Refactoring LDAP package
This commit is contained in:
parent
34c7a6b6f0
commit
a3bd738b0f
272
ACU/LDAP.pm
272
ACU/LDAP.pm
@ -12,12 +12,25 @@ use Net::LDAP::Util qw(ldap_error_text);
|
|||||||
use ACU::Password;
|
use ACU::Password;
|
||||||
use ACU::Right;
|
use ACU::Right;
|
||||||
|
|
||||||
my $ldaphost = "ldap.acu.epita.fr";
|
## Connection functions
|
||||||
my $binddn = "cn=intra,dc=acu,dc=epita,dc=fr";
|
|
||||||
my $bindsecret = Password::get_password ".secret_ldap";
|
our $ldaphost = "ldap.acu.epita.fr";
|
||||||
|
our $binddn = "cn=intra,dc=acu,dc=epita,dc=fr";
|
||||||
|
my $bindsecret = "";
|
||||||
|
|
||||||
|
sub ldap_get_password
|
||||||
|
{
|
||||||
|
return Password::get_password ".secret_ldap";
|
||||||
|
}
|
||||||
|
|
||||||
|
our $secret_search = \&ldap_get_password;
|
||||||
|
|
||||||
sub ldap_connect()
|
sub ldap_connect()
|
||||||
{
|
{
|
||||||
|
if ($bindsecret eq "") {
|
||||||
|
$bindsecret = $secret_search->();
|
||||||
|
}
|
||||||
|
|
||||||
my $ldap = Net::LDAPS->new($ldaphost) or die ("$@");
|
my $ldap = Net::LDAPS->new($ldaphost) or die ("$@");
|
||||||
my $mesg = $ldap->bind($binddn, password => $bindsecret) or die ("$@");
|
my $mesg = $ldap->bind($binddn, password => $bindsecret) or die ("$@");
|
||||||
|
|
||||||
@ -40,36 +53,8 @@ sub ldap_connect_anon()
|
|||||||
return $ldap;
|
return $ldap;
|
||||||
}
|
}
|
||||||
|
|
||||||
sub add_attribute($$$)
|
|
||||||
{
|
|
||||||
my $dn = shift;
|
|
||||||
my $what = shift;
|
|
||||||
my $value = shift;
|
|
||||||
|
|
||||||
my $ldap = ldap_connect();
|
## High end functions
|
||||||
|
|
||||||
my $mesg = $ldap->search( # search
|
|
||||||
base => "$dn",
|
|
||||||
attrs => [ $what ],
|
|
||||||
scope => "base"
|
|
||||||
);
|
|
||||||
if ($mesg->code != 0) { die $mesg->error; }
|
|
||||||
if ($mesg->count != 1) { die "$dn not found or not a valid entry"; }
|
|
||||||
|
|
||||||
my @data = $mesg->entry(0)->get_value($what);
|
|
||||||
if (! grep(/^$value$/, @data)) {
|
|
||||||
push @data, $value;
|
|
||||||
$mesg->entry(0)->replace($what => \@data) or die $!;
|
|
||||||
$mesg->entry(0)->update($ldap) or die $!;
|
|
||||||
|
|
||||||
print "Add $what $value to $dn.";
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
print "$dn already has $what $value.";
|
|
||||||
}
|
|
||||||
|
|
||||||
$ldap->unbind or die ("couldn't disconnect correctly");
|
|
||||||
}
|
|
||||||
|
|
||||||
sub add_group($$;$)
|
sub add_group($$;$)
|
||||||
{
|
{
|
||||||
@ -83,6 +68,7 @@ sub add_group($$;$)
|
|||||||
|
|
||||||
my $mesg = $ldap->add( $dn,
|
my $mesg = $ldap->add( $dn,
|
||||||
attrs => [
|
attrs => [
|
||||||
|
objectclass => "intraGroup",
|
||||||
cn => $cn,
|
cn => $cn,
|
||||||
]
|
]
|
||||||
);
|
);
|
||||||
@ -93,80 +79,6 @@ sub add_group($$;$)
|
|||||||
return $dn;
|
return $dn;
|
||||||
}
|
}
|
||||||
|
|
||||||
sub delete_attribute($$$)
|
|
||||||
{
|
|
||||||
my $dn = shift;
|
|
||||||
my $what = shift;
|
|
||||||
my $value = shift;
|
|
||||||
|
|
||||||
my $ldap = ldap_connect();
|
|
||||||
|
|
||||||
my $mesg = $ldap->search( # search
|
|
||||||
base => "$dn",
|
|
||||||
attrs => [ $what ],
|
|
||||||
scope => "base"
|
|
||||||
);
|
|
||||||
if ($mesg->code != 0) { die $mesg->error; }
|
|
||||||
if ($mesg->count != 1) { die "$dn not found or not a valid entry"; }
|
|
||||||
|
|
||||||
my @data = $mesg->entry(0)->get_value($what);
|
|
||||||
if (! grep(/^$value$/, @data)) {
|
|
||||||
print "$dn has no $what $value.";
