
sub ldap_get_password()
|
||||
{
|
||||
my $bindsecret;
|
||||
if (defined($ENV{'LDAP_PASSWORD'}) && $ENV{'LDAP_PASSWORD'} ne "")
|
||||
{
|
||||
$bindsecret = $ENV{'LDAP_PASSWORD'};
|
||||
|
|
@ -168,35 +169,11 @@ sub ldap_get_password()
|
|||
print "\n";
|
||||
|
||||
chomp $bindsecret;
|
||||
return $bindsecret;
|
||||
}
|
||||
|
||||
sub ldap_connect()
|
||||
{
|
||||
if ($bindsecret eq "") {
|
||||
ldap_get_password();
|
||||
}
|
||||
|
||||
my $ldap = Net::LDAPS->new($ldaphost) or do_err ("$@");
|
||||
my $mesg = $ldap->bind($binddn, password => $bindsecret) or do_err ("$@");
|
||||
|
||||
if ($mesg->code) {
|
||||
die "An error occurred: " .ldap_error_text($mesg->code)."\n";
|
||||
}
|
||||
|
||||
return $ldap;
|
||||
}
|
||||
|
||||
sub ldap_connect_anon()
|
||||
{
|
||||
my $ldap = Net::LDAPS->new($ldaphost) or do_err ("$@");
|
||||
my $mesg = $ldap->bind or do_err ("$@");
|
||||
|
||||
if ($mesg->code) {
|
||||
die "An error occurred: " .ldap_error_text($mesg->code)."\n";
|
||||
}
|
||||
|
||||
return $ldap;
|
||||
}
|
||||
$LDAP::binddn = "cn=admin,dc=acu,dc=epita,dc=fr";
|
||||
$LDAP::secret_search = \&ldap_get_password;
|
||||
|
||||
######################################
|
||||
# #
|
||||
|
|
@ -241,7 +218,7 @@ sub cmd_account_close($@)
|
|||
return -1;
|
||||
}
|
||||
|
||||
my $ldap = ldap_connect();
|
||||
my $ldap = LDAP::ldap_connect();
|
||||
|
||||
my $mesg = $ldap->search( # search
|
||||
base => "ou=users,dc=acu,dc=epita,dc=fr",
|
||||
|
|
@ -291,27 +268,24 @@ sub cmd_account_create($@)
|
|||
return 1;
|
||||
}
|
||||
|
||||
ldap_get_password();
|
||||
my $group = shift;
|
||||
my $uid = shift;
|
||||
my $firstname = shift;
|
||||
my $lastname = shift;
|
||||
my $pass = shift // "nopass";
|
||||
my $ldif = <<"EOF";
|
||||
dn: uid=$login,ou=$group,ou=users,dc=acu,dc=epita,dc=fr
|
||||
objectClass: epitaAccount
|
||||
cn: $firstname $lastname
|
||||
mail: $login\@epita.fr
|
||||
uid: $login
|
||||
uidNumber: $uid
|
||||
EOF
|
||||
|
||||
open(LDIF, "|-", "ldapadd -x -H '$ldapuri' -w '$bindsecret' -D '$binddn'") || do_err("error !\n");
|
||||
say LDIF $ldif;
|
||||
close(LDIF);
|
||||
my $ldap = LDAP::ldap_connect();
|
||||
my $mesg = $ldap->add( "uid=$login,ou=$group,ou=users,dc=acu,dc=epita,dc=fr",
|
||||
attrs => [
|
||||
objectclass => [ "top", "epitaAccount" ],
|
||||
uidNumber => shift,
|
||||
cn => shift(@_)." ".shift(@_),
|
||||
mail => "$login\@epita.fr",
|
||||
uid => $login,
|
||||
]
|
||||
);
|
||||
|
||||
if ($? == 0) {
|
||||
$ldap->unbind or die ("couldn't disconnect correctly");
|
||||
|
||||
if ($mesg->code == 0) {
|
||||
do_info("Account added: $login");
|
||||
my $pass = shift;
|
||||
return cmd_account($login, $pass) if ($pass ne "nopass");
|
||||
return 0;
|
||||
}
|
||||
|
|
@ -329,7 +303,7 @@ sub cmd_account_nopass($@)
|
|||
{
|
||||
my $login = shift;
|
||||
|
||||
my $ldap = ldap_connect();
|
||||
my $ldap = LDAP::ldap_connect();
|
||||
|
||||
my $mesg = $ldap->search( # search
|
||||
base => "ou=users,dc=acu,dc=epita,dc=fr",
|
||||
|
|
@ -459,7 +433,7 @@ sub cmd_account_password($@)
|
|||
|
||||
my $enc_password = "{SSHA}" . encode_base64($ctx->digest . $salt ,'');
|
||||
|
||||
my $ldap = ldap_connect();
|
||||
my $ldap = LDAP::ldap_connect();
|
||||
|
||||
my $mesg = $ldap->search( # search
|
||||
base => "ou=users,dc=acu,dc=epita,dc=fr",
