Changeset 289 for LATMOS-Accounts/lib/LATMOS/Accounts
- Timestamp:
- 07/27/09 18:05:53 (15 years ago)
- Location:
- LATMOS-Accounts/lib/LATMOS/Accounts/Bases
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
LATMOS-Accounts/lib/LATMOS/Accounts/Bases/Ad.pm
r287 r289 5 5 use warnings; 6 6 7 use base qw(LATMOS::Accounts::Bases );7 use base qw(LATMOS::Accounts::Bases::Ldap); 8 8 use Net::LDAP; 9 9 use Net::LDAP::Entry; … … 85 85 } 86 86 87 sub param {88 my ($self, $var) = @_;89 return $self->{_param}{$var}90 }91 92 sub object_base_dn {93 my ($self, $otype) = @_;94 return join(',',95 ($self->param($otype . '_container') || 'cn=Users'),96 $self->top_dn,97 );98 }99 100 87 sub load { 101 88 my ($self) = @_; … … 137 124 } 138 125 139 sub _ldap_url {140 my ($self, $host, $port) = @_;141 142 sprintf(143 '%s://%s%s/',144 $self->{_ssl} ? 'ldaps' : 'ldap',145 $host,146 $port ? ":$port" : '',147 )148 }149 150 126 sub _query_zone_ads { 151 127 my ($self) = @_; … … 154 130 155 131 my $resolver = Net::DNS::Resolver->new; 156 my $query = $resolver->query("_ldap._tcp.dc._msdcs." . $self->ad_domain, "SRV"); 132 my $query = $resolver->query("_ldap._tcp.dc._msdcs." . $self->ad_domain, 133 "SRV") or return; 157 134 foreach my $rr ( 158 135 sort { $a->priority <=> $b->priority || $a->weight <=> $b->weight } … … 162 139 163 140 @urllist 164 }165 166 sub ldap {167 return $_[0]->{_ldap};168 }169 170 =head2 top_dn171 172 Return the TOP DN of the AD zone.173 174 =cut175 176 sub top_dn {177 return $_[0]->{_top_dn}178 141 } 179 142 … … 186 149 sub ad_domain { 187 150 return $_[0]->{_ad_domain} 188 }189 190 # _unlimited_search191 192 # By default, ldap servers limit results to avoid deni of services.193 # LDAP protocol provide a paging feature to fetch all results.194 195 #This function works like Net::LDAP::search functions, but return nothing,196 #use "callback" option to get entries.197 198 sub _unlimited_search {199 my $self = shift;200 my @args = @_;201 202 my ($page, $cookie) = (Net::LDAP::Control::Paged->new( size => 100 ));203 204 while (1) {205 my $search = $self->ldap->search(206 @args,207 control => [ $page ],208 );209 if ($search->code) {210 return $search;211 }212 213 ### After foreach loops ends, client checks LDAP server reponse of how many search results total.214 ### This is a control to end the infinite while loop if there are no search results to go through215 ### If there are search results, this control will always return the total number of results. It is216 ### never decremented217 my ($resp) = $search->control( LDAP_CONTROL_PAGED ) or last;218 219 220 ### Obtaining the cookie from the search result. When no more results, cookie will be NULL221 ### and infinite while loop will terminate.222 $cookie = $resp->cookie or last;223 224 ### Sets cookie so server knows the next search result to send225 $page->cookie($cookie);226 }227 ### This is a control to check for abnormal exit of the while loop.228 ### If this occurs ### we need to tell the LDAP server that remaining229 ### search results are no longer needed ### by sending a search request with a page size of 0230 if ($cookie) {231 $page->cookie($cookie);232 $page->size(0);233 $self->ldap->search(@args, control => [ $page ]);234 }235 return 1;236 }237 238 # _get_object_from_dn($dn)239 #240 # Return Net::LDAP::Entry for $dn241 242 sub _get_object_from_dn {243 my ($self, $dn) = @_;244 245 my $mesg = $self->ldap->search(246 base => $dn,247 scope => 'base',248 filter => '(objectClass=*)',249 );250 if ($mesg->code) {251 $self->log(LA_ERR, "Cannot get object: %s", $mesg->error);252 return;253 }254 255 return ($mesg->entries)[0];256 151 } 257 152 -
