1 | package LATMOS::Accounts::Bases::Ad::objects; |
---|
2 | |
---|
3 | use 5.010000; |
---|
4 | use strict; |
---|
5 | use warnings; |
---|
6 | |
---|
7 | use base qw(LATMOS::Accounts::Bases::Objects); |
---|
8 | use Net::LDAP; |
---|
9 | use Net::LDAP::Entry; |
---|
10 | use Net::LDAP::Control::Paged; |
---|
11 | use Net::LDAP::Constant qw( LDAP_CONTROL_PAGED ); |
---|
12 | use Net::LDAP::Util qw( escape_filter_value ); |
---|
13 | |
---|
14 | our $VERSION = (q$Rev$ =~ /^Rev: (\d+) /)[0]; |
---|
15 | |
---|
16 | =head1 NAME |
---|
17 | |
---|
18 | LATMOS::Ad - Perl extension for blah blah blah |
---|
19 | |
---|
20 | =head1 SYNOPSIS |
---|
21 | |
---|
22 | use LATMOS::Ad; |
---|
23 | blah blah blah |
---|
24 | |
---|
25 | =head1 DESCRIPTION |
---|
26 | |
---|
27 | Stub documentation for LATMOS::Ad, created by h2xs. It looks like the |
---|
28 | author of the extension was negligent enough to leave the stub |
---|
29 | unedited. |
---|
30 | |
---|
31 | Blah blah blah. |
---|
32 | |
---|
33 | =head1 FUNCTIONS |
---|
34 | |
---|
35 | =cut |
---|
36 | |
---|
37 | sub list { |
---|
38 | my ($class, $base) = @_; |
---|
39 | |
---|
40 | my @uids; |
---|
41 | eval { |
---|
42 | my $xx = $base->_unlimited_search( |
---|
43 | attrs => [ $class->_key_attr ], |
---|
44 | base => $base->top_dn, |
---|
45 | filter => $class->_class_filter, |
---|
46 | callback => sub { |
---|
47 | my ($mesg, $entry) = @_; |
---|
48 | $mesg->code and die $mesg->error; |
---|
49 | $entry or return; |
---|
50 | ref $entry eq 'Net::LDAP::Entry' or return; |
---|
51 | push(@uids, $entry->get_value( $class->_key_attr )); |
---|
52 | }, |
---|
53 | ); |
---|
54 | }; |
---|
55 | |
---|
56 | return @uids; |
---|
57 | |
---|
58 | } |
---|
59 | |
---|
60 | sub _get_field_name { |
---|
61 | my ($self, $field, $base, $for) = @_; |
---|
62 | |
---|
63 | my %fields = map { $_ => 1 } $self->_canonical_fields($base, $for); |
---|
64 | |
---|
65 | return $fields{$field} ? $field : undef; |
---|
66 | } |
---|
67 | |
---|
68 | sub new { |
---|
69 | my ($class, $base, $uid) = @_; |
---|
70 | |
---|
71 | my $mesg = $base->ldap->search( |
---|
72 | filter => sprintf( |
---|
73 | '(&%s (%s=%s))', |
---|
74 | $class->_class_filter, |
---|
75 | $class->_key_attr, |
---|
76 | escape_filter_value($uid), |
---|
77 | ), |
---|
78 | base => $base->top_dn, |
---|
79 | ); |
---|
80 | |
---|
81 | $mesg->code and return; |
---|
82 | |
---|
83 | my ($entry, @others) = $mesg->entries; |
---|
84 | |
---|
85 | return if(@others); # we cannot have multiple entries... |
---|
86 | return if (!$entry); |
---|
87 | bless({ entry => $entry }, $class); |
---|
88 | } |
---|
89 | |
---|
90 | sub ldap { |
---|
91 | return $_[0]->base->{_ldap}; |
---|
92 | } |
---|
93 | |
---|
94 | sub get_field { |
---|
95 | my ($self, $field) = @_; |
---|
96 | |
---|
97 | $field eq 'dn' and return $self->{entry}->dn; |
---|
98 | return $self->{entry}->get_value($field); |
---|
99 | } |
---|
100 | |
---|
101 | sub _populate_entry { |
---|
102 | my ($self, $entry, $field, $value) = @_; |
---|
103 | $entry->replace($field, $value); |