|
||||
|
|
@ -494,7 +468,7 @@ sub cmd_account_reopen(@)
|
|||
return 1;
|
||||
}
|
||||
|
||||
my $ldap = ldap_connect();
|
||||
my $ldap = LDAP::ldap_connect();
|
||||
|
||||
my $mesg = $ldap->search( # search
|
||||
base => "ou=users,dc=acu,dc=epita,dc=fr",
|
||||
|
|
@ -562,8 +536,8 @@ sub cmd_account_multiple_vieworchange($$$@)
|
|||
}
|
||||
|
||||
my $ldap;
|
||||
$ldap = ldap_connect() if ($action ne "list");
|
||||
$ldap = ldap_connect_anon() if ($action eq "list");
|
||||
$ldap = LDAP::ldap_connect() if ($action ne "list");
|
||||
$ldap = LDAP::ldap_connect_anon() if ($action eq "list");
|
||||
my $mesg = $ldap->search( # search
|
||||
base => "ou=users,dc=acu,dc=epita,dc=fr",
|
||||
filter => "uid=$login",
|
||||
|
|
@ -643,8 +617,9 @@ sub cmd_account_vieworchange($$@)
|
|||
my $change = shift;
|
||||
|
||||
my $ldap;
|
||||
$ldap = ldap_connect() if ($change);
|
||||
$ldap = ldap_connect_anon() if (!$change);
|
||||
$ldap = LDAP::ldap_connect() if ($change);
|
||||
$ldap = LDAP::ldap_connect_anon() if (!$change);
|
||||
|
||||
my $mesg = $ldap->search( # search
|
||||
base => "ou=users,dc=acu,dc=epita,dc=fr",
|
||||
filter => "uid=$login",
|
||||
|
|
@ -678,7 +653,7 @@ sub cmd_account_view($@)
|
|||
{
|
||||
my $login = shift;
|
||||
|
||||
my $ldap = ldap_connect_anon();
|
||||
my $ldap = LDAP::ldap_connect_anon();
|
||||
|
||||
my $mesg = $ldap->search(base => "ou=users,dc=acu,dc=epita,dc=fr",
|
||||
filter => "uid=$login",
|
||||
|
|
@ -782,7 +757,7 @@ sub cmd_group_list(@)
|
|||
}
|
||||
|
||||
my $group = $ARGV[0];
|
||||
my $ldap = ldap_connect_anon();
|
||||
my $ldap = LDAP::ldap_connect_anon();
|
||||
if ($#ARGV == 0)
|
||||
{
|
||||
my $mesg = $ldap->search( # search a group
|
||||
|
|
@ -834,7 +809,7 @@ sub cmd_group_add(@)
|
|||
my $group = $ARGV[0];
|
||||
my $login = $ARGV[1];
|
||||
|
||||
my $ldap = ldap_connect();
|
||||
my $ldap = LDAP::ldap_connect();
|
||||
|
||||
my $mesg = $ldap->search( # search a group
|
||||
base => "cn=$group,ou=groups,dc=acu,dc=epita,dc=fr",
|
||||
|
|
@ -884,7 +859,7 @@ sub cmd_group_remove(@)
|
|||
my $group = $ARGV[0];
|
||||
my $login = $ARGV[1];
|
||||
|
||||
my $ldap = ldap_connect();
|
||||
my $ldap = LDAP::ldap_connect();
|
||||
|
||||
my $mesg = $ldap->search( # search a group
|
||||
base => "cn=$group,ou=groups,dc=acu,dc=epita,dc=fr",
|
||||
|
|
@ -929,51 +904,42 @@ sub cmd_group_remove(@)
|
|||
system('service nscd restart');
|
||||
}
|
||||
|
||||
sub cmd_group_create(@)
|
||||
sub cmd_group_create($$)
|
||||
{
|
||||
if ($#ARGV != 1)
|
||||
if ($#_ != 1)
|
||||
{
|
||||
do_usage ("<lpt> group create <yaka|acu> <year>");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
ldap_get_password();
|
||||
my $ldif = "";
|
||||
my $type = $ARGV[0];
|
||||
my $year = $ARGV[1];
|
||||
my $group = $type . $year;
|
||||
my $ldif_path = dirname(__FILE__) . "/base-group.ldif";
|
||||
|
||||
my $type = shift;
|
||||
my $year = shift;
|
||||
my $cn = $type . $year;
|
||||
my $gid;
|
||||
if ($type eq "acu")
|
||||
{
|
||||
if ($type eq "acu") {
|
||||
$gid = $year;
|
||||
}
|
||||
elsif ($type eq "yaka")
|
||||
{
|
||||
elsif ($type eq "yaka") {
|
||||
$gid = $year - 1000;
|
||||
}
|
||||
else
|
||||
{
|
||||
print "Error: type must be acu or yaka!";
|
||||
exit(1);
|
||||
else {
|
||||
