diff --git a/backup/LdapNS.pm b/backup/LdapNS.pm
deleted file mode 100644
index 6949b57a1af182c64dfbcf197b75094d1bd4a3a1..0000000000000000000000000000000000000000
--- a/backup/LdapNS.pm
+++ /dev/null
@@ -1,1014 +0,0 @@
-
-{
-
- package SNET::LdapNS::Connection;
- use 5.008000;
- use strict;
- use warnings;
- use diagnostics;
- use Net::LDAP;
- use Net::LDAP::Entry;
- use Net::LDAP::Extension::SetPassword;
- use Crypt::SaltedHash;
-
- use Config::IniFiles;
- use File::Basename;
-
- BEGIN {
- my $iniFile = new Config::IniFiles( -file => "/opt/etc/ini/global.ini" );
- push( @INC, $iniFile->val( 'APPLICATION', 'LIBRARY' ) );
- }
-
- use SNET::common;
-
- require Exporter;
- our $VERSION = '0.1';
-
- our %EXPORT_TAGS = ( 'all' => [ qw(
- ) ] );
-
- our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
- our @EXPORT = qw();
-
- my $cafile = '/etc/ssl/certs/cec.eu.int_CA.pem';
- my $max_auditinformation_history = 20;
-
- my $valid_dn_char = qr/[a-zA-Z0-9_\.\-]+/;
- my $valid_dn = qr/^$valid_dn_char\=$valid_dn_char(,$valid_dn_char\=$valid_dn_char)+$/i;
-
- sub validate_dn {
- my ($self, $dn) = @_;
- die 'missing dn' unless defined($dn);
- die "invalid dn `$dn'" unless ($dn =~ $valid_dn);
- return 1;
- }
-
- sub clean_dn($) {
- my ($self, $dn) = @_;
- die 'missing dn' unless defined($dn);
- $dn =~ s/,.*$//;
- $dn =~ s/^.*=//;
- die "invalid dn `$dn'" unless ($dn =~ m/^$valid_dn_char$/);
- return $dn;
- }
-
- sub initialize {
-
- my $self = shift;
- my ($server, $user, $password, $label, $audit_user, $starttls, $debug, $verbose) = @_;
-
- die 'missing parameters' unless (
- defined($server) && defined($user) && defined($password) &&
- defined($label) && defined($audit_user) && defined($starttls) &&
- defined($debug) && defined($verbose)
- );
-
- die 'invalid server' unless (($server =~ m/[a-z0-9_\.\-]+/i) && ($server =~ m/^[^.]+\.[^.]+/));
-
- die "invalid user `$user'" unless ($user =~ m/^(uid|cn)=[a-z0-9]+(,[a-z]+=[a-z0-9]+)+$/i);
-
- die 'invalid password' unless (length($password) > 0);
-
- die 'invalid label' unless ($label =~ m/[a-z0-9_\.\-]+/i);
-
- die "invalid audit_user `$audit_user'" unless ($audit_user =~ m/^[a-z0-9]{7}$/i);
-
- $starttls = int($starttls);
- $debug = int($debug);
-
- print 'initializing connection['.$label.']'.nl() if ($debug);
-
- my $ldap = Net::LDAP->new( $server,
- async => 0,
- onerror => (($debug == 0) ? 'undef' : sub {
- my $message = shift;
- print '['.$label.'] Unable to process request: '.$message->error().nl();
- return $message;
- }),
- ) or die "Could not connect to server `$server'";
-
- eval {
-
- my $message;
- print 'starting tls'.nl() if ($debug);
- if ($starttls) {
- $message = $ldap->start_tls(
- verify => 'require',
- cafile => $cafile,
- );
- die "Could not encrypt connection" if $message->is_error();
- }
-
- print 'binding'.nl() if ($debug);
- $message = $ldap->bind($user, password=>$password);
- die "Unable to login" if $message->is_error();
- };
- if ($@) {
- $self->unbind();
- die $@;
- }
-
- $self->{'connection'} = $ldap;
- $self->{'server'} = $server;
- $self->{'user'} = $user;
- $self->{'password'} = $password;
- $self->{'label'} = $label;
- $self->{'tls'} = $starttls;
- $self->{'debug'} = $debug;
- $self->{'verbose'} = $verbose;
- $self->{'audit_user'} = $audit_user;
-
- return $self;
-
- }
-
- sub new {
- my $class = shift;
- my $self = {};
- bless $self;
- $self->initialize(@_);
- return $self;
- }
-
- sub unbind {
- my $self = shift;
- print 'closing connection['.$self->{'label'}.']'.nl() if ($self->{'debug'} > 0);
- eval {
- $self->{'connection'}->unbind();
- $self->{'connection'}->disconnect();
- };
- }
-
- sub new_audit_information {
- my ($self, $IM, $op) = @_;
- die 'missing parameters' unless (defined($IM) && defined($op));
- die 'invalid IM' unless ($IM =~ m/^IM[0-9]{10}$/);
- die 'invalid op' unless ($op =~ m/^[ADC]$/);
- return $IM.';'.$self->{'audit_user'}.';'.$op.';'.time;
- }
-
- sub clean_audit_history {
-
- my ($self, $dn) = @_;
-
- eval {
-
- die 'missing arguments' unless (defined($dn));
-
- $self->validate_dn($dn);
-
- my $result = $self->search(
- base => $dn,
- scope => 'base',
- filter => '(objectClass=Audit)',
- attrs => 'auditInformation'
- );
-
- die "invalid Audit object `$dn'" unless (scalar(keys(%{$result}) == 1));
- my $ref_infos = $result->{$dn}->{'auditinformation'};
- die "missing auditInformation in object `$dn'" unless defined($ref_infos);
-
- if (scalar( @{$ref_infos} > $max_auditinformation_history)) {
-
- my @to_delete;
-
- my $sort = sub {
- my @a = split(/;/, $a);
- my @b = split(/;/, $b);
- return ($a[-1] <=> $b[-1]);
- };
-
- my @infos = sort $sort @{$ref_infos};
-
- while (scalar(@infos) > $max_auditinformation_history) {
- push(@to_delete, shift(@infos));
- }
-
- my $message = $self->{'connection'}->modify(
- $dn,
- 'delete' => [
- 'auditInformation' => \@to_delete
- ],
- );
- if ($self->{'debug'} > 0) {
- print 'failed to clean audit information'.nl() if ($message->is_error());
- }
-
- }
-
- };
- if ($@) {
- print $@.nl() if $self->{'debug'};
- }
-
- return 0;
-
- }
-
-# From Net::LDAP::Search
-# Returns a reference to a HASH, where the keys are the DNs of the results
-# and the values are HASH references. These second level HASHes hold the
-# attributes such that the keys are the attribute names, in
-# !!!!!!!!!!!!!!!!!!!!!!!! lowercase !!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-# ,and the values are references to an ARRAY holding the values.
- sub search {
-
- my $self = shift;
- my $message = $self->{'connection'}->search(@_);
- my $result = undef;
-
- if ($message->is_error()) {
- print 'search failed: '.$message->error_text.nl() if ($self->{'debug'} > 0);
- }
- elsif ($message->count() == 0) {
- print 'no result'.nl() if ($self->{'debug'} > 1);
- }
- else {
- $result = $message->as_struct();
- }
-
- return $result;
-
- }
-
- sub changes {
-
- my ($self, $IM, $entry) = @_;
-
- die 'missing IM' unless (defined($IM));
- die 'missing Net::LDAP::Entry' unless (defined($entry) && (ref($entry) eq 'Net::LDAP::Entry'));
-
- my $dn = $entry->dn();
- $self->validate_dn($dn);
-
- my $method = $entry->changetype();
-
- my $audit;
- if ($method eq 'add') {
- $audit = $self->new_audit_information($IM, 'A');
- }
- elsif ($method eq 'delete') {
- $audit = $self->new_audit_information($IM, 'D');
- }
- else {
- $audit = $self->new_audit_information($IM, 'C');
- }
-
- if ($method eq 'add') {
- $entry->add(
- 'objectClass' => ['Audit'],
- 'auditInformation' => $audit
- );
- }
- elsif ($method eq 'delete') {
- my $objectClass = $entry->get_value('objectClass');
- die 'invalid objectClass in Net::LDAP::Entry' unless defined($objectClass);
- my $valid_entry = $self->search(
- base => $dn,
- scope => 'base',
- filter => '(objectClass='.$objectClass.')',
- attrs => '[1.1]'
- ) or die "invalid delete operation on `$dn'";
- }
-
- if ($self->{'verbose'} > 0) {
- print 'performing '.$method.'['.$audit.'] operation'.nl();
- my @attrs = $entry->attributes( nooptions => 1);
- print 'attributes added: '.@attrs.nl() if (($self->{'debug'} > 1) && (scalar(@attrs) > 0));
- }
-
- my $result;
-
- if ($method ne 'add') {
- $result = $self->{'connection'}->modify($dn, 'add' => { 'auditInformation' => $audit });
- if ($result->is_error()) {
- print 'audit error, aborting operation'.nl();
- return undef;
- }
- }
- $result = $entry->update($self->{'connection'});
-
- $self->clean_audit_history($dn) unless (
- ($method eq 'add')
- ||
- (($method eq 'delete') && (!$result->is_error()))
- );
-
- return ($result->is_error() ? 0 : 1);
-
- }
-
- sub next_uidNumber {
-
- my ($self, $min, $max, $tree) = @_;
- die 'missing tree' unless (
- defined($min) && defined($max) && defined($tree)
- );
-
- $min = int($min);
- $max = int($max);
- die 'invalid uidNumber range' if ($min >= $max);
-
- my %valid_uidNumbers;
- foreach ($min..$max) {
- $valid_uidNumbers{$_}++;
- }
-
- my $accounts = $self->search(
- base => $tree,
- scope => 'one',
- filter => '(objectClass=posixAccount)',
- attrs => 'uidNumber',
- );
-
- return $min unless defined($accounts);
-
- my @current_uidNumbers = map { shift(@{$_->{'uidnumber'}}) } values(%{$accounts});
-
- foreach (@current_uidNumbers) {
- delete($valid_uidNumbers{$_});
- }
-
- die 'no more available uidNumber' unless (scalar(keys(%valid_uidNumbers)) > 0);
-
- my @sorted_uidNumbers = sort {$a <=> $b} keys(%valid_uidNumbers);
-
- return shift(@sorted_uidNumbers);
-
- }
-
- sub gen_passwd {
-
- my ($self, $history) = @_;
-
- my @lc = ('a'..'z');
- my @up = ('A'..'Z');
- my @digit = ('0'..'9');
- my @sp = ('!','#','$','%','&','@','-');
- my @all = (@lc, @up, @digit, @sp);
-
- my $password;
- my $limit = 3;
-
- do {
- $limit--;
- $password = join( '',
- (map { $all[rand($#all + 1)] } (1..3)),
- $lc[rand($#lc + 1)],
- (map { $all[rand($#all + 1)] } (1..3)),
- $up[rand($#up + 1)],
- (map { $all[rand($#all + 1)] } (1..3)),
- $digit[rand($#digit + 1)],
- (map { $all[rand($#all + 1)] } (1..3)),
- $sp[rand($#sp + 1)],
- );
- print 'generated password: '.$password.nl() if ($self->{'debug'} > 0);
- if (defined($history)) {
- foreach (@{$history}) {
- s/^.*{/{/;
- print 'testing password against history value: '.$_.nl() if ($self->{'debug'} > 0);
- $password = undef if (Crypt::SaltedHash->validate($_, $password));
- }
- }
- } until ((defined($password)) || ($limit == 0));
-
- return $password;
-
- }
-
- sub passwd {
-
- my ($self, $dn, $old, $new) = @_;
- die 'missing arguments' unless (defined($dn) && defined($old) && defined($new));
- die 'invalid password' unless ((length($old) > 0) && (length($new) > 0) && ($old ne $new));
- $self->validate_dn($dn);
-
- my $result = $self->{'connection'}->set_password(
- 'user' => $dn,
- 'oldpasswd' => $old,
- 'newpasswd' => $new