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
@data = grep(!/$value$/, @data);
|
|
||||||
|
|
||||||
$mesg->entry(0)->replace($what => \@data) or die $!;
|
|
||||||
$mesg->entry(0)->update($ldap) or die $!;
|
|
||||||
|
|
||||||
print "Delete $what $value to $dn.";
|
|
||||||
}
|
|
||||||
|
|
||||||
$ldap->unbind or die ("couldn't disconnect correctly");
|
|
||||||
}
|
|
||||||
|
|
||||||
sub delete_attributes($$$)
|
|
||||||
{
|
|
||||||
my $dn = shift;
|
|
||||||
my $what = shift;
|
|
||||||
my $values = shift;
|
|
||||||
|
|
||||||
my $ldap = ldap_connect();
|
|
||||||
|
|
||||||
my $mesg = $ldap->search( # search
|
|
||||||
base => "$dn",
|
|
||||||
attrs => [ $what ],
|
|
||||||
scope => "base"
|
|
||||||
);
|
|
||||||
if ($mesg->code != 0) { die $mesg->error; }
|
|
||||||
if ($mesg->count != 1) { die "$dn not found or not a valid entry"; }
|
|
||||||
|
|
||||||
my @data = $mesg->entry(0)->get_value($what);
|
|
||||||
for my $value ($values) {
|
|
||||||
if (! grep(/^$value$/, @data)) {
|
|
||||||
print "$dn has no $what $value.";
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
@data = grep(!/$value$/, @data);
|
|
||||||
|
|
||||||
print "Delete $what $value to $dn.";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
$mesg->entry(0)->replace($what => \@data) or die $!;
|
|
||||||
$mesg->entry(0)->update($ldap) or die $!;
|
|
||||||
|
|
||||||
$ldap->unbind or die ("couldn't disconnect correctly");
|
|
||||||
}
|
|
||||||
|
|
||||||
sub delete_entry($$;$)
|
|
||||||
{
|
|
||||||
my $ldap = ldap_connect();
|
|
||||||
|
|
||||||
$ldap->delete( shift );
|
|
||||||
|
|
||||||
$ldap->unbind or die ("couldn't disconnect correctly");
|
|
||||||
}
|
|
||||||
|
|
||||||
sub delete_group($$;$)
|
sub delete_group($$;$)
|
||||||
{
|
{
|
||||||
my $cn = shift;
|
my $cn = shift;
|
||||||
@ -188,87 +100,129 @@ sub delete_group($$;$)
|
|||||||
$ldap->unbind or die ("couldn't disconnect correctly");
|
$ldap->unbind or die ("couldn't disconnect correctly");
|
||||||
}
|
}
|
||||||
|
|
||||||
sub flush_attribute($$)
|
sub get_year(;$)
|
||||||
{
|
{
|
||||||
my $dn = shift;
|
my $ldap = shift // ldap_connect_anon();
|
||||||
my $what = shift;
|
|
||||||
|
|
||||||
my $ldap = ldap_connect();
|
return get_attribute($ldap, "cn=year,dc=acu,dc=epita,dc=fr", "year");
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
## Low level functions
|
||||||
|
|
||||||
|
sub get_dn($$@)
|
||||||
|
{
|
||||||
|
my $ldap = shift // ldap_connect();
|
||||||
|
my $dn = shift;
|
||||||
|
|
||||||
my $mesg = $ldap->search( # search
|
my $mesg = $ldap->search( # search
|
||||||
base => "$dn",
|
base => "$dn",
|
||||||
|
filter => "(objectClass=top)",
|
||||||
|
attrs => @_,
|
||||||
scope => "base"
|
scope => "base"
|
||||||
);
|
);
|
||||||
if ($mesg->code != 0) { die $mesg->error; }
|
if ($mesg->code != 0) { print $mesg->error; return undef; }
|
||||||
if ($mesg->count != 1) { die "$dn not found or not a valid entry"; }
|
if ($mesg->count != 1) { return undef; }
|
||||||
|
|
||||||
$ldap->modify($mesg->entry(0)->dn, delete => [$what]);
|
return $mesg->entry(0);
|
||||||
|
|
||||||
print "Flush $what for $dn.";
|
|
||||||
|
|
||||||
$ldap->unbind or die ("couldn't disconnect correctly");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
sub get_attribute($$)
|
sub add_attribute($$$@)
|
||||||
{
|
{
|
||||||
|
my $ldap = shift // ldap_connect();
|
||||||
my $dn = shift;
|
my $dn = shift;
|
||||||
my $what = shift;
|
my $what = shift;
|
||||||
|
|