LATMOS-Accounts/lib/LATMOS/Accounts/Bases/Ad/objects.pm
r279 r289 5 5 use warnings; 6 6 7 use base qw(LATMOS::Accounts::Bases:: Objects);7 use base qw(LATMOS::Accounts::Bases::Ldap::objects); 8 8 use Net::LDAP; 9 9 use Net::LDAP::Entry; … … 36 36 =cut 37 37 38 sub list {39 my ($class, $base) = @_;40 41 my @uids;42 eval {43 my $xx = $base->_unlimited_search(44 attrs => [ $class->_key_attr ],45 base => $base->object_base_dn($class->type),46 filter => $class->_class_filter,47 callback => sub {48 my ($mesg, $entry) = @_;49 #$mesg->code and die $mesg->error;50 $entry or return;51 ref $entry eq 'Net::LDAP::Entry' or return;52 push(@uids, $entry->get_value( $class->_key_attr ));53 },54 );55 };56 57 return @uids;58 59 }60 61 sub _get_field_name {62 my ($self, $field, $base, $for) = @_;63 64 my %fields = map { $_ => 1 } $self->_canonical_fields($base, $for);65 66 return $fields{$field} ? $field : undef;67 }68 69 sub new {70 my ($class, $base, $uid) = @_;71 72 my $mesg = $base->ldap->search(73 filter => sprintf(74 '(&%s (%s=%s))',75 $class->_class_filter,76 $class->_key_attr,77 escape_filter_value($uid),78 ),79 base => $base->object_base_dn($class->type),80 );81 82 $mesg->code and return;83 84 my ($entry, @others) = $mesg->entries;85 86 return if(@others); # we cannot have multiple entries...87 return if (!$entry);88 bless({ entry => $entry, _base => $base, _id => $uid }, $class);89 }90 91 sub _delete {92 my ($class, $base, $uid) = @_;93 my $obj = $class->new($base, $uid) or return;94 95 my $mesg = $base->ldap->delete($obj->{entry}->dn);96 97 if ($mesg->code) {98 $base->log(LA_ERR, "Cannot delete object %s: %s", $uid, $mesg->error);99 return;100 } else {101 $base->log(LA_INFO, "Object (%s) %s delete", $class->type, $uid);102 return 1103 }104 }105 106 sub ldap {107 return $_[0]->base->{_ldap};108 }109 110 sub get_field {111 my ($self, $field) = @_;112 113 $field eq 'dn' and return $self->{entry}->dn;114 my ($first, @others) = $self->{entry}->get_value($field);115 return @others ? [ sort($first, @others) ] : $first;116 }117 118 sub _populate_entry {119 my ($self, $entry, $field, $value) = @_;120 my $val = $entry->get_value($field);121 my $tr = join(', ', map { $_ || '' } ($field, $val, $value));122 if ($value) {123 if ((!$val) || $val ne $value) {124 $entry->replace($field, $value);125 }126 } elsif($val) {127 $entry->delete($field);128 }129 }130 131 sub set_fields {132 my ($self, %fields) = @_;133 134 foreach (keys %fields) {135 $self->get_field_name($_, 'w') or next;136 $self->_populate_entry($self->{entry}, $_, $fields{$_});137 }138 139 my $mesg = $self->{entry}->update($self->base->ldap);140 141 if ($mesg->code && $mesg->code != 82) {142 $self->base(LA_ERR, "Cannot set attribute: %s", $mesg->error);143 return;144 } else { return 1 }145 }146 147 38 1; 148 39
Note: See TracChangeset
for help on using the changeset viewer.