- );
-
- return ($result->is_error() ? 0 : 1);
-
- }
-
- sub reset {
-
- my ($self, $dn) = @_;
- my $result;
-
- eval {
-
- die 'invalid arguments' unless (defined($dn) && (length($dn) > 0));
- die 'invalid dn' unless (lc($dn) ne lc($self->{'user'}));
- $self->validate_dn($dn);
-
- my $user = $self->search(
- base => $dn,
- scope => 'base',
- filter => '(objectClass=simpleSecurityObject)',
- attrs => ['mail', 'gecos', 'userPassword', 'pwdHistory']
- );
-
- die "invalid user's dn `$dn'" unless defined($user);
-
- # that one is mandatory in simpleSecurityObject
- # not getting one means access rights issue
- die 'unable to fetch current password' unless defined($user->{$dn}->{'userpassword'});
- my $userPassword = ${$user->{$dn}->{'userpassword'}}[0];
-
- my $pwdHistory = defined($user->{$dn}->{'pwdhistory'}) ? $user->{$dn}->{'pwdhistory'} : [];
- unshift(@{$pwdHistory}, $userPassword);
-
- my $mail = ${$user->{$dn}->{'mail'}}[0] if defined($user->{$dn}->{'mail'});
- my $gecos = ${$user->{$dn}->{'gecos'}}[0] if defined($user->{$dn}->{'gecos'});
- my $sendmail = (defined($mail) && defined($gecos));
-
- print "reseting password for user `$gecos' <$mail>".nl() if (
- ($self->{'debug'} > 0)
- &&
- (defined($sendmail))
- );
-
- my $password = $self->gen_passwd($pwdHistory);
- die 'unable to generate new password' unless defined($password);
-
- # be sure to delete any pwdReset first, otherwise
- # reset won't work twice on the same user
- $result = $self->{'connection'}->modify(
- $dn,
- changes => [
- delete => [
- pwdReset => [],
- ],
- replace => [
- userPassword => $password,
- ],
- add => [
- pwdReset => 'TRUE',
- ]
- ]
- );
-
- };
- if ($@) {
- print $@.nl() if ($self->{'debug'} > 0);
- return 0;
- }
-
- return ($result->is_error() ? 0 : 1);
-
- }
-
- 1;
-
-}
-
-{
-
- package SNET::LdapNS;
- use 5.008000;
- use strict;
- use warnings;
- use diagnostics;
- use Net::LDAP::Entry;
- use Data::Dumper;
-
- require Exporter;
- our $VERSION = '0.1';
-
- our %EXPORT_TAGS = ( 'all' => [ qw(
- &ldapns_unbind &ldapns_bind
- &isAdmin
- &passwd &pwdReset
- &getAllPosixAccounts &getPosixAccount
- &getAllPposixGroups &getPosixGroup
- &getAllGroupOfNames &getGroupOfNames
- &addPosixGroup &deletePosixGroup
- ) ] );
-
- our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
- our @EXPORT = qw();
-
- our %connections;
-
- my $ROOT = 'dc=ec,dc=europa,dc=eu';
- my $SNET = 'ou=SNet,ou=2,ou=C,o=DIGIT,'.$ROOT;
- my $ADMIN = 'ou=management,'.$ROOT;
- my $GROUPS = 'ou=groups';
- my $PEOPLE = 'ou=People';
- my $MINID = 2000;
- my $MAXID = 9999;
-
- sub get_connection($) {
- my $label = shift;
- die 'invalid parameter' unless defined($label);
- return $connections{$label};
- }
-
- sub ldapns_unbind($) {
- my $label = shift;
- die 'invalid parameter' unless defined($label);
- my $ldap = get_connection($label);
- if (defined($ldap)) {
- $ldap->unbind;
- delete($connections{$label});
- undef($ldap);
- }
- }
-
- sub ldapns_bind($$$;$$$$$) {
-
- my ($server, $user, $password, $label, $audit_user, $starttls, $debug, $verbose) = @_;
- die 'invalid parameters' unless (
- defined($server) && defined($user) && defined($password)
- );
-
- $label = $server unless defined($label);
- if (!defined($audit_user)) {
- $audit_user = clean_dn($user);
- }
- $starttls = 0 unless defined($starttls);
- $debug = 0 unless defined($debug);
- $verbose = 0 unless defined($verbose);
-
- die "label `$label' already exists" if defined(get_connection($label));
-
- $connections{$label} = new SNET::LdapNS::Connection(
- $server, $user, $password, $label, $audit_user, $starttls, $debug, $verbose
- );
-
- return 0;
-
- }
-
- sub isAdmin($$) {
-
- my ($label, $dn) = @_;
- die 'invalid parameters' unless (
- defined($label) && defined($dn)
- );
-
- my $ldap = get_connection($label)
- or die "invalid connection's label `$label'";
-
- $ldap->validate_dn($dn);
-
- my @trees = ( $GROUPS.','.$SNET, $GROUPS.','.$ADMIN );
- my $filter = "(&(cn=admin)(member=$dn))";
-
- my $result;
- foreach my $tree (@trees) {
- print "$tree => $filter\n";
- $result = $ldap->search(
- base => $tree,
- scope => 'one',
- filter => $filter,
- attrs => ['1.1'],
- );
- next unless defined($result);
- last if (scalar(keys(%{$result}) > 0));
- undef $result;
- }
- return defined($result);
-
- }
-
- sub passwd($$$;$$) {
-
- my ($label, $old, $new, $uid, $tree) = @_;
-
- die 'missing parameters' unless (
- defined($label) && defined($old) && defined($new)
- );
-
- my $ldap = get_connection($label)
- or die "invalid connection's label `$label'";
-
- my $dn;
- if (defined($uid)) {
- $tree = $PEOPLE.','.$SNET unless defined($tree);
- die "invalid people tree `$tree'" unless ($tree =~ m/^$PEOPLE,/i);
- $uid = $ldap->clean_dn($uid);
- $dn = 'uid='.$uid.','.$tree;
- }
- else {
- $dn = $ldap->{'user'};
- }
-
- $ldap->validate_dn($dn);
- return $ldap->passwd($dn, $old, $new);
-
- }
-
- sub pwdReset($$;$) {
-
- my ($label, $uid, $tree) = @_;
- die 'missing parameters' unless (defined($label) && defined($uid));
-
- my $ldap = get_connection($label)
- or die "invalid connection's label `$label'";
-
- $tree = $PEOPLE.','.$SNET unless defined($tree);
- die "invalid people tree `$tree'" unless ($tree =~ m/^$PEOPLE,/i);
-
- $uid = $ldap->clean_dn($uid);
- my $dn = 'uid='.$uid.','.$tree;
- $ldap->validate_dn($dn);
-
- return $ldap->reset($dn);
-
- }
-
- sub getAllPosixAccounts($;$) {
-
- my ($label, $tree) = @_;
- die 'invalid parameters' unless (defined($label));
-
- my $ldap = get_connection($label)
- or die "invalid connection's label `$label'";
-
- $tree = $PEOPLE.','.$SNET unless defined($tree);
- die "invalid people tree `$tree'" unless ($tree =~ m/^$PEOPLE,/i);
-
- my $result = $ldap->search(
- base => $tree,
- scope => 'one',
- filter => '(objectClass=posixAccount)',
- attrs => ['uid', 'uidNumber']
- ) or die "Unable to fetch users";
-
- return $result;
-
- }
-
- sub getPosixAccount($$;$) {
-
- my ($label, $uid, $tree) = @_;
- die 'invalid parameters' unless (defined($label) && defined($uid));
-
- my $ldap = get_connection($label)
- or die "invalid connection's label `$label'";
-
- $uid = $ldap->clean_dn($uid);
-
- $tree = $PEOPLE.','.$SNET unless defined($tree);
- die "invalid people tree `$tree'" unless ($tree =~ m/^$PEOPLE,/i);
-
- my $result = $ldap->search(
- base => $tree,
- scope => 'one',
- filter => '(&(objectClass=posixAccount)(uid='.$uid.')',
- attrs => [qw(uid uidNumber gidNumber mail gecos description pwdReset memberOf)]
- ) or die "Unable to fetch user";
-
- die "dupplicate uid `$uid'" if (scalar(keys(%{$result})) > 1);
- return $result;
-
- }
-
- sub getAllPposixGroups($;$) {
-
- my ($label, $tree) = @_;
- die 'invalid parameters' unless (defined($label));
-
- my $ldap = get_connection($label)
- or die "invalid connection's label `$label'";
-
- $tree = $GROUPS.','.$SNET unless defined($tree);
- die "invalid group tree `$tree'" unless ($tree =~ m/^$GROUPS,/i);
-
- my $result = $ldap->search(
- base => $tree,
- scope => 'one',
- filter => '(objectClass=posixGroup)',
- attrs => ['cn', 'gidNumber'],
- ) or die "Unable to fetch posixGroups";
-
- return $result;
-
- }
-
- sub getPosixGroup($$;$) {
-
- my ($label, $cn, $tree) = @_;
- die 'missing parameters' unless (defined($label) && defined($cn));
-
- my $ldap = get_connection($label)
- or die "invalid connection's label `$label'";
-
- $cn = $ldap->clean_dn($cn);
-
- $tree = $GROUPS.','.$SNET unless defined($tree);
- die "invalid group tree `$tree'" unless ($tree =~ m/^$GROUPS,/i);
-
- my $result = $ldap->search(
- base => $tree,
- scope => 'one',
- filter => '(&(objectClass=posixGroup)(cn='.$cn.'))',
- attrs => ['cn', 'gidNumber', 'memberUid'],
- ) or die "unable to fetch posixGroup `$cn'";
-
- die "dupplicate cn `$cn' group" if (scalar(keys(%{$result})) > 1);
- return $result;
-
- }
-
- sub getAllGroupOfNames($;$) {
-
- my ($label, $tree) = @_;
- die 'invalid parameters' unless (defined($label));
-
- my $ldap = get_connection($label)
- or die "invalid connection's label `$label'";
-
- $tree = $GROUPS.','.$SNET unless defined($tree);
- die "invalid group tree `$tree'" unless ($tree =~ m/^$GROUPS,/i);
-
- my $result = $ldap->search(
- base => $tree,
- scope => 'one',
- filter => '(objectClass=groupOfNames)',
- attrs => ['cn']
- ) or die "Unable to fetch groupsOfNames";
-
- return $result;
-
- }
-
- sub getGroupOfNames($$;$) {
-
- my ($label, $cn, $tree) = @_;
- die 'missing parameters' unless (defined($label) && defined($cn));
-
- my $ldap = get_connection($label)
- or die "invalid connection's label `$label'";
-
- $cn = $ldap->clean_dn($cn);
-
- $tree = $GROUPS.','.$SNET unless defined($tree);
- die "invalid group tree `$tree'" unless ($tree =~ m/^$GROUPS,/i);
-
- my $result = $ldap->search(
- base => $tree,
- scope => 'one',
- filter => '(&(objectClass=groupOfNames)(cn='.$cn.'))',
- attrs => ['cn', 'member'],
- ) or die "unable to fetch groupOfNames `$cn'";
-
- die "dupplicate cn `$cn' group" if (scalar(keys(%{$result})) > 1);
- return $result;
-
- }
-
- sub addPosixAccount($$$$$$;$$$) {
-
- my ($label, $IM, $uid, $gidNumber, $gecos, $mail, $uidNumber, $description, $tree) = @_;
- die 'invalid parameters' unless (
- defined($label) && defined($IM) &&
- defined($uid) && defined($gidNumber) && defined($gecos) && defined($mail)
- );
-
- $gidNumber = int($gidNumber);
- die 'invalid gid' unless (($gidNumber >= $MINID) && ($gidNumber < $MAXID));
-
- my $ldap = get_connection($label)
- or die "invalid connection's label `$label'";
-
- $tree = $PEOPLE.','.$SNET unless defined($tree);
- die "invalid people tree `$tree'" unless ($tree =~ m/^$PEOPLE,/i);
-
- $uid = $ldap->clean_dn($uid);
-
- my $dn = 'uid='.$uid.','.$tree;
- $ldap->validate_dn($dn);
-
- $uidNumber = (
- defined($uidNumber) ?