||||||
my $ldap = ldap_connect();
|
my $mod = 0;
|
||||||
|
|
||||||
my $mesg = $ldap->search( # search
|
my $entry = get_dn($ldap, $dn, $what);
|
||||||
base => "$dn",
|
my @data = $entry->get_value($what);
|
||||||
attrs => [ $what ],
|
for my $value (@_)
|
||||||
scope => "sub"
|
{
|
||||||
);
|
if (! grep(/^$value$/, @data)) {
|
||||||
if ($mesg->code != 0) { die $mesg->error; }
|
$mod = 1;
|
||||||
if ($mesg->count != 1) { die "$dn not found or not a valid entry"; }
|
push @data, $value;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
$ldap->unbind or die ("couldn't disconnect correctly");
|
if ($mod)
|
||||||
|
{
|
||||||
return $mesg->entry(0)->get_value($what);
|
$entry->replace($what => \@data) or die $!;
|
||||||
|
$entry->update($ldap) or die $!;
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
sub get_year()
|
sub delete_attribute($$$@)
|
||||||
{
|
|
||||||
my $ldap = ldap_connect_anon();
|
|
||||||
|
|
||||||
my $mesg = $ldap->search( # search
|
|
||||||
base => "cn=year,dc=acu,dc=epita,dc=fr",
|
|
||||||
filter => "(cn=year)",
|
|
||||||
attrs => [ "year" ],
|
|
||||||
scope => "base"
|
|
||||||
);
|
|
||||||
if ($mesg->code != 0) { die $mesg->error; }
|
|
||||||
if ($mesg->count != 1) { die "Year not found or not a valid entry"; }
|
|
||||||
|
|
||||||
$ldap->unbind or die ("couldn't disconnect correctly");
|
|
||||||
|
|
||||||
return $mesg->entry(0)->get_value("year");
|
|
||||||
}
|
|
||||||
|
|
||||||
sub update_attribute($$$)
|
|
||||||
{
|
{
|
||||||
|
my $ldap = shift // ldap_connect();
|
||||||
my $dn = shift;
|
my $dn = shift;
|
||||||
my $what = shift;
|
my $what = shift;
|
||||||
my $value = shift;
|
|
||||||
|
|
||||||
my $ldap = ldap_connect();
|
my $mod = 0;
|
||||||
|
|
||||||
my $mesg = $ldap->search( # search
|
my $entry = get_dn($ldap, $dn, $what);
|
||||||
base => "$dn",
|
my @data = $entry->get_value($what);
|
||||||
attrs => [ $what ],
|
for my $value (@_)
|
||||||
scope => "sub"
|
{
|
||||||
);
|
if (grep(/^$value$/, @data)) {
|
||||||
if ($mesg->code != 0) { die $mesg->error; }
|
@data = grep(!/$value$/, @data);
|
||||||
if ($mesg->count != 1) { die "$dn not found or not a valid entry"; }
|
$mod = 1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
$mesg->entry(0)->replace($what => $value) or die $!;
|
if ($mod)
|
||||||
$mesg->entry(0)->update($ldap) or die $!;
|
{
|
||||||
|
$entry->replace($what => \@data) or die $!;
|
||||||
|
$entry->update($ldap) or die $!;
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
sub delete_entry($$)
|
||||||
|
{
|
||||||
|
my $ldap = shift // ldap_connect();
|
||||||
|
|
||||||
|
$ldap->delete( shift );
|
||||||
|
|
||||||
$ldap->unbind or die ("couldn't disconnect correctly");
|
$ldap->unbind or die ("couldn't disconnect correctly");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
sub flush_attribute($$@)
|
||||||
|
{
|
||||||
|
my $ldap = shift // ldap_connect();
|
||||||
|
my $dn = shift;
|
||||||
|
|
||||||
|
return !($ldap->modify($dn, delete => \@_)->code);
|
||||||
|
}
|
||||||
|
|
||||||
|
sub get_attribute($$$)
|
||||||
|
{
|
||||||
|
my $ldap = shift // ldap_connect();
|
||||||
|
my $dn = shift;
|
||||||
|
my $what = shift;
|
||||||
|
|
||||||
|
return get_dn($ldap, $dn, $what)->get_value($what);
|
||||||
|
}
|
||||||
|
|
||||||
|
sub update_attribute($$$@)
|
||||||
|
{
|
||||||
|
my $ldap = shift // ldap_connect();
|
||||||
|
my $dn = shift;
|
||||||
|
my $what = shift;
|
||||||
|
|
||||||
|
my $entry = get_dn($ldap, $dn, $what);