do_err "Error: type must be acu or yaka!";
|
||||
}
|
||||
|
||||
open(TEMPLATE, $ldif_path) or do_err("unable to open template.");
|
||||
while (<TEMPLATE>)
|
||||
{
|
||||
$ldif = $ldif . $_;
|
||||
}
|
||||
my $ldap = LDAP::ldap_connect();
|
||||
|
||||
$ldif =~ s/\$gid/$gid/g;
|
||||
$ldif =~ s/\$group/$group/g;
|
||||
my $mesg = $ldap->add( "cn=$cn,ou=groups,dc=acu,dc=epita,dc=fr",
|
||||
attrs => [
|
||||
objectclass => "posixGroup",
|
||||
gidNumber => $gid,
|
||||
cn => $cn,
|
||||
]
|
||||
);
|
||||
if ($mesg->code != 0) { die $mesg->error; }
|
||||
|
||||
open(LDIF, ">/tmp/entry.ldif") || do_err("error !\n");
|
||||
print LDIF $ldif;
|
||||
close(LDIF);
|
||||
$ldap->unbind or die ("couldn't disconnect correctly");
|
||||
|
||||
system("ldapadd -x -h '$ldaphost' -w '$bindsecret' -D '$binddn' -f /tmp/entry.ldif") && do_err ("unable to add.");
|
||||
do_log("group added: $group");
|
||||
do_info "group added: $cn";
|
||||
}
|
||||
|
||||
sub cmd_group_delete(@)
|
||||
|
|
@ -1022,7 +988,7 @@ sub cmd_list_accounts(@)
|
|||
my $action = shift;
|
||||
|
||||
my $shellFalse = "/bin/false";
|
||||
my $ldap = ldap_connect();
|
||||
my $ldap = LDAP::ldap_connect();
|
||||
|
||||
if ($action eq "open")
|
||||
{
|
||||
|
|
@ -1114,7 +1080,7 @@ sub cmd_account_quota_view($@)
|
|||
{
|
||||
my $login = shift;
|
||||
|
||||
my $ldap = ldap_connect_anon();
|
||||
my $ldap = LDAP::ldap_connect_anon();
|
||||
my $mesg = $ldap->search(
|
||||
base => "ou=users,dc=acu,dc=epita,dc=fr",
|
||||
filter => "uid=$login",
|
||||
|
|
@ -1172,8 +1138,8 @@ sub cmd_account_quota_set($@)
|
|||
$quotaName .= "Block" if ($type eq "block");
|
||||
|
||||
my $ldap;
|
||||
$ldap = ldap_connect() if ($value);
|
||||
$ldap = ldap_connect_anon() if (!$value);
|
||||
$ldap = LDAP::ldap_connect() if ($value);
|
||||
$ldap = LDAP::ldap_connect_anon() if (!$value);
|
||||
my $mesg = $ldap->search( # search
|
||||
base => "ou=users,dc=acu,dc=epita,dc=fr",
|
||||
filter => "uid=$login",
|
||||
|
|
@ -1229,7 +1195,7 @@ sub cmd_account_quota_sync($;$)
|
|||
my $login = shift;
|
||||
my $nosync = shift;
|
||||
|
||||
my $ldap = ldap_connect_anon();
|
||||
my $ldap = LDAP::ldap_connect_anon();
|
||||
my $mesg = $ldap->search(
|
||||
base => "ou=users,dc=acu,dc=epita,dc=fr",
|
||||
filter => "(&(uid=$login)(objectClass=labAccount))",
|
||||
|
|
@ -1267,7 +1233,7 @@ sub cmd_account_quota_sync($;$)
|
|||
|
||||
sub cmd_sync_quota(@)
|
||||
{
|
||||
my $ldap = ldap_connect_anon();
|
||||
my $ldap = LDAP::ldap_connect_anon();
|
||||
my $mesg = $ldap->search(
|
||||
base => "ou=users,dc=acu,dc=epita,dc=fr",
|
||||
filter => "(objectClass=labAccount)",
|
||||
|
|
@ -1293,7 +1259,7 @@ sub get_ssh_keys_unprotected()
|
|||
{
|
||||
my %keys_unprotected = qw();
|
||||
|
||||
my $ldap = ldap_connect_anon();
|
||||
my $ldap = LDAP::ldap_connect_anon();
|
||||
my $mesg = $ldap->search(
|
||||
base => "ou=users,dc=acu,dc=epita,dc=fr",
|
||||
filter => "(objectClass=posixAccount)",
|
||||
|
|
@ -1349,7 +1315,7 @@ sub cmd_ssh_keys_without_passphrase_generic(@)
|
|||
my $func = shift;
|
||||
|
||||
my %keys_unprotected = get_ssh_keys_unprotected();
|
||||
my $ldap = ldap_connect_anon();
|
||||
my $ldap = LDAP::ldap_connect_anon();
|
||||
|
||||
foreach my $login (keys %keys_unprotected)
|
||||
{
|
||||
|
|
|
|||
Reference in a new issue