- int($uidNumber) :
- int($ldap->next_uidNumber($MINID, $MAXID, $tree))
- );
- die 'invalid uid' unless (($uidNumber >= $MINID) && ($uidNumber < $MAXID));
-
- my $entry = Net::LDAP::Entry->new($dn,
- 'uid' => $uid,
- 'cn' => $uid,
- 'sn' => $uid,
- 'uidNumber' => $uidNumber,
- 'gidNumber' => $gidNumber,
- 'mail' => $mail,
- 'gecos' => $gecos,
- 'homeDirectory' => "/home/$uid",
- 'loginShell' => '/bin/ksh',
- 'shadowLastChange' => '11640',
- 'shadowFlag' => '0',
- 'userPassword' => $ldap->gen_passwd,
- 'objectClass' => [qw( top inetOrgPerson organizationalPerson person posixAccount shadowAccount simpleSecurityObject)],
- );
- $entry->add( 'description' => $description ) if (defined($description));
-
- return ($ldap->changes($IM, $entry->changetype('add')) ? $entry : 0);
-
- }
-
- sub addPosixGroup($$$;$) {
-
- my ($label, $IM, $cn, $gid, $tree) = @_;
- die 'invalid parameters' unless (
- defined($IM) && defined($label) && defined($cn) && defined($gid)
- );
-
- die 'invalid gid' unless (($gid > 1024) && ($gid < 60000));
-
- my $ldap = get_connection($label)
- or die "invalid connection's label `$label'";
-
- $tree = $GROUPS.','.$SNET unless defined($tree);
- die "invalid group tree `$tree'" unless ($tree =~ m/^$GROUPS,/i);
-
- $cn = $ldap->clean_dn($cn);
- my $dn = 'cn='.$cn.','.$tree;
- $ldap->validate_dn($dn);
-
- my $entry = Net::LDAP::Entry->new($dn,
- 'objectClass' => ['top', 'posixGroup'],
- 'gidNumber' => $gid,
- 'cn' => $cn
- );
-
- return $ldap->changes($IM, $entry->changetype('add'));
-
- }
-
- sub deletePosixAccount($$$;$) {
-
- my ($label, $IM, $cn, $tree) = @_;
- die 'invalid parameters' unless (
- defined($IM) && defined($label) && defined($cn)
- );
-
- my $ldap = get_connection($label)
- or die "invalid connection's label `$label'";
-
- $tree = $PEOPLE.','.$SNET unless defined($tree);
- die "invalid people tree `$tree'" unless ($tree =~ m/^$PEOPLE,/i);
-
- $cn = $ldap->clean_dn($cn);
- my $dn = 'uid='.$cn.','.$tree;
- $ldap->validate_dn($dn);
-
- my $entry = Net::LDAP::Entry->new($dn,
- 'objectClass' => ['posixAccount']
- );
-
- return $ldap->changes($IM, $entry->changetype('delete'));
-
- }
-
- sub deletePosixGroup($$$;$) {
-
- my ($label, $IM, $cn, $tree) = @_;
- die 'invalid parameters' unless (
- defined($IM) && defined($label) && defined($cn)
- );
-
- my $ldap = get_connection($label)
- or die "invalid connection's label `$label'";
-
- $tree = $GROUPS.','.$SNET unless defined($tree);
- die "invalid group tree `$tree'" unless ($tree =~ m/^$GROUPS,/i);
-
- my $people_tree = $tree;
- $people_tree =~ s/^$GROUPS/$PEOPLE/;
-
- my $group = getPosixGroup($label, $cn, $tree)
- or die "posixGroup `$cn' does not exist";
-
- my @keys = keys(%{$group});
- my $dn = shift(@keys);
- die "invalid posixGroup `$cn'" unless defined($group->{$dn}->{'gidnumber'});
-
- my $gid = shift(@{$group->{$dn}->{'gidnumber'}});
-
- $ldap->search(
- base => $people_tree,
- scope => 'one',
- filter => '(&(objectClass=posixAccount)(gidNumber='.$gid.'))',
- attrs => '[1.1]'
- ) and die 'existing posixAccount with same base gid';
-
- my $entry = Net::LDAP::Entry->new($dn,
- 'objectClass' => ['posixGroup']
- );
-
- return $ldap->changes($IM, $entry->changetype('delete'));
-
- }
-
- sub deleteGroupOfNames($$$;$) {
-
- my ($label, $IM, $cn, $tree) = @_;
- die 'invalid parameters' unless (
- defined($IM) && defined($label) && defined($cn)
- );
-
- my $ldap = get_connection($label)
- or die "invalid connection's label `$label'";
-
- $tree = $GROUPS.','.$SNET unless defined($tree);
- die "invalid group tree `$tree'" unless ($tree =~ m/^$GROUPS,/i);
-
- $cn = $ldap->clean_dn($cn);
- die "invalid read-only group `$cn'" if ($cn =~ m/^admin$/i);
-
- my $dn = 'cn='.$cn.','.$tree;
- $ldap->validate_dn($dn);
-
- my $entry = Net::LDAP::Entry->new($dn,
- 'objectClass' => ['groupOfNames']
- );
-
- return $ldap->changes($IM, $entry->changetype('delete'));
-
- }
-
- sub addToPosixGroup($$$$;$) {
-
- my ($label, $IM, $uid, $cn, $tree) = @_;
- die 'invalid parameters' unless (
- defined($IM) && defined($label) && defined($uid) && defined($cn)
- );
-
- my $ldap = get_connection($label)
- or die "invalid connection's label `$label'";
-
- $tree = $GROUPS.','.$SNET unless defined($tree);
- die "invalid group tree `$tree'" unless ($tree =~ m/^$GROUPS,/i);
-
- $uid = $ldap->clean_dn($uid);
-
- my $dn = 'cn='.$cn.','.$tree;
- $ldap->validate_dn($dn);
-
- my $group = getPosixAccount($label, $cn);
- die "invalid posixGroup `$cn'" unless defined($group);
-
- my $attrs = values(%{$group});
- my $members = $attrs->{'memberUid'};
-
- return 1 if (defined($members) && (grep { $_ eq $uid } @{$members}));
-
- my $entry = Net::LDAP::Entry->new($dn);
- $entry->changetype('modify');
- $entry->add(memberUid => [$uid]);
-
- return $ldap->changes($IM, $entry);
-
- }
-
- sub addToGroupOfNames ($$$$;$) {
-
- my ($label, $IM, $uid, $cn, $tree) = @_;
- die 'invalid parameters' unless (
- defined($IM) && defined($label) && defined($uid) && defined($cn)
- );
-
- my $ldap = get_connection($label)
- or die "invalid connection's label `$label'";
-
- $tree = $GROUPS.','.$SNET unless defined($tree);
- die "invalid group tree `$tree'" unless ($tree =~ m/^$GROUPS,/i);
-
- my $people_tree = $tree;
- $people_tree =~ s/^$GROUPS,/$PEOPLE,/i;
-
- $uid = 'uid='.$ldap->clean_dn($uid).','.$people_tree;
- $ldap->validate_dn($uid);
-
- my $dn = 'cn='.$cn.','.$tree;
- $ldap->validate_dn($dn);
-
- my $group = getGroupOfNames($label, $cn, $tree);
- die "invalid groupOfNames `$cn'" unless defined($group);
-
- my @keys = keys(%{$group});
- my $group_dn = shift(@keys);
- die "unmatching groupOfNames `$cn'" unless (lc($dn) eq lc($group_dn));
-
- my $members = $group->{$group_dn}->{'member'};
- return 1 if (defined($members) && (grep { $_ eq $uid } @{$members}));
-
- my $entry = Net::LDAP::Entry->new($dn);
- $entry->changetype('modify');
- $entry->add('member' => [$uid]);
-
- return $ldap->changes($IM, $entry);
-
- }
-
-
- 1;
-
-}
-
diff --git a/backup/ldap_NS.pl b/backup/ldap_NS.pl
deleted file mode 100755
index 6c2f0d619de95fdf11e799a22bbf49c304dcf7ce..0000000000000000000000000000000000000000
--- a/backup/ldap_NS.pl
+++ /dev/null
@@ -1,725 +0,0 @@
-#!/usr/bin/perl -T
-
-#
-use strict;
-use warnings;
-
-#
-use Data::Dumper;
-use CGI qw/:standard start_ol/;
-use CGI::Cookie;
-use Config::IniFiles;
-use File::Basename;
-
-use Net::LDAP;
-use Data::Dumper;
-
-# unbuffered output:
-$| = 1;
-
-BEGIN {
- my $iniFile = new Config::IniFiles( -file => "/opt/etc/ini/global.ini" );
- push( @INC, $iniFile->val( 'APPLICATION', 'LIBRARY' ), '.' );
-}
-use SNET::access;
-use SNET::common;
-use SNET::html;
-use SNET::ActiveDirectory;
-
-use Template;
-
-use LdapNS qw(:all);
-use vars qw($cli_mode);
-
-$cli_mode = 1;
-SNET::LdapNS::ldapns_bind('ldap.snmc.cec.eu.int', 'uid=baeumma,ou=people,ou=SNet,ou=2,ou=C,o=DIGIT,dc=ec,dc=europa,dc=eu', 'pipo', 'test', 'baeumma', 1, 1, 1);
-#my $con = SNET::LdapNS::get_connection('test');
-#$con->changes('dn' => 'zboub', 'IM' => 'IM1234567890', 'add' => [ 'attrs' => [ 'name' => 'zzz' ] ]);
-#$con->reset('uid=vernada,ou=people,ou=SNet,ou=2,ou=C,o=DIGIT,dc=ec,dc=europa,dc=eu');
-#SNET::LdapNS::pwdReset('test', 'uid=vernada,ou=people,ou=SNet,ou=2,ou=C,o=DIGIT,dc=ec,dc=europa,dc=eu');
-
-#foreach ('tsigref', 'baeumma', 'santogi', 'zboub') {
-# print "$_ is admin\n" if (SNET::LdapNS::isAdmin('test', 'uid='.$_.',ou=people,ou=SNet,ou=2,ou=C,o=DIGIT,dc=ec,dc=europa,dc=eu'));
-#}
-#SNET::LdapNS::addPosixGroup('test', 'IM1234567890', 'pouet', '3333');
-#SNET::LdapNS::deletePosixGroup('test', 'IM1234567890', 'pouet');
-
-#SNET::LdapNS::addPosixAccount('test', 'IM1234567890', 'toto', 3500, 'To To', 'to.to@ext.ec.europa.eu');
-#SNET::LdapNS::deletePosixAccount('test', 'IM1234567890', 'toto');
-SNET::LdapNS::addToGroupOfNames('test', 'IM1234567890', 'baudetr', 'admin');
-
-#SNET::LdapNS::addToPosixGroup('test', 'IM1234567890', 'baudetr', 'snmc');
-SNET::LdapNS::ldapns_unbind('test');
-
-exit 0;
-
-my ($verbose,$debug,$help);
-my ($env,$script,$cli_mode);
-my ($action,$IM,$username,$belongs_iss3,$belongs_network,$belongs_security,$belongs_admin,$migration,$ldap_admin,$ldap_passwd);
-
-$debug = 0;
-$verbose = 0;
-($script) = split(/\./,basename($0));
-
-my $title = "LDAP Admin GUI";
-my $function = $title;
-$function =~s/\s/_/g;
-my $href = "";
-my $header = "";
-my $html_msg = "";
-
-my $global_iniFile = new Config::IniFiles( -file => "/opt/etc/ini/global.ini" );
-
-my $old_people_tree = "dc=snmc,dc=cec,dc=eu,dc=int";
-my $new_people_tree = "ou=SNet,ou=2,ou=C,o=DIGIT,dc=ec,dc=europa,dc=eu";
-
-$env = "test"; # "prod";
-($html_msg) = Access_snet_script_head( $script, $global_iniFile, $ENV, $env );
-
-my $run_user;
-my $ns_username;
-my $ns_password;
-
-
-
-sub set_cookies {
-
- my $cookie;
- if (defined($ns_username)) {
- $cookie = CGI::Cookie->new(
- -name => 'ns_username',
- -value => $ns_username,
- );
- $cookie->bake;
- }
- if (defined($ns_password)) {
- $cookie = CGI::Cookie->new(
- -name => 'ns_password',
- -value => $ns_password,
- -secure => 1,
- );
- $cookie->bake;
- }
-}
-
-sub get_running_user {
- if ($cli_mode) {
- $run_user = $ENV{"USERNAME"};
- }
- else {
- $run_user = $ENV{"HTTP_AUTHUSER"};
- }
- if (defined($run_user)) {
- $run_user =~ s/uid=//;
- $run_user =~ s/,.*$//g;
- }
-}
-
-sub get_session_data {
-
- get_running_user;
-
- my %cookies = CGI::Cookie->fetch;
- if (defined($cookies{'ns_username'})) {
- $ns_username = $cookies{'ns_password'}->{'value'};
- }
- if (defined($cookies{'ns_password'})) {
- $ns_password = $cookies{'ns_password'}->{'value'};
- }
-
-}
-
-sub main {
-
- print header ( -charset => 'UTF-8', );
- dg_header_html( $title, 1, 0, $href, $header );
- print $html_msg . nl();
-
- get_session_data;
- if (defined($ns_username) && defined($ns_password)) {
- #authentication_page;
- }
- else {
- #action_page;
- }
-
- print end_html;
-
- exit 1;
-
-}
-
-sub print_prompt ($$$$)
-{
- my ($ldap_admin, $ldap_passwd, $username, $IM) = @_;
-
- print start_form(-enctype=>&CGI::MULTIPART);
-
- print "<em>Administrator uid (or full dn): </em>";
- print textfield(-name=>'ldap_admin',
- -default=>($ldap_admin ?