|
||||||
|
$entry->replace($what => \@_) or die $!;
|
||||||
|
$entry->update($ldap) or die $!;
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
sub has_right($$)
|
sub has_right($$)
|
||||||
{
|
{
|
||||||
|
@ -24,8 +24,9 @@ my %actions =
|
|||||||
"update" => \&group_update,
|
"update" => \&group_update,
|
||||||
);
|
);
|
||||||
|
|
||||||
sub group_new($$)
|
sub group_new($$$)
|
||||||
{
|
{
|
||||||
|
my $ldap = shift;
|
||||||
my $dn = shift;
|
my $dn = shift;
|
||||||
my $args = shift;
|
my $args = shift;
|
||||||
|
|
||||||
@ -38,8 +39,9 @@ sub group_new($$)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
sub group_add($$)
|
sub group_add($$$)
|
||||||
{
|
{
|
||||||
|
my $ldap = shift;
|
||||||
my $dn = shift;
|
my $dn = shift;
|
||||||
my $args = shift;
|
my $args = shift;
|
||||||
|
|
||||||
@ -51,23 +53,25 @@ sub group_add($$)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
sub group_delete($$)
|
sub group_delete($$$)
|
||||||
{
|
{
|
||||||
return LDAP::delete_entry(shift);
|
return LDAP::delete_entry($_[0], $_[1]);
|
||||||
}
|
}
|
||||||
|
|
||||||
sub group_flush($$)
|
sub group_flush($$)
|
||||||
{
|
{
|
||||||
|
my $ldap = shift;
|
||||||
my $dn = shift;
|
my $dn = shift;
|
||||||
my $args = shift;
|
my $args = shift;
|
||||||
|
|
||||||
my $cnt_type = group_get_type $args->{param};
|
my $cnt_type = group_get_type $args->{param};
|
||||||
|
|
||||||
return LDAP::flush_attribute($dn, $cnt_type);
|
return LDAP::flush_attribute($ldap, $dn, $cnt_type);
|
||||||
}
|
}
|
||||||
|
|
||||||
sub group_remove($$)
|
sub group_remove($$)
|
||||||
{
|
{
|
||||||
|
my $ldap = shift;
|
||||||
my $dn = shift;
|
my $dn = shift;
|
||||||
my $args = shift;
|
my $args = shift;
|
||||||
|
|
||||||
@ -78,11 +82,12 @@ sub group_remove($$)
|
|||||||
push @data, $i;
|
push @data, $i;
|
||||||
}
|
}
|
||||||
|
|
||||||
return LDAP::delete_attributes($dn, $cnt_type, \@data);
|
return LDAP::delete_attributes($ldap, $dn, $cnt_type, @data);
|
||||||
}
|
}
|
||||||
|
|
||||||
sub group_update($$)
|
sub group_update($$)
|
||||||
{
|
{
|
||||||
|
my $ldap = shift;
|
||||||
my $dn = shift;
|
my $dn = shift;
|
||||||
my $args = shift;
|
my $args = shift;
|
||||||
|
|
||||||
@ -93,7 +98,7 @@ sub group_update($$)
|
|||||||
push @data, $i;
|
push @data, $i;
|
||||||
}
|
}
|
||||||
|
|
||||||
LDAP::update_attribute($dn, $cnt_type, \@data);
|
LDAP::update_attribute($ldap, $dn, $cnt_type, @data);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -127,7 +132,11 @@ sub process
|
|||||||
return "Unknown command for update_group: ". $action;
|
return "Unknown command for update_group: ". $action;
|
||||||
}
|
}
|
||||||
|
|
||||||
return $actions{$action}($dn, $args);
|
my $ldap = LDAP::ldap_connect();
|
||||||
|
|
||||||
|
$actions{$action}($ldap, $dn, $args);
|
||||||
|
|
||||||
|
$ldap->unbind or print "couldn't disconnect correctly";
|
||||||
}
|
}
|
||||||
|
|
||||||
Process::register("update_group", \&process);
|
Process::register("update_group", \&process);
|
||||||
|
164
utils/lpt
164
utils/lpt
@ -18,18 +18,18 @@ use Quota;
|
|||||||
#use File::Basename;
|
#use File::Basename;
|
||||||
#use File::Find;
|
#use File::Find;
|
||||||
|
|
||||||
|
BEGIN {
|
||||||
|
push @INC, "../";
|
||||||
|
}
|
||||||
|
|
||||||
|
use ACU::LDAP;
|
||||||
|
|
||||||
###########################################################
|
###########################################################
|
||||||
# #
|
# #
|
||||||