---|
104 | } |
---|
105 | |
---|
106 | sub set_fields { |
---|
107 | my ($self, %fields) = @_; |
---|
108 | |
---|
109 | foreach (keys %fields) { |
---|
110 | $self->get_field_name($_, 'w') or return; |
---|
111 | $self->_populate_entry($self->{entry}, $_, $fields{$_}); |
---|
112 | } |
---|
113 | |
---|
114 | my $mesg = $self->{entry}->update($self->base->ldap); |
---|
115 | |
---|
116 | if ($mesg->code) { |
---|
117 | warn $mesg->error; |
---|
118 | return; |
---|
119 | } else { return 1 } |
---|
120 | } |
---|
121 | |
---|
122 | sub get_group_users { |
---|
123 | my ($self, $groupname, @searchargs) = @_; |
---|
124 | my $gr = $self->get_group($groupname, attrs => [ qw(cn member) ]); |
---|
125 | |
---|
126 | my @res; |
---|
127 | foreach my $dnu (@{ $gr->get_value('member', asref => 1) || [] }) { |
---|
128 | my $mesg = $self->search( |
---|
129 | filter => '(objectClass=*)', # TODO can we get something else than user ? |
---|
130 | @searchargs, |
---|
131 | base => $dnu, |
---|
132 | ); |
---|
133 | |
---|
134 | $mesg->code and return; # ensure error is propagate here |
---|
135 | foreach my $entry ($mesg->entries) { |
---|
136 | push(@res, $entry); |
---|
137 | } |
---|
138 | } |
---|
139 | @res |
---|
140 | } |
---|
141 | |
---|
142 | sub get_user_groups { |
---|
143 | my ($self, $username, @searchargs) = @_; |
---|
144 | my $user = $self->get_user($username); |
---|
145 | |
---|
146 | my @res; |
---|
147 | $self->unlimited_search( |
---|
148 | base => $self->top_dn, |
---|
149 | filter => sprintf( |
---|
150 | '(&(objectClass=group)(member=%s))', |
---|
151 | escape_filter_value($user->dn), |
---|
152 | ), |
---|
153 | @searchargs, |
---|
154 | callback => sub { |
---|
155 | my ($mesg, $entry) = @_; |
---|
156 | ref $entry eq 'Net::LDAP::Entry' or return; |
---|
157 | push(@res, $entry); |
---|
158 | }, |
---|
159 | ); |
---|
160 | |
---|
161 | @res |
---|
162 | } |
---|
163 | |
---|
164 | sub add_user_group { |
---|
165 | my ($self, $username, $groupname) = @_; |
---|
166 | |
---|
167 | my $user = $self->get_user($username) or return; |
---|
168 | my $group = $self->get_group($groupname) or return; |
---|
169 | |
---|
170 | $group->add(member => $user->dn); |
---|
171 | |
---|
172 | my $mesg = $group->update($self); |
---|
173 | if ($mesg->code) { |
---|
174 | warn $mesg->error; |
---|
175 | return; |
---|
176 | } else { return 1 }; |
---|
177 | } |
---|
178 | |
---|
179 | 1; |
---|
180 | |
---|
181 | __END__ |
---|
182 | |
---|
183 | =head1 SEE ALSO |
---|
184 | |
---|
185 | =head1 AUTHOR |
---|
186 | |
---|
187 | Olivier Thauvin, E<lt>olivier.thauvin@aerov.jussieu.frE<gt> |
---|
188 | |
---|
189 | =head1 COPYRIGHT AND LICENSE |
---|
190 | |
---|
191 | Copyright (C) 2008 CNRS SA/CETP/LATMOS |
---|
192 | |
---|
193 | This library is free software; you can redistribute it and/or modify |
---|
194 | it under the same terms as Perl itself, either Perl version 5.10.0 or, |
---|
195 | at your option, any later version of Perl 5 you may have available. |
---|
196 | |
---|
197 | |
---|
198 | =cut |
---|