- $ldap_admin :
- 'cn=administrator,ou=people,ou=management,dc=ec,dc=europa,dc=eu'),
- -size=>50,
- -maxlength=>80);
- print nl();
-
- print nl();
- print "<em>Administrator password: </em>";
- print password_field(-name=>'ldap_passwd',
- -default=>($ldap_passwd?$ldap_passwd:''),
- -size=>50,
- -maxlength=>100);
- print nl();
-
- print nl();
- print "<em>Login name (same as net1): </em>";
- print textfield(-name=>'username',
- -default=>($username?$username:''),
- -size=>50,
- -maxlength=>80);
- print nl();
-
- print nl();
- print "<em>IM (Full SMT ticket number): </em>";
- print textfield(-name=>'IM',
- -default=>($IM?$IM:''),
- -override=>1,
- -size=>50,
- -maxlength=>100);
- print nl();
-
- print nl();
- print "<em>Options: </em>".nl();
- print checkbox_group(-name=>'belongs',
- -values=>['administrator','iss3','network','security','migration','verbose','debug'],
- -linebreak=>'true');
- print nl();
-
- print "<p>",submit('action','Submit'),reset;
- print end_form();
-
-}
-
-=head1 do_work - HTML Parameters
-
- display the parameters passed to the web interface.
-
- Arguments: None
-
-=cut
-
-sub do_work ()
-{
- my(@values,$key);
-
- return if (!param);
- print "<h2>Here are the current settings used for the $title processor</h2>";
-
- foreach $key (param) {
- next if ( $key =~/passw/i );
- print "<strong>$key</strong> -> ";
- @values = param($key);
- print join(", ",@values).nl();
- }
- print nl().nl();
-}
-
-$action = '';
-
-#my $old_people_tree = "ou=People,dc=snmc,dc=cec,dc=eu,dc=int";
-#my $new_people_tree = "ou=people,ou=SNet,ou=2,ou=C,o=DIGIT,dc=ec,dc=europa,dc=eu";
-my $new_dead_people_tree = "ou=expired,ou=SNet,ou=2,ou=C,o=DIGIT,dc=ec,dc=europa,dc=eu";
-
-$IM = param('IM') if (defined(param('IM')) && (param('IM') !~ /^$/) && (param('IM') =~ /^IM\d+$/) );
-$action = param('action') if (defined(param('action')) && (param('action') !~ /^$/) && (param('action') =~ /^\w+$/) );
-$username = param('username') if (defined(param('username')) && (param('username') !~ /^$/) && (param('username')=~ /^[\w-]+$/ ) );
-if (defined(param('ldap_admin')) && (param('ldap_admin') !~ /^$/) && (param('ldap_admin')=~ /^[\w=,-]+$/ ) ) {
- $ldap_admin = param('ldap_admin');
- if ($ldap_admin !~ /,/) {
- $ldap_admin='uid='.$ldap_admin.','.$new_people_tree;
- }
-}
-$ldap_passwd = param('ldap_passwd') if (defined(param('ldap_passwd')) && (param('ldap_passwd') !~ /^$/) );
-
-$belongs_admin = 0;
-$belongs_iss3 = 0;
-$belongs_network = 0;
-$belongs_security = 0;
-$migration = 0;
-my $pcount = 0;
-
-if ( ( defined (param('belongs') ) && (param('belongs') !~ /^$/ ) ) ) {
- my @values = param('belongs');
- my $belongs = join(", ",@values);
- $belongs =~s/\n//;
- $belongs =~s/\r//;
- $belongs =~s/\s+//;
- if ( $belongs =~ /administrator/ ) {
- $belongs_admin = 1;
- }
- if ( $belongs =~ /iss3/ ) {
- $belongs_iss3 = 1;
- $pcount++;
- }
- if ( $belongs =~ /network/ ) {
- $belongs_network = 1;
- $pcount++;
- }
- if ( $belongs =~ /security/ ) {
- $belongs_security = 1;
- $pcount++;
- }
-
- $verbose = 1 if ( $belongs =~ /verbose/ );
- $debug = 1 if ( $belongs =~ /debug/ );
- $migration = 1 if ( $belongs =~ /migration/ );
-}
-
-print header(
- -charset => 'UTF-8',
- );
-
-dg_header_html( $title, 1, 0, $href, $header );
-print $html_msg . nl();
-
-# TODO add only one belongs_* stuff
-#$belongs_iss3 = 0;
-#$belongs_network = 0;
-#$belongs_security = 0;
-
-if ( defined($username) && ($username !~ /^$/) && ($username =~ /^[\w-]+$/ ) && defined($IM) && ($IM !~ /^$/) && ( $IM =~ /^IM\d{10}$/ ) && (defined($action)) && ($action eq "Submit") && ($pcount <= 1) ) {
-
- do_work();
-
- my $AiniFile = new Config::IniFiles( -file => $global_iniFile->val( 'INI', 'AD' ) );
- my $adserver = $AiniFile->val( 'AD_NET1', 'SERVER' );
- print "error value of adserver is undefined" if ( !defined($adserver) );
- my $aduser = $AiniFile->val( 'AD_NET1', 'USER' );
- print "error value of aduser is undefined" if ( !defined($aduser) );
- my $adpasswd = $AiniFile->val( 'AD_NET1', 'PASSWORD');
- print "error value of adpasswd is undefined" if ( !defined($adpasswd) );
-
-
- my $attrs = [ 'displayName', 'mail' ];
-
- my ( $mail, $name ) = ( '', '' );
- print "Searching Net1 for userlogin : '$username'".nl();
-
- my $ad = Net::LDAP->new( $adserver )
- or die "Could not connect to AD: $adserver!";
-
- $ad->bind($aduser, password=>$adpasswd);
-
- #my $searchbase = 'OU=Users_ITIC,OU=DIGIT,OU=DGs,DC=net1,DC=cec,DC=eu,DC=int';
- my $searchbase = 'OU=DIGIT,OU=DGs,DC=net1,DC=cec,DC=eu,DC=int';
- my $filter = "sAMAccountName=$username";
-
- my $results = $ad->search(base=>$searchbase,filter=>$filter,attrs=>$attrs);
- if ( ( $results->code ) && ( $results->code != 32 ) ) {
- print "Code:" . $results->code . " '" . $results->error ."'" .nl();
- $ad->unbind;
- exit 1;
- }
- my $count = $results->count;
-
- if ( $count != 1 ) {
- print "More than 1 entries fetched from the AD Net1. Do not know what to do. One and only one entry should be found." . nl();
- $ad->unbind;
- exit;
- } else {
- print "'$count' record fetched from Net1.".nl();
- }
-
- my $entry = $results->entry( 0 );
-
- $mail = $entry->get_value('mail');
- $name = $entry->get_value('displayName');
- $name =~s/\s\(.*$//;
- $mail = lc( $mail );
-
- $ad->unbind;
- undef $results;
-
- print "Pursuing the addition of user '$username' with parameters:".nl();
- print " - Realname: '$name'".nl();
- print " - Email: '$mail'".nl();
- print br;
-
-
- # Check if username already exist
- my $ldap_server = 'ldap.snmc.cec.eu.int';
- my $homeserver = "home.snmc.cec.eu.int";
- my $ldap_min_uid = 2000;
- my $ldap_max_uid = 10000;
- print "Connecting to $ldap_server...".nl();
-
- my $ldap = Net::LDAP->new( $ldap_server,
- onerror => sub { print "oups! ".$_[0]->error().nl(); return undef; }, ) or die "$@";
-
- $ldap->start_tls( verify => 'require',
- cafile => '/usr/share/ca-certificates/cec.eu.int/cec.eu.int_CA.crt',
- );
- $ldap->bind ( $ldap_admin, password => $ldap_passwd );
-
- print "Searching directory for existing uid: $username".nl();
-
- $results = $ldap->search( base => $new_people_tree, filter => "(uid=$username)", attrs => ["cn", "uidNumber"]);
-
- if (defined($results)) {
- $results->code && die $results->error;
- $count = $results->count;
-
- if ( $count != 0 ) {
- print "Account already exist ('$count') in SNet LDAP. stopping process." . nl();
- $entry = $results->entry( 0 );
- print "cn: " . $entry->get_value('cn') . " uid " . $entry->get_value('uidNumber') .nl();
- $ldap->unbind;
- exit;
- }
- undef $results;
-
- } else {
- print "Did not found any existing entry in the LDAP SNet directory.".nl();
- }
-
- $results = $ldap->search( base => $new_dead_people_tree, filter => "(uid=$username)", attrs => ["cn", "uidNumber"]);
-
- if (defined($results)) {
- # TODO: branch does not yet exist...