# Global variables #
|
# Global variables #
|
||||||
# #
|
# #
|
||||||
###########################################################
|
###########################################################
|
||||||
|
|
||||||
my $ldaphost = "ldap.acu.epita.fr";
|
|
||||||
my $ldapuri = "ldaps://ldap.acu.epita.fr";
|
|
||||||
my $binddn = "cn=admin,dc=acu,dc=epita,dc=fr";
|
|
||||||
my $bindsecret = '';
|
|
||||||
my $login = "";
|
|
||||||
|
|
||||||
my $wksHomePrefix = "/home/";
|
my $wksHomePrefix = "/home/";
|
||||||
my $nfsHomePrefix = "/srv/nfs/accounts/";
|
my $nfsHomePrefix = "/srv/nfs/accounts/";
|
||||||
|
|
||||||
@ -147,6 +147,7 @@ my %cmds_list =
|
|||||||
|
|
||||||
sub ldap_get_password()
|
sub ldap_get_password()
|
||||||
{
|
{
|
||||||
|
my $bindsecret;
|
||||||
if (defined($ENV{'LDAP_PASSWORD'}) && $ENV{'LDAP_PASSWORD'} ne "")
|
if (defined($ENV{'LDAP_PASSWORD'}) && $ENV{'LDAP_PASSWORD'} ne "")
|
||||||
{
|
{
|
||||||
$bindsecret = $ENV{'LDAP_PASSWORD'};
|
$bindsecret = $ENV{'LDAP_PASSWORD'};
|
||||||
@ -168,35 +169,11 @@ sub ldap_get_password()
|
|||||||
print "\n";
|
print "\n";
|
||||||
|
|
||||||
chomp $bindsecret;
|
chomp $bindsecret;
|
||||||
|
return $bindsecret;
|
||||||
}
|
}
|
||||||
|
|
||||||
sub ldap_connect()
|
$LDAP::binddn = "cn=admin,dc=acu,dc=epita,dc=fr";
|
||||||
{
|
$LDAP::secret_search = \&ldap_get_password;
|
||||||
if ($bindsecret eq "") {
|
|
||||||
ldap_get_password();
|
|
||||||
}
|
|
||||||
|
|
||||||
my $ldap = Net::LDAPS->new($ldaphost) or do_err ("$@");
|
|
||||||
my $mesg = $ldap->bind($binddn, password => $bindsecret) or do_err ("$@");
|
|
||||||
|
|
||||||
if ($mesg->code) {
|
|
||||||
die "An error occurred: " .ldap_error_text($mesg->code)."\n";
|
|
||||||
}
|
|
||||||
|
|
||||||
return $ldap;
|
|
||||||
}
|
|
||||||
|
|
||||||
sub ldap_connect_anon()
|
|
||||||
{
|
|
||||||
my $ldap = Net::LDAPS->new($ldaphost) or do_err ("$@");
|
|
||||||
my $mesg = $ldap->bind or do_err ("$@");
|
|
||||||
|
|
||||||
if ($mesg->code) {
|
|
||||||
die "An error occurred: " .ldap_error_text($mesg->code)."\n";
|
|
||||||
}
|
|
||||||
|
|
||||||
return $ldap;
|
|
||||||
}
|
|
||||||
|
|
||||||
######################################
|
######################################
|
||||||
# #
|
# #
|
||||||
@ -241,7 +218,7 @@ sub cmd_account_close($@)
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
my $ldap = ldap_connect();
|
my $ldap = LDAP::ldap_connect();
|
||||||
|
|
||||||
my $mesg = $ldap->search( # search
|
my $mesg = $ldap->search( # search
|
||||||
base => "ou=users,dc=acu,dc=epita,dc=fr",
|
base => "ou=users,dc=acu,dc=epita,dc=fr",
|
||||||
@ -291,27 +268,24 @@ sub cmd_account_create($@)
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
ldap_get_password();
|
|
||||||
my $group = shift;
|
my $group = shift;
|
||||||
my $uid = shift;
|
|
||||||
my $firstname = shift;
|
|
||||||
my $lastname = shift;
|
|
||||||
my $pass = shift // "nopass";
|
|
||||||
my $ldif = <<"EOF";
|
|
||||||
dn: uid=$login,ou=$group,ou=users,dc=acu,dc=epita,dc=fr
|
|
||||||
objectClass: epitaAccount
|
|
||||||
cn: $firstname $lastname
|
|
||||||
mail: $login\@epita.fr
|
|
||||||
uid: $login
|
|
||||||
uidNumber: $uid
|
|
||||||
EOF
|
|
||||||
|
|
||||||
open(LDIF, "|-", "ldapadd -x -H '$ldapuri' -w '$bindsecret' -D '$binddn'") || do_err("error !\n");
|
my $ldap = LDAP::ldap_connect();
|
||||||
say LDIF $ldif;
|
my $mesg = $ldap->add( "uid=$login,ou=$group,ou=users,dc=acu,dc=epita,dc=fr",
|
||||||
close(LDIF);
|
attrs => [
|
||||||
|
objectclass => [ "top", "epitaAccount" ],
|
||||||
|
uidNumber => shift,
|
||||||
|
cn => shift(@_)." ".shift(@_),
|
||||||
|
mail => "$login\@epita.fr",
|
||||||
|
uid => $login,
|
||||||
|
]
|
||||||
|
);
|
||||||
|
|
||||||
if ($? == 0) {
|
$ldap->unbind or die ("couldn't disconnect correctly");
|
||||||
|
|
||||||
|
if ($mesg->code == 0) {
|
||||||
do_info("Account added: $login");
|
do_info("Account added: $login");
|
||||||
|
my $pass = shift;
|
||||||
return cmd_account($login, $pass) if ($pass ne "nopass");
|
return cmd_account($login, $pass) if ($pass ne "nopass");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@ -329,7 +303,7 @@ sub cmd_account_nopass($@)
|
|||||||
{
|
{
|
||||||
my $login = shift;
|
my $login = shift;
|
||||||
|
|
||||||
my $ldap = ldap_connect();
|
my $ldap = LDAP::ldap_connect();
|
||||||
|
|
||||||
my $mesg = $ldap->search( # search
|
my $mesg = $ldap->search( # search
|
||||||
base => "ou=users,dc=acu,dc=epita,dc=fr",
|
base => "ou=users,dc=acu,dc=epita,dc=fr",
|
||||||
@ -459,7 +433,7 @@ sub cmd_account_password($@)
|
|||||||
|
|
||||||
my $enc_password = "{SSHA}" . encode_base64($ctx->digest . $salt ,'');
|
my $enc_password = "{SSHA}" . encode_base64($ctx->digest . $salt ,'');
|
||||||
|
|
||||||
my $ldap = ldap_connect();
|
my $ldap = LDAP::ldap_connect();
|
||||||
|
|
||||||
my $mesg = $ldap->search( # search
|
my $mesg = $ldap->search( # search
|
||||||
base => "ou=users,dc=acu,dc=epita,dc=fr",
|
base => "ou=users,dc=acu,dc=epita,dc=fr",
|
||||||
@ -494,7 +468,7 @@ sub cmd_account_reopen(@)
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
my $ldap = ldap_connect();
|
my $ldap = LDAP::ldap_connect();
|
||||||
|
|
||||||
my $mesg = $ldap->search( # search
|
my $mesg = $ldap->search( # search
|
||||||
base => "ou=users,dc=acu,dc=epita,dc=fr",
|
base => "ou=users,dc=acu,dc=epita,dc=fr",
|
||||||
@ -562,8 +536,8 @@ sub cmd_account_multiple_vieworchange($$$@)
|
|||||||
}
|
}
|
||||||
|
|
||||||
my $ldap;
|
my $ldap;
|
||||||
$ldap = ldap_connect() if ($action ne "list");
|
$ldap = LDAP::ldap_connect() if ($action ne "list");
|
||||||
$ldap = ldap_connect_anon() if ($action eq "list");
|
$ldap = LDAP::ldap_connect_anon() if ($action eq "list");
|
||||||
my $mesg = $ldap->search( # search
|
my $mesg = $ldap->search( # search
|
||||||
base => "ou=users,dc=acu,dc=epita,dc=fr",
|
base => "ou=users,dc=acu,dc=epita,dc=fr",
|
||||||
filter => "uid=$login",
|
filter => "uid=$login",
|
||||||
@ -643,8 +617,9 @@ sub cmd_account_vieworchange($$@)
|
|||||||
my $change = shift;
|
my $change = shift;
|
||||||
|
|
||||||
my $ldap;
|
my $ldap;
|
||||||
$ldap = ldap_connect() if ($change);
|
$ldap = LDAP::ldap_connect() if ($change);
|
||||||
$ldap = ldap_connect_anon() if (!$change);
|
$ldap = LDAP::ldap_connect_anon() if (!$change);
|
||||||
|
|
||||||
my $mesg = $ldap->search( # search
|
my $mesg = $ldap->search( # search
|
||||||
base => "ou=users,dc=acu,dc=epita,dc=fr",
|
base => "ou=users,dc=acu,dc=epita,dc=fr",
|
||||||
filter => "uid=$login",
|
filter => "uid=$login",
|
||||||
@ -678,7 +653,7 @@ sub cmd_account_view($@)
|
|||||||
{
|
{
|
||||||
my $login = shift;
|
my $login = shift;
|
||||||
|
|
||||||
my $ldap = ldap_connect_anon();
|
my $ldap = LDAP::ldap_connect_anon();
|
||||||
|
|
||||||
my $mesg = $ldap->search(base => "ou=users,dc=acu,dc=epita,dc=fr",
|
my $mesg = $ldap->search(base => "ou=users,dc=acu,dc=epita,dc=fr",
|
||||||
filter => "uid=$login",
|
filter => "uid=$login",