- if ( ( $results->code ) && ( $results->code != 32 ) ) {
- print "Code:" . $results->code . " '" . $results->error ."'" .nl();
- $ldap->unbind;
- exit 1;
- }
- $count = $results->count;
-
- if ( $count != 0 ) {
- print "Account already exist in SNet LDAP for the old members! stopping process." . nl();
- $ldap->unbind;
- exit;
- } else {
- print "Did not found any existing entry in the LDAP SNet old members directory.".nl();
- }
- }
-
- undef $results;
-
- my $old_ldap;
- my $old_ldap_server = 'snmc-ldapns.snmc.cec.eu.int';
- my $old_admin = 'cn=Directory Manager';
- my $old_passwd = 'DirectoryM!';
-
- my $old_password;
- my $old_uidnumber;
- my @old_description;
- my $old_result = 0;
-
- my $next_free_uidnumber;
-
- if ($migration) {
-
- print "Checking if this is a migration from old directory...".nl();
-
- eval {
-
- $old_ldap = Net::LDAP->new( $old_ldap_server,
- onerror => sub { print "oupsi! ".$_[0]->error().nl(); return undef; }, )
- or die "Could not connect to $old_ldap_server!";
- $old_ldap->bind($old_admin, password => $old_passwd);
-
- $results = $old_ldap->search( base => $old_people_tree, filter => "(uid=$username)", attrs => ["userPassword", "uidNumber", "description"]);
- if (defined($results) && ($results->count == 1)) {
- $old_password = $results->entry->get_value( 'userPassword' );
- $old_uidnumber = $results->entry->get_value( 'uidNumber' );
- @old_description = $results->entry->get_value( 'description' );
- print "Found an uid matching with uidnumber : $old_uidnumber".nl();
- if (defined($old_uidnumber)) {
- undef $results;
- $results = $ldap->search( base => $new_people_tree, filter => "(uidNumber=$old_uidnumber)", attrs => ["cn"]);
- if ($results->count != 0) {
- undef $old_uidnumber;
- }
- else {
- $next_free_uidnumber = $old_uidnumber;
- }
- undef $results;
- }
- $old_result = 1;
- }
- else {
- print "seems to be a new user".nl();
- }
- $old_ldap->unbind;
-
- };
- if ($@) {
- print "oupsi! $@".nl();
- $old_ldap->unbind;
- }
- }
- undef $results;
-
- if (!(defined($old_uidnumber))) {
-
- print "Allocating a new uidNumber...".nl();
-
- # fetching all the uid, to find the next available uid
-
- # first tree... the living one...
- $results = $ldap->search( base => $new_people_tree, filter => "(&(objectClass=posixAccount)(uid=*))", attrs => ["cn", "uidNumber"]);
-
- exit 1 unless defined($results);
- if ( ( $results->code ) && ( $results->code != 32 ) ) {
- print "Code:" . $results->code . " '" . $results->error ."'" .nl();
- $ldap->unbind;
- exit 1;
- }
-
-
- $count = $results->count;
- if ($count != 0) {
- print "found $count already used uid(s)".nl();
- }
-
- my %blah;
- foreach my $entry ($results->entries) {
-
- # $entry->dump;
- my $uid=$entry->get_value( 'cn' );
- my $uidnumber=$entry->get_value( 'uidNumber');
-
- if (defined($blah{$uidnumber})) {
- $blah{$uidnumber}=$blah{$uidnumber} + 1;
- }
- else {
- if (($uidnumber >= $ldap_min_uid) && ($uidnumber < 10000)) {
- $blah{$uidnumber} = 1;
- }
- }
- }
-
- undef $results;
-
- # searching the dead one...
- $results = $ldap->search( base => $new_dead_people_tree, filter => "(uid=*)", attrs => ["cn", "uidNumber"]);
- if (defined($results)) {
- if ( ( $results->code ) && ( $results->code != 32 ) ) {
- print "Code:" . $results->code . " '" . $results->error ."'" .nl();
- $ldap->unbind;
- exit 1;
- }
-
- foreach my $entry ($results->entries) {
-
- # $entry->dump;
- my $uid=$entry->get_value( 'cn' );
- my $uidnumber=$entry->get_value( 'uidNumber');
-
- if (defined($blah{$uidnumber})) {
- $blah{$uidnumber}=$blah{$uidnumber} + 1;
- }
- else {
- if (($uidnumber >= $ldap_min_uid) && ($uidnumber < $ldap_max_uid)) {
- $blah{$uidnumber} = 1;
- }
- }
- }
-
- undef $results;
- }
-
- foreach my $key (sort { $a <=> $b } (keys(%blah))) {
- if ($blah{$key} > 1) {
- print "WARNING : uid number $key is used several time!" . nl();
- }
- }
-
- for ($next_free_uidnumber = $ldap_min_uid; $next_free_uidnumber <= $ldap_max_uid; $next_free_uidnumber++) {
- if (!defined($blah{$next_free_uidnumber})) {
- last;
- }
- }
-
- }
-
- if ($next_free_uidnumber < $ldap_max_uid) {
- print "next free uid number : $next_free_uidnumber" . nl();
- }
- else {
- print "No more uid number available!" . nl();
- exit 1;
- }
-
- my $uidn = $next_free_uidnumber;
- my $gidn = 3500; # gid is snmc...
-
- my $description = ();
- my $folder = '';
- if ( $belongs_admin ) {
- $belongs_admin = 'cn=admin,ou=groups,ou=SNet,ou=2,ou=C,o=DIGIT,dc=ec,dc=europa,dc=eu';
- }
- if ( $belongs_network ) {
- if ($old_result) {
- push( @$description, @old_description );
- }
- else {
- push ( @$description, 'RPRO' );
- push ( @$description, 'PSRO' );
- push ( @$description, 'CWRW' );
- }
- $folder = 'cn=network,ou=groups,ou=SNet,ou=2,ou=C,o=DIGIT,dc=ec,dc=europa,dc=eu';
- } elsif ( $belongs_security ) {
- if ($old_result) {
- push( @$description, @old_description );
- }
- else {
- push ( @$description, 'RPRW' );
- push ( @$description, 'PSRW' );
- push ( @$description, 'CWRO' );
- }
- $folder = 'cn=security,ou=groups,ou=SNet,ou=2,ou=C,o=DIGIT,dc=ec,dc=europa,dc=eu';
- } elsif ( $belongs_iss3 ) {
- if ($old_result) {
- push( @$description, @old_description );
- }
- else {
- push ( @$description, 'RPRW' );
- push ( @$description, 'PSRW' );
- push ( @$description, 'CWRA' );
- }
- $folder = 'cn=iss3,ou=groups,ou=SNet,ou=2,ou=C,o=DIGIT,dc=ec,dc=europa,dc=eu';
- }
- else {
- print "ignoring old attributes as no group membership was specified".nl();
- #if ($old_result) {
- # push( @$description, @old_description );
- #}
- #else {
- push ( @$description, 'RPRO' );
- push ( @$description, 'PSRO' );
- push ( @$description, 'CWRO' );
- #}
- }
-
- #my $uid_dn = "uid=${username},ou=${folder},".$new_people_tree;
- my $uid_dn = "uid=${username},".$new_people_tree;
-
- print "Creating user '$username' using the following parameters:".nl();
- print " - Realname: '$name'".nl();
- print " - Email: '$mail'".nl();
- print " - UID number: '$uidn'" .nl();
- print " - GID number: '$gidn'" .nl();
- print " - description: " . Dumper ( $description ) . nl();
- print " - uid_dn: '$uid_dn'".nl();
- print " - AUDIT: '$IM;$run_user;A;".time."'".nl();
- print br;
-
- # Need to SSH to home.snmc.cec.eu.int
- # if ( ! -d "/opt/home/$username" ) {
- # print "Creation directory";
- # system "mkdir /opt/home/$username";
- # system "chown $next_free_uidnumber:3500 /opt/home/$username";
- # }
-
- my $attr = [
- 'cn' => $username,
- 'sn' => $username,
- 'uid' => $username,
- 'uidNumber' => $uidn,
- 'gidNumber' => $gidn,
- 'description' => $description,
- 'mail' => $mail,
- 'gecos' => $name,
- 'homeDirectory' => "/home/$username",
- 'loginShell' => '/bin/ksh',
- 'shadowLastChange' => '11640',
- 'shadowFlag' => '0',
- 'auditInformation' => "$IM;$run_user;A;".time,
- 'objectClass' => ['inetOrgPerson', 'organizationalPerson', 'person', 'posixAccount', 'shadowAccount', 'simpleSecurityObject', 'Audit', 'top' ],
- ];
-
- my $pass;
- if ($old_result && defined($old_password)) {
- $pass = $old_password;
- my $ppolicy = "cn=migration,ou=policies,ou=SNet,ou=2,ou=C,o=DIGIT,dc=ec,dc=europa,dc=eu";
- unshift(@{$attr}, 'pwdConstraintSubentry' => $ppolicy, 'pwdPolicySubentry' => $ppolicy);
- }
- else {
- $pass = '{CLEARTEXT}P@ssword01'
- }
- unshift(@{$attr}, 'userPassword' => $pass);
-
- print "adding to the SNet LDAP server '$ldap_server'".nl();
-
- $results = $ldap->add ( $uid_dn,
- attr => $attr,
- );
- if ( ( $results->code ) && ( $results->code != 32 ) ) {
- print "Code:" . $results->code . " '" . $results->error ."'" .nl();
- $ldap->unbind;
- exit 1;
- }
-
- $results->code && warn "failed to add entry: ", $results->error ;
-
- undef $results;
-
-# $result = $ldap->modify( "cn=snmc,ou=group,dc=snmc,dc=cec,dc=eu,dc=int", add => { memberUid => $username } );
-# $result->code && warn "failed to modify group snmc: ", $result->error ;
-# $result = $ldap->modify( "cn=NS,ou=group,dc=snmc,dc=cec,dc=eu,dc=int", add => { memberUid => $username } );
-# $result->code && warn "failed to modify group: ", $result->error ;
-
- print "User '$username' created.".nl();
-
- if ( $belongs_admin ) {
- $results = $ldap->modify( $belongs_admin, add => { member => [ $uid_dn ] } );
- if (defined($results)) {
- print "user added to admin group".nl();
- undef $results;
- }
- else {
- print "fail to add user to admin group".nl();
- }
- }
- if ( $belongs_network || $belongs_security || $belongs_iss3 ) {
- $results = $ldap->modify( $folder, add => { memberUid => [ $username ] } );
- $folder =~ s/^cn=//;
- $folder =~ s/,.*//;
- if (defined($results)) {
- print "user added to $folder group".nl();
- undef $results;
- }
- else {
- print "fail to add user to $folder group".nl();
- }
- }
- else {
- print "user was added without group membership".nl();
- }
-
-} else {
-
- if ( (defined($action)) && ($action eq "Submit") ) {
-
- if ($pcount > 1) {
- print "ERROR: only 1 base group is valid".nl();
- }
- if ( defined($username) && ($username !~ /^$/) && ($username !~ /^[\w-]+$/ ) ) {
- print "ERROR: username contains some unsupported characters.".nl();
- }
- if ( defined($IM) && ($IM !~ /^$/) && ( $IM !~ /^IM\d{10}$/ ) ) {
- print "ERROR: IM is not a valid IM number.".nl();
- }
- if (defined($ldap_admin) && ($ldap_admin !~ /^$/) && ($ldap_admin !~ /^[\w=,-]+$/)) {
- print "ERROR: admin dn contains some unsupported characters.".nl();
- }
- }
- print_prompt($ldap_admin, $ldap_passwd, $username, $IM);
-}
-print '</div>';
-print "<hr> <address>Snet NS Team</address><br> <a href=\"\">Home Page</a>";
-print end_html;
-
-exit 1;
-
diff --git a/backup/ldap_NS_adduser.pl b/backup/ldap_NS_adduser.pl
deleted file mode 100755
index d30e478cfe10cfc41803a18043fbb1612040dadd..0000000000000000000000000000000000000000
--- a/backup/ldap_NS_adduser.pl
+++ /dev/null
@@ -1,648 +0,0 @@
-#!/usr/bin/perl
-
-#
-use strict;
-use warnings;
-
-#
-use Data::Dumper;
-use CGI qw/:standard start_ol/;
-use Config::IniFiles;
-use File::Basename;
-
-use Net::LDAP;
-use Data::Dumper;
-
-# unbuffered output:
-$| = 1;
-
-BEGIN {
- my $iniFile = new Config::IniFiles( -file => "/opt/etc/ini/global.ini" );
- push( @INC, $iniFile->val( 'APPLICATION', 'LIBRARY' ) );
-}
-use SNET::access;
-use SNET::common;
-use SNET::html;
-use SNET::ActiveDirectory;
-
-use vars qw($verbose $debug $help $env $script $cli_mode $action $IM $username $belongs_iss3 $belongs_network $belongs_security $belongs_admin $migration $ldap_admin $ldap_passwd);
-$debug = 0;
-$verbose = 0;
-($script) = split(/\./,basename($0));
-
-my $title = "LDAP Add User";
-my $function = $title;
-$function =~s/\s/_/g;
-my $href = "";
-my $header = "";
-my $html_msg = "";
-
-my $global_iniFile = new Config::IniFiles( -file => "/opt/etc/ini/global.ini" );
-
-$env = "test"; # "prod";
-($html_msg) = Access_snet_script_head( $script, $global_iniFile, $ENV, $env );
-
-# Get current user
-my $run_user = '';
-if (defined($ENV{"HTTP_AUTHUSER"})) {
- $run_user = $ENV{"HTTP_AUTHUSER"};
-}
-if ( $cli_mode && ($run_user eq '') ) {
- $run_user = $ENV{"USERNAME"};
-}
-
-if (defined($run_user)) {
- $run_user =~ s/uid=//;
- $run_user =~ s/,.*$//g;
-}
-
-=head1 print_prompt - HTML Form
-
- Display the HTML Form parameters.
-
- Arguments:
- - Login name:
- - Text field to write the new login name to be created. The username should already exist in Net1.
- - IM:
- - Text field to write the SMT IM associated with the request.
- - Options:
- - iss3,network,security: select only one where the user belong to.
- - verbose: active the verbose output.
- - debug: active the debug output.
-
-=cut
-
-sub print_prompt ($$$$)
-{
- my ($ldap_admin, $ldap_passwd, $username, $IM) = @_;
-
- print start_form(-enctype=>&CGI::MULTIPART);
-
- print "<em>Administrator uid (or full dn): </em>";
- print textfield(-name=>'ldap_admin',
- -default=>($ldap_admin ?
- $ldap_admin :
- 'cn=administrator,ou=people,ou=management,dc=ec,dc=europa,dc=eu'),
- -size=>50,
- -maxlength=>80);
- print nl();
-
- print nl();
- print "<em>Administrator password: </em>";
- print password_field(-name=>'ldap_passwd',
- -default=>($ldap_passwd?$ldap_passwd:''),
- -size=>50,
- -maxlength=>100);
- print nl();
-
- print nl();
- print "<em>Login name (same as net1): </em>";
- print textfield(-name=>'username',
- -default=>($username?$username:''),
- -size=>50,
- -maxlength=>80);
- print nl();
-
- print nl();
- print "<em>IM (Full SMT ticket number): </em>";
- print textfield(-name=>'IM',
- -default=>($IM?$IM:''),
- -override=>1,
- -size=>50,
- -maxlength=>100);
- print nl();
-
- print nl();
- print "<em>Options: </em>".nl();
- print checkbox_group(-name=>'belongs',
- -values=>['administrator','iss3','network','security','migration','verbose','debug'],
- -linebreak=>'true');
- print nl();
-
- print "<p>",submit('action','Submit'),reset;
- print end_form();
-
-}
-
-=head1 do_work - HTML Parameters
-
- display the parameters passed to the web interface.
-
- Arguments: None
-
-=cut
-
-sub do_work ()
-{
- my(@values,$key);
-
- return if (!param);
- print "<h2>Here are the current settings used for the $title processor</h2>";
-
- foreach $key (param) {
- next if ( $key =~/passw/i );
- print "<strong>$key</strong> -> ";
- @values = param($key);
- print join(", ",@values).nl();
- }
- print nl().nl();
-}
-
-$action = '';
-
-my $old_people_tree = "ou=People,dc=snmc,dc=cec,dc=eu,dc=int";
-my $new_people_tree = "ou=people,ou=SNet,ou=2,ou=C,o=DIGIT,dc=ec,dc=europa,dc=eu";
-my $new_dead_people_tree = "ou=expired,ou=SNet,ou=2,ou=C,o=DIGIT,dc=ec,dc=europa,dc=eu";
-
-$IM = param('IM') if (defined(param('IM')) && (param('IM') !~ /^$/) && (param('IM') =~ /^IM\d+$/) );
-$action = param('action') if (defined(param('action')) && (param('action') !~ /^$/) && (param('action') =~ /^\w+$/) );
-$username = param('username') if (defined(param('username')) && (param('username') !~ /^$/) && (param('username')=~ /^[\w-]+$/ ) );
-if (defined(param('ldap_admin')) && (param('ldap_admin') !~ /^$/) && (param('ldap_admin')=~ /^[\w=,-]+$/ ) ) {
- $ldap_admin = param('ldap_admin');
- if ($ldap_admin !~ /,/) {
- $ldap_admin='uid='.$ldap_admin.','.$new_people_tree;
- }
-}
-$ldap_passwd = param('ldap_passwd') if (defined(param('ldap_passwd')) && (param('ldap_passwd') !~ /^$/) );
-
-$belongs_admin = 0;
-$belongs_iss3 = 0;
-$belongs_network = 0;
-$belongs_security = 0;
-$migration = 0;
-my $pcount = 0;
-
-if ( ( defined (param('belongs') ) && (param('belongs') !~ /^$/ ) ) ) {
- my @values = param('belongs');
- my $belongs = join(", ",@values);
- $belongs =~s/\n//;
- $belongs =~s/\r//;
- $belongs =~s/\s+//;
- if ( $belongs =~ /administrator/ ) {
- $belongs_admin = 1;
- }
- if ( $belongs =~ /iss3/ ) {
- $belongs_iss3 = 1;
- $pcount++;
- }
- if ( $belongs =~ /network/ ) {
- $belongs_network = 1;
- $pcount++;
- }
- if ( $belongs =~ /security/ ) {
- $belongs_security = 1;
- $pcount++;
- }
-
- $verbose = 1 if ( $belongs =~ /verbose/ );
- $debug = 1 if ( $belongs =~ /debug/ );
- $migration = 1 if ( $belongs =~ /migration/ );
-}
-
-print header(
- -charset => 'UTF-8',
- );
-
-dg_header_html( $title, 1, 0, $href, $header );
-print $html_msg . nl();
-
-# TODO add only one belongs_* stuff
-#$belongs_iss3 = 0;
-#$belongs_network = 0;
-#$belongs_security = 0;
-
-if ( defined($username) && ($username !~ /^$/) && ($username =~ /^[\w-]+$/ ) && defined($IM) && ($IM !~ /^$/) && ( $IM =~ /^IM\d{10}$/ ) && (defined($action)) && ($action eq "Submit") && ($pcount <= 1) ) {
-
- do_work();
-
- my $AiniFile = new Config::IniFiles( -file => $global_iniFile->val( 'INI', 'AD' ) );
- my $adserver = $AiniFile->val( 'AD_NET1', 'SERVER' );
- print "error value of adserver is undefined" if ( !defined($adserver) );
- my $aduser = $AiniFile->val( 'AD_NET1', 'USER' );
- print "error value of aduser is undefined" if ( !defined($aduser) );
- my $adpasswd = $AiniFile->val( 'AD_NET1', 'PASSWORD');
- print "error value of adpasswd is undefined" if ( !defined($adpasswd) );
-
-
- my $attrs = [ 'displayName', 'mail' ];
-
- my ( $mail, $name ) = ( '', '' );
- print "Searching Net1 for userlogin : '$username'".nl();
-
- my $ad = Net::LDAP->new( $adserver )
- or die "Could not connect to AD: $adserver!";
-
- $ad->bind($aduser, password=>$adpasswd);
-
- #my $searchbase = 'OU=Users_ITIC,OU=DIGIT,OU=DGs,DC=net1,DC=cec,DC=eu,DC=int';
- my $searchbase = 'OU=DIGIT,OU=DGs,DC=net1,DC=cec,DC=eu,DC=int';
- my $filter = "sAMAccountName=$username";
-
- my $results = $ad->search(base=>$searchbase,filter=>$filter,attrs=>$attrs);
- if ( ( $results->code ) && ( $results->code != 32 ) ) {
- print "Code:" . $results->code . " '" . $results->error ."'" .nl();
- $ad->unbind;
- exit 1;
- }
- my $count = $results->count;
-
- if ( $count != 1 ) {
- print "More than 1 entries fetched from the AD Net1. Do not know what to do. One and only one entry should be found." . nl();
- $ad->unbind;
- exit;
- } else {
- print "'$count' record fetched from Net1.".nl();
- }
-
- my $entry = $results->entry( 0 );
-
- $mail = $entry->get_value('mail');
- $name = $entry->get_value('displayName');
- $name =~s/\s\(.*$//;
- $mail = lc( $mail );
-
- $ad->unbind;
- undef $results;
-
- print "Pursuing the addition of user '$username' with parameters:".nl();
- print " - Realname: '$name'".nl();
- print " - Email: '$mail'".nl();
- print br;
-
-
- # Check if username already exist
- my $ldap_server = 'ldap.snmc.cec.eu.int';
- my $homeserver = "home.snmc.cec.eu.int";
- my $ldap_min_uid = 2000;
- my $ldap_max_uid = 10000;
- print "Connecting to $ldap_server...".nl();
-
- my $ldap = Net::LDAP->new( $ldap_server,
- onerror => sub { print "oups! ".$_[0]->error().nl(); return undef; }, ) or die "$@";
-
- $ldap->start_tls( verify => 'require',
- cafile => '/usr/share/ca-certificates/cec.eu.int/cec.eu.int_CA.crt',
- );
- $ldap->bind ( $ldap_admin, password => $ldap_passwd );
-
- print "Searching directory for existing uid: $username".nl();
-
- $results = $ldap->search( base => $new_people_tree, filter => "(uid=$username)", attrs => ["cn", "uidNumber"]);
-
- if (defined($results)) {
- $results->code && die $results->error;
- $count = $results->count;
-
- if ( $count != 0 ) {
- print "Account already exist ('$count') in SNet LDAP. stopping process." . nl();
- $entry = $results->entry( 0 );
- print "cn: " . $entry->get_value('cn') . " uid " . $entry->get_value('uidNumber') .nl();
- $ldap->unbind;
- exit;
- }
- undef $results;
-
- } else {
- print "Did not found any existing entry in the LDAP SNet directory.".nl();
- }
-
- $results = $ldap->search( base => $new_dead_people_tree, filter => "(uid=$username)", attrs => ["cn", "uidNumber"]);
-
- if (defined($results)) {
- # TODO: branch does not yet exist...