|
||||||
@ -782,7 +757,7 @@ sub cmd_group_list(@)
|
|||||||
}
|
}
|
||||||
|
|
||||||
my $group = $ARGV[0];
|
my $group = $ARGV[0];
|
||||||
my $ldap = ldap_connect_anon();
|
my $ldap = LDAP::ldap_connect_anon();
|
||||||
if ($#ARGV == 0)
|
if ($#ARGV == 0)
|
||||||
{
|
{
|
||||||
my $mesg = $ldap->search( # search a group
|
my $mesg = $ldap->search( # search a group
|
||||||
@ -834,7 +809,7 @@ sub cmd_group_add(@)
|
|||||||
my $group = $ARGV[0];
|
my $group = $ARGV[0];
|
||||||
my $login = $ARGV[1];
|
my $login = $ARGV[1];
|
||||||
|
|
||||||
my $ldap = ldap_connect();
|
my $ldap = LDAP::ldap_connect();
|
||||||
|
|
||||||
my $mesg = $ldap->search( # search a group
|
my $mesg = $ldap->search( # search a group
|
||||||
base => "cn=$group,ou=groups,dc=acu,dc=epita,dc=fr",
|
base => "cn=$group,ou=groups,dc=acu,dc=epita,dc=fr",
|
||||||
@ -884,7 +859,7 @@ sub cmd_group_remove(@)
|
|||||||
my $group = $ARGV[0];
|
my $group = $ARGV[0];
|
||||||
my $login = $ARGV[1];
|
my $login = $ARGV[1];
|
||||||
|
|
||||||
my $ldap = ldap_connect();
|
my $ldap = LDAP::ldap_connect();
|
||||||
|
|
||||||
my $mesg = $ldap->search( # search a group
|
my $mesg = $ldap->search( # search a group
|
||||||
base => "cn=$group,ou=groups,dc=acu,dc=epita,dc=fr",
|
base => "cn=$group,ou=groups,dc=acu,dc=epita,dc=fr",
|
||||||
@ -929,51 +904,42 @@ sub cmd_group_remove(@)
|
|||||||
system('service nscd restart');
|
system('service nscd restart');
|
||||||
}
|
}
|
||||||
|
|
||||||
sub cmd_group_create(@)
|
sub cmd_group_create($$)
|
||||||
{
|
{
|
||||||
if ($#ARGV != 1)
|
if ($#_ != 1)
|
||||||
{
|
{
|
||||||
do_usage ("<lpt> group create <yaka|acu> <year>");
|
do_usage ("<lpt> group create <yaka|acu> <year>");
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
ldap_get_password();
|
my $type = shift;
|
||||||
my $ldif = "";
|
my $year = shift;
|
||||||
my $type = $ARGV[0];
|
my $cn = $type . $year;
|
||||||
my $year = $ARGV[1];
|
|
||||||
my $group = $type . $year;
|
|
||||||
my $ldif_path = dirname(__FILE__) . "/base-group.ldif";
|
|
||||||
|
|
||||||
my $gid;
|
my $gid;
|
||||||
if ($type eq "acu")
|
if ($type eq "acu") {
|
||||||
{
|
|
||||||
$gid = $year;
|
$gid = $year;
|
||||||
}
|
}
|
||||||
elsif ($type eq "yaka")
|
elsif ($type eq "yaka") {
|
||||||
{
|
|
||||||
$gid = $year - 1000;
|
$gid = $year - 1000;
|
||||||
}
|
}
|
||||||
else
|
else {
|
||||||
{
|
do_err "Error: type must be acu or yaka!";
|
||||||
print "Error: type must be acu or yaka!";
|
|
||||||
exit(1);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
open(TEMPLATE, $ldif_path) or do_err("unable to open template.");
|
my $ldap = LDAP::ldap_connect();
|
||||||
while (<TEMPLATE>)
|
|
||||||
{
|
|
||||||
$ldif = $ldif . $_;
|
|
||||||
}
|
|
||||||
|
|
||||||
$ldif =~ s/\$gid/$gid/g;
|
my $mesg = $ldap->add( "cn=$cn,ou=groups,dc=acu,dc=epita,dc=fr",
|
||||||
$ldif =~ s/\$group/$group/g;
|
attrs => [
|
||||||
|
objectclass => "posixGroup",
|
||||||
|
gidNumber => $gid,
|
||||||
|
cn => $cn,
|
||||||
|
]
|
||||||
|
);
|
||||||
|
if ($mesg->code != 0) { die $mesg->error; }
|
||||||
|
|
||||||
open(LDIF, ">/tmp/entry.ldif") || do_err("error !\n");
|
$ldap->unbind or die ("couldn't disconnect correctly");
|
||||||
print LDIF $ldif;
|
|
||||||
close(LDIF);
|
|
||||||
|
|
||||||
system("ldapadd -x -h '$ldaphost' -w '$bindsecret' -D '$binddn' -f /tmp/entry.ldif") && do_err ("unable to add.");
|
do_info "group added: $cn";
|
||||||
do_log("group added: $group");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
sub cmd_group_delete(@)
|
sub cmd_group_delete(@)
|
||||||
@ -1022,7 +988,7 @@ sub cmd_list_accounts(@)
|
|||||||
my $action = shift;
|
my $action = shift;
|
||||||
|
|
||||||
my $shellFalse = "/bin/false";
|
my $shellFalse = "/bin/false";
|
||||||
my $ldap = ldap_connect();
|
my $ldap = LDAP::ldap_connect();
|
||||||
|
|
||||||
if ($action eq "open")
|
if ($action eq "open")
|
||||||
{
|
{
|
||||||
@ -1114,7 +1080,7 @@ sub cmd_account_quota_view($@)
|
|||||||
{
|
{
|
||||||
my $login = shift;
|
my $login = shift;
|
||||||
|
|
||||||
my $ldap = ldap_connect_anon();
|
my $ldap = LDAP::ldap_connect_anon();
|
||||||
my $mesg = $ldap->search(
|
my $mesg = $ldap->search(
|
||||||
base => "ou=users,dc=acu,dc=epita,dc=fr",
|
base => "ou=users,dc=acu,dc=epita,dc=fr",
|
||||||
filter => "uid=$login",
|
filter => "uid=$login",
|
||||||
@ -1172,8 +1138,8 @@ sub cmd_account_quota_set($@)
|
|||||||
$quotaName .= "Block" if ($type eq "block");
|
$quotaName .= "Block" if ($type eq "block");
|
||||||
|
|
||||||
my $ldap;
|
my $ldap;
|
||||||
$ldap = ldap_connect() if ($value);
|
$ldap = LDAP::ldap_connect() if ($value);
|
||||||
$ldap = ldap_connect_anon() if (!$value);
|
$ldap = LDAP::ldap_connect_anon() if (!$value);
|
||||||
my $mesg = $ldap->search( # search
|
my $mesg = $ldap->search( # search
|
||||||
base => "ou=users,dc=acu,dc=epita,dc=fr",
|
base => "ou=users,dc=acu,dc=epita,dc=fr",
|
||||||
filter => "uid=$login",
|
filter => "uid=$login",
|
||||||
@ -1229,7 +1195,7 @@ sub cmd_account_quota_sync($;$)
|
|||||||
my $login = shift;
|
my $login = shift;
|
||||||
my $nosync = shift;
|
my $nosync = shift;
|
||||||
|
|
||||||
my $ldap = ldap_connect_anon();
|
my $ldap = LDAP::ldap_connect_anon();
|
||||||
my $mesg = $ldap->search(
|
my $mesg = $ldap->search(
|
||||||
base => "ou=users,dc=acu,dc=epita,dc=fr",
|
base => "ou=users,dc=acu,dc=epita,dc=fr",
|
||||||
filter => "(&(uid=$login)(objectClass=labAccount))",
|
filter => "(&(uid=$login)(objectClass=labAccount))",
|
||||||
@ -1267,7 +1233,7 @@ sub cmd_account_quota_sync($;$)
|
|||||||
|
|
||||||
sub cmd_sync_quota(@)
|
sub cmd_sync_quota(@)
|
||||||
{
|
{
|
||||||
my $ldap = ldap_connect_anon();
|
my $ldap = LDAP::ldap_connect_anon();
|
||||||
my $mesg = $ldap->search(
|
my $mesg = $ldap->search(
|
||||||
base => "ou=users,dc=acu,dc=epita,dc=fr",
|
base => "ou=users,dc=acu,dc=epita,dc=fr",
|
||||||
filter => "(objectClass=labAccount)",
|
filter => "(objectClass=labAccount)",
|
||||||
@ -1293,7 +1259,7 @@ sub get_ssh_keys_unprotected()
|
|||||||
{
|
{
|
||||||
my %keys_unprotected = qw();
|
my %keys_unprotected = qw();
|
||||||
|
|
||||||
my $ldap = ldap_connect_anon();
|
my $ldap = LDAP::ldap_connect_anon();
|
||||||
my $mesg = $ldap->search(
|
my $mesg = $ldap->search(
|
||||||
base => "ou=users,dc=acu,dc=epita,dc=fr",
|
base => "ou=users,dc=acu,dc=epita,dc=fr",
|
||||||
filter => "(objectClass=posixAccount)",
|
filter => "(objectClass=posixAccount)",
|
||||||
@ -1349,7 +1315,7 @@ sub cmd_ssh_keys_without_passphrase_generic(@)
|
|||||||
my $func = shift;
|
my $func = shift;
|
||||||
|
|
||||||
my %keys_unprotected = get_ssh_keys_unprotected();
|
my %keys_unprotected = get_ssh_keys_unprotected();
|
||||||
my $ldap = ldap_connect_anon();
|
my $ldap = LDAP::ldap_connect_anon();
|
||||||
|
|
||||||
foreach my $login (keys %keys_unprotected)
|
foreach my $login (keys %keys_unprotected)
|
||||||
{
|
{
|
||||||
|
Reference in New Issue
Block a user