- if ( ( $results->code ) && ( $results->code != 32 ) ) {
- print "Code:" . $results->code . " '" . $results->error ."'" .nl();
- $ldap->unbind;
- exit 1;
- }
- $count = $results->count;
-
- if ( $count != 0 ) {
- print "Account already exist in SNet LDAP for the old members! stopping process." . nl();
- $ldap->unbind;
- exit;
- } else {
- print "Did not found any existing entry in the LDAP SNet old members directory.".nl();
- }
- }
-
- undef $results;
-
- my $old_ldap;
- my $old_ldap_server = 'snmc-ldapns.snmc.cec.eu.int';
- my $old_admin = 'cn=Directory Manager';
- my $old_passwd = 'DirectoryM!';
-
- my $old_password;
- my $old_uidnumber;
- my @old_description;
- my $old_result = 0;
-
- my $next_free_uidnumber;
-
- if ($migration) {
-
- print "Checking if this is a migration from old directory...".nl();
-
- eval {
-
- $old_ldap = Net::LDAP->new( $old_ldap_server,
- onerror => sub { print "oupsi! ".$_[0]->error().nl(); return undef; }, )
- or die "Could not connect to $old_ldap_server!";
- $old_ldap->bind($old_admin, password => $old_passwd);
-
- $results = $old_ldap->search( base => $old_people_tree, filter => "(uid=$username)", attrs => ["userPassword", "uidNumber", "description"]);
- if (defined($results) && ($results->count == 1)) {
- $old_password = $results->entry->get_value( 'userPassword' );
- $old_uidnumber = $results->entry->get_value( 'uidNumber' );
- @old_description = $results->entry->get_value( 'description' );
- print "Found an uid matching with uidnumber : $old_uidnumber".nl();
- if (defined($old_uidnumber)) {
- undef $results;
- $results = $ldap->search( base => $new_people_tree, filter => "(uidNumber=$old_uidnumber)", attrs => ["cn"]);
- if ($results->count != 0) {
- undef $old_uidnumber;
- }
- else {
- $next_free_uidnumber = $old_uidnumber;
- }
- undef $results;
- }
- $old_result = 1;
- }
- else {
- print "seems to be a new user".nl();
- }
- $old_ldap->unbind;
-
- };
- if ($@) {
- print "oupsi! $@".nl();
- $old_ldap->unbind;
- }
- }
- undef $results;
-
- if (!(defined($old_uidnumber))) {
-
- print "Allocating a new uidNumber...".nl();
-
- # fetching all the uid, to find the next available uid
-
- # first tree... the living one...
- $results = $ldap->search( base => $new_people_tree, filter => "(&(objectClass=posixAccount)(uid=*))", attrs => ["cn", "uidNumber"]);
-
- exit 1 unless defined($results);
- if ( ( $results->code ) && ( $results->code != 32 ) ) {
- print "Code:" . $results->code . " '" . $results->error ."'" .nl();
- $ldap->unbind;
- exit 1;
- }
-
-
- $count = $results->count;
- if ($count != 0) {
- print "found $count already used uid(s)".nl();
- }
-
- my %blah;
- foreach my $entry ($results->entries) {
-
- # $entry->dump;
- my $uid=$entry->get_value( 'cn' );
- my $uidnumber=$entry->get_value( 'uidNumber');
-
- if (defined($blah{$uidnumber})) {
- $blah{$uidnumber}=$blah{$uidnumber} + 1;
- }
- else {
- if (($uidnumber >= $ldap_min_uid) && ($uidnumber < 10000)) {
- $blah{$uidnumber} = 1;
- }
- }
- }
-
- undef $results;
-
- # searching the dead one...
- $results = $ldap->search( base => $new_dead_people_tree, filter => "(uid=*)", attrs => ["cn", "uidNumber"]);
- if (defined($results)) {
- if ( ( $results->code ) && ( $results->code != 32 ) ) {
- print "Code:" . $results->code . " '" . $results->error ."'" .nl();
- $ldap->unbind;
- exit 1;
- }
-
- foreach my $entry ($results->entries) {
-
- # $entry->dump;
- my $uid=$entry->get_value( 'cn' );
- my $uidnumber=$entry->get_value( 'uidNumber');
-
- if (defined($blah{$uidnumber})) {
- $blah{$uidnumber}=$blah{$uidnumber} + 1;
- }
- else {
- if (($uidnumber >= $ldap_min_uid) && ($uidnumber < $ldap_max_uid)) {
- $blah{$uidnumber} = 1;
- }
- }
- }
-
- undef $results;
- }
-
- foreach my $key (sort { $a <=> $b } (keys(%blah))) {
- if ($blah{$key} > 1) {
- print "WARNING : uid number $key is used several time!" . nl();
- }
- }
-
- for ($next_free_uidnumber = $ldap_min_uid; $next_free_uidnumber <= $ldap_max_uid; $next_free_uidnumber++) {
- if (!defined($blah{$next_free_uidnumber})) {
- last;
- }
- }
-
- }
-
- if ($next_free_uidnumber < $ldap_max_uid) {
- print "next free uid number : $next_free_uidnumber" . nl();
- }
- else {
- print "No more uid number available!" . nl();
- exit 1;
- }
-
- my $uidn = $next_free_uidnumber;
- my $gidn = 3500; # gid is snmc...
-
- my $description = ();
- my $folder = '';
- if ( $belongs_admin ) {
- $belongs_admin = 'cn=admin,ou=groups,ou=SNet,ou=2,ou=C,o=DIGIT,dc=ec,dc=europa,dc=eu';
- }
- if ( $belongs_network ) {
- if ($old_result) {
- push( @$description, @old_description );
- }
- else {
- push ( @$description, 'RPRO' );
- push ( @$description, 'PSRO' );
- push ( @$description, 'CWRW' );
- }
- $folder = 'cn=network,ou=groups,ou=SNet,ou=2,ou=C,o=DIGIT,dc=ec,dc=europa,dc=eu';
- } elsif ( $belongs_security ) {
- if ($old_result) {
- push( @$description, @old_description );
- }
- else {
- push ( @$description, 'RPRW' );
- push ( @$description, 'PSRW' );
- push ( @$description, 'CWRO' );
- }
- $folder = 'cn=security,ou=groups,ou=SNet,ou=2,ou=C,o=DIGIT,dc=ec,dc=europa,dc=eu';
- } elsif ( $belongs_iss3 ) {
- if ($old_result) {
- push( @$description, @old_description );
- }
- else {
- push ( @$description, 'RPRW' );
- push ( @$description, 'PSRW' );
- push ( @$description, 'CWRA' );
- }
- $folder = 'cn=iss3,ou=groups,ou=SNet,ou=2,ou=C,o=DIGIT,dc=ec,dc=europa,dc=eu';
- }
- else {
- print "ignoring old attributes as no group membership was specified".nl();
- #if ($old_result) {
- # push( @$description, @old_description );
- #}
- #else {
- push ( @$description, 'RPRO' );
- push ( @$description, 'PSRO' );
- push ( @$description, 'CWRO' );
- #}
- }
-
- #my $uid_dn = "uid=${username},ou=${folder},".$new_people_tree;
- my $uid_dn = "uid=${username},".$new_people_tree;
-
- print "Creating user '$username' using the following parameters:".nl();
- print " - Realname: '$name'".nl();
- print " - Email: '$mail'".nl();
- print " - UID number: '$uidn'" .nl();
- print " - GID number: '$gidn'" .nl();
- print " - description: " . Dumper ( $description ) . nl();
- print " - uid_dn: '$uid_dn'".nl();
- print " - AUDIT: '$IM;$run_user;A;".time."'".nl();
- print br;
-
- # Need to SSH to home.snmc.cec.eu.int
- # if ( ! -d "/opt/home/$username" ) {
- # print "Creation directory";
- # system "mkdir /opt/home/$username";
- # system "chown $next_free_uidnumber:3500 /opt/home/$username";
- # }
-
- my $attr = [
- 'cn' => $username,
- 'sn' => $username,
- 'uid' => $username,
- 'uidNumber' => $uidn,
- 'gidNumber' => $gidn,
- 'description' => $description,
- 'mail' => $mail,
- 'gecos' => $name,
- 'homeDirectory' => "/home/$username",
- 'loginShell' => '/bin/ksh',
- 'shadowLastChange' => '11640',
- 'shadowFlag' => '0',
- 'auditInformation' => "$IM;$run_user;A;".time,
- 'objectClass' => ['inetOrgPerson', 'organizationalPerson', 'person', 'posixAccount', 'shadowAccount', 'simpleSecurityObject', 'Audit', 'top' ],
- ];
-
- my $pass;
- if ($old_result && defined($old_password)) {
- $pass = $old_password;
- my $ppolicy = "cn=migration,ou=policies,ou=SNet,ou=2,ou=C,o=DIGIT,dc=ec,dc=europa,dc=eu";
- unshift(@{$attr}, 'pwdConstraintSubentry' => $ppolicy, 'pwdPolicySubentry' => $ppolicy);
- }
- else {
- $pass = '{CLEARTEXT}P@ssword01'
- }
- unshift(@{$attr}, 'userPassword' => $pass);
-
- print "adding to the SNet LDAP server '$ldap_server'".nl();
-
- $results = $ldap->add ( $uid_dn,
- attr => $attr,
- );
- if ( ( $results->code ) && ( $results->code != 32 ) ) {
- print "Code:" . $results->code . " '" . $results->error ."'" .nl();
- $ldap->unbind;
- exit 1;
- }
-
- $results->code && warn "failed to add entry: ", $results->error ;
-
- undef $results;
-
-# $result = $ldap->modify( "cn=snmc,ou=group,dc=snmc,dc=cec,dc=eu,dc=int", add => { memberUid => $username } );
-# $result->code && warn "failed to modify group snmc: ", $result->error ;
-# $result = $ldap->modify( "cn=NS,ou=group,dc=snmc,dc=cec,dc=eu,dc=int", add => { memberUid => $username } );
-# $result->code && warn "failed to modify group: ", $result->error ;
-
- print "User '$username' created.".nl();
-
- if ( $belongs_admin ) {
- $results = $ldap->modify( $belongs_admin, add => { member => [ $uid_dn ] } );
- if (defined($results)) {
- print "user added to admin group".nl();
- undef $results;
- }
- else {
- print "fail to add user to admin group".nl();
- }
- }
- if ( $belongs_network || $belongs_security || $belongs_iss3 ) {
- $results = $ldap->modify( $folder, add => { memberUid => [ $username ] } );
- $folder =~ s/^cn=//;
- $folder =~ s/,.*//;
- if (defined($results)) {
- print "user added to $folder group".nl();
- undef $results;
- }
- else {
- print "fail to add user to $folder group".nl();
- }
- }
- else {
- print "user was added without group membership".nl();
- }
-
-} else {
-
- if ( (defined($action)) && ($action eq "Submit") ) {
-
- if ($pcount > 1) {
- print "ERROR: only 1 base group is valid".nl();
- }
- if ( defined($username) && ($username !~ /^$/) && ($username !~ /^[\w-]+$/ ) ) {
- print "ERROR: username contains some unsupported characters.".nl();
- }
- if ( defined($IM) && ($IM !~ /^$/) && ( $IM !~ /^IM\d{10}$/ ) ) {
- print "ERROR: IM is not a valid IM number.".nl();
- }
- if (defined($ldap_admin) && ($ldap_admin !~ /^$/) && ($ldap_admin !~ /^[\w=,-]+$/)) {
- print "ERROR: admin dn contains some unsupported characters.".nl();
- }
- }
- print_prompt($ldap_admin, $ldap_passwd, $username, $IM);
-}
-print '</div>';
-print "<hr> <address>Snet NS Team</address><br> <a href=\"\">Home Page</a>";
-print end_html;
-
-exit 1;
-
diff --git a/backup/ldap_NS_adduser_121227.pl b/backup/ldap_NS_adduser_121227.pl
deleted file mode 100755
index baa52e8edc81d0f3f42789b52adf6c8e173362a0..0000000000000000000000000000000000000000
--- a/backup/ldap_NS_adduser_121227.pl
+++ /dev/null
@@ -1,475 +0,0 @@
-#!/usr/bin/perl
-
-#
-use strict;
-use warnings;
-
-#
-use Data::Dumper;
-use CGI qw/:standard start_ol/;
-use Config::IniFiles;
-use File::Basename;
-
-use Net::LDAP;
-use Data::Dumper;
-
-# unbuffered output:
-$| = 1;
-
-BEGIN {
- my $iniFile = new Config::IniFiles( -file => "/opt/etc/ini/global.ini" );
- push( @INC, $iniFile->val( 'APPLICATION', 'LIBRARY' ) );
-}
-use SNET::access;
-use SNET::common;
-use SNET::html;
-use SNET::ActiveDirectory;
-
-use vars qw($verbose $debug $help $env $script $cli_mode $action $IM $username $belongs_iss3 $belongs_network $belongs_security);
-$debug = 0;
-$verbose = 0;
-($script) = split(/\./,basename($0));
-
-my $title = "LDAP Add User";
-my $function = $title;
-$function =~s/\s/_/g;
-my $href = "";
-my $header = "";
-my $html_msg = "";
-
-my $global_iniFile = new Config::IniFiles( -file => "/opt/etc/ini/global.ini" );
-
-$env = "test"; # "prod";
-($html_msg) = Access_snet_script_head( $script, $global_iniFile, $ENV, $env );
-
-# Get current user
-my $run_user = '';
-if (defined($ENV{"HTTP_AUTHUSER"})) {
- $run_user = $ENV{"HTTP_AUTHUSER"};
-}
-if ( $cli_mode && ($run_user eq '') ) {
- $run_user = $ENV{"USERNAME"};
-}
-$run_user =~ s/uid=//;
-$run_user =~ s/,.*$//g;
-
-=head1 print_prompt - HTML Form
-
- Display the HTML Form parameters.
-
- Arguments:
- - Login name:
- - Text field to write the new login name to be created. The username should already exist in Net1.
- - IM:
- - Text field to write the SMT IM associated with the request.
- - Options:
- - iss3,network,security: select only one where the user belong to.
- - verbose: active the verbose output.
- - debug: active the debug output.
-
-=cut
-
-sub print_prompt ($$)
-{
- my ($username, $IM) = @_;
-
- print start_form(-enctype=>&CGI::MULTIPART);
-
- print "<em>Login name (same as net1): </em>";
- print textfield(-name=>'username',
- -default=>($username?$username:''),
- -size=>50,
- -maxlength=>80);
- print nl();
-
- print nl();
- print "<em>IM (Full SMT ticket number): </em>";
- print textfield(-name=>'IM',
- -default=>($IM?$IM:''),
- -override=>1,
- -size=>50,
- -maxlength=>100);
- print nl();
-
- print nl();
- print "<em>Options: </em>".nl();
- print checkbox_group(-name=>'belongs',
- -values=>['iss3','network','security','verbose','debug'],
- -linebreak=>'true');
- print nl();
-
- print "<p>",submit('action','Submit'),reset;
- print end_form();
-
-}
-
-=head1 do_work - HTML Parameters
-
- display the parameters passed to the web interface.
-
- Arguments: None
-
-=cut
-
-sub do_work ()
-{
- my(@values,$key);
-
- return if (!param);
- print "<h2>Here are the current settings used for the $title processor</h2>";
-
- foreach $key (param) {
- next if ( $key =~/passw/i );
- print "<strong>$key</strong> -> ";
- @values = param($key);
- print join(", ",@values).nl();
- }
- print nl().nl();
-}
-
-$action = '';
-
-$IM = param('IM') if (defined(param('IM')) && (param('IM') !~ /^$/) && (param('IM') =~ /^IM\d+$/) );
-$action = param('action') if (defined(param('action')) && (param('action') !~ /^$/) && (param('action') =~ /^\w+$/) );
-$username = param('username') if (defined(param('username')) && (param('username') !~ /^$/) && (param('username')=~ /^[\w-]+$/ ) );
-
-$belongs_iss3 = 0;
-$belongs_network = 0;
-$belongs_security = 0;
-my $pcount = 0;
-
-if ( ( defined (param('belongs') ) && (param('belongs') !~ /^$/ ) ) ) {
- my @values = param('belongs');
- my $belongs = join(", ",@values);
- $belongs =~s/\n//;
- $belongs =~s/\r//;
- $belongs =~s/\s+//;
- if ( $belongs =~ /iss3/ ) {
- $belongs_iss3 = 1;
- $pcount++;
- }
- if ( $belongs =~ /network/ ) {
- $belongs_network = 1;
- $pcount++;
- }
- if ( $belongs =~ /security/ ) {
- $belongs_security = 1;
- $pcount++;
- }
-
- $verbose = 1 if ( $belongs =~ /verbose/ );
- $debug = 1 if ( $belongs =~ /debug/ );
-}
-
-print header(
- -charset => 'UTF-8',
- );
-
-dg_header_html( $title, 1, 0, $href, $header );
-print $html_msg . nl();
-
-# TODO add only one belongs_* stuff
-#$belongs_iss3 = 0;
-#$belongs_network = 0;
-#$belongs_security = 0;
-
-if ( defined($username) && ($username !~ /^$/) && ($username =~ /^[\w-]+$/ ) && defined($IM) && ($IM !~ /^$/) && ( $IM =~ /^IM\d{10}$/ ) && (defined($action)) && ($action eq "Submit") && ($pcount == 1) ) {
-
- do_work();
-
- my $AiniFile = new Config::IniFiles( -file => $global_iniFile->val( 'INI', 'AD' ) );
- my $adserver = $AiniFile->val( 'AD_NET1', 'SERVER' );
- print "error value of adserver is undefined" if ( !defined($adserver) );
- my $aduser = $AiniFile->val( 'AD_NET1', 'USER' );
- print "error value of aduser is undefined" if ( !defined($aduser) );
- my $adpasswd = $AiniFile->val( 'AD_NET1', 'PASSWORD');
- print "error value of adpasswd is undefined" if ( !defined($adpasswd) );
-
- my $homeserver = "home.snmc.cec.eu.int";
- my $ldap_server = 'vldap02.dev.snmc.cec.eu.int';
- my $ldap_admin = 'cn=administrator,ou=admin,dc=snmc,dc=cec,dc=eu,dc=int';
- my $ldap_passwd = 'HNY2K3';
- my $ldap_min_uid = 2000;
- my $ldap_max_uid = 10000;
-
- my $attrs = [ 'displayName', 'mail' ];
-
- my ( $mail, $name ) = ( '', '' );
- print "Searching Net1 for userlogin : '$username'".nl();
-
- my $ad = Net::LDAP->new( $adserver )
- or die "Could not connect to AD: $adserver!";
-
- $ad->bind($aduser, password=>$adpasswd);
-
- my $searchbase = 'OU=Users_ITIC,OU=DIGIT,OU=DGs,DC=net1,DC=cec,DC=eu,DC=int';
- my $filter = "sAMAccountName=$username";
-
- my $results = $ad->search(base=>$searchbase,filter=>$filter,attrs=>$attrs);
- if ( ( $results->code ) && ( $results->code != 32 ) ) {
- print "Code:" . $results->code . " '" . $results->error ."'" .nl();
- $ad->unbind;
- exit 1;
- }
- my $count = $results->count;
-
- if ( $count != 1 ) {
- print "More than 1 entries fetched from the AD Net1. Do not know what to do. One and only one entry should be found." . nl();
- $ad->unbind;
- exit;
- } else {
- print "'$count' record fetched from Net1.".nl();
- }
-
- my $entry = $results->entry( 0 );
-
- $mail = $entry->get_value('mail');
- $name = $entry->get_value('displayName');
- $name =~s/\s\(.*$//;
- $mail = lc( $mail );
-
- $ad->unbind;
- undef $results;
-
- print "Pursuing the addition of user '$username' with parameters:".nl();
- print " - Realname: '$name'".nl();
- print " - Email: '$mail'".nl();
- print br;
-
- # Check if username already exist
- my $ldap = Net::LDAP->new( $ldap_server ) or die "$@";
- $ldap->bind;
- $results = $ldap->search( base => "ou=people,o=snet,dc=snmc,dc=cec,dc=eu,dc=int", filter => "(uid=$username)", attrs => ["cn", "uidNumber"]);
- $results->code && die $results->error;
-
- $count = $results->count;
-
- if ( $count != 0 ) {
- print "Account already exist ('$count') in SNet LDAP. stopping process." . nl();
- $entry = $results->entry( 0 );
- print "cn: " . $entry->get_value('cn') . " uid " . $entry->get_value('uidNumber') .nl();
- $ldap->unbind;
- exit;
- } else {
- print "Did not found any existing entry in the LDAP SNet directory.".nl();
- }
-
- undef $results;
-
- $results = $ldap->search( base => "ou=people,o=dead,dc=snmc,dc=cec,dc=eu,dc=int", filter => "(uid=$username)", attrs => ["cn", "uidNumber"]);
-
- # TODO: branch does not yet exist...
- if ( ( $results->code ) && ( $results->code != 32 ) ) {
- print "Code:" . $results->code . " '" . $results->error ."'" .nl();
- $ldap->unbind;
- exit 1;
- }
- $count = $results->count;
-
- if ( $count != 0 ) {
- print "Account already exist in SNet LDAP for the old members! stopping process." . nl();
- $ldap->unbind;
- exit;
- } else {
- print "Did not found any existing entry in the LDAP SNet old members directory.".nl();
- }
-
- undef $results;
-
- # fetching all the uid, to find the next available uid
-
- # first tree... the living one...
- $results = $ldap->search( base => "ou=people,o=snet,dc=snmc,dc=cec,dc=eu,dc=int", filter => "(uid=*)", attrs => ["cn", "uidNumber"]);
- if ( ( $results->code ) && ( $results->code != 32 ) ) {
- print "Code:" . $results->code . " '" . $results->error ."'" .nl();
- $ldap->unbind;
- exit 1;
- }
-
- my %blah;
- foreach my $entry ($results->entries) {
-
- # $entry->dump;
- my $uid=$entry->get_value( 'cn' );
- my $uidnumber=$entry->get_value( 'uidNumber');
-
- if (defined($blah{$uidnumber})) {
- $blah{$uidnumber}=$blah{$uidnumber} + 1;
- }
- else {
- if (($uidnumber >= $ldap_min_uid) && ($uidnumber < 10000)) {
- $blah{$uidnumber} = 1;
- }
- }
- }
-
- undef $results;
-
- # searching the dead one...
- $results = $ldap->search( base => "ou=people,o=dead,dc=snmc,dc=cec,dc=eu,dc=int", filter => "(uid=*)", attrs => ["cn", "uidNumber"]);
- if ( ( $results->code ) && ( $results->code != 32 ) ) {
- print "Code:" . $results->code . " '" . $results->error ."'" .nl();
- $ldap->unbind;
- exit 1;
- }
-
- foreach my $entry ($results->entries) {
-
- # $entry->dump;
- my $uid=$entry->get_value( 'cn' );
- my $uidnumber=$entry->get_value( 'uidNumber');
-
- if (defined($blah{$uidnumber})) {
- $blah{$uidnumber}=$blah{$uidnumber} + 1;
- }
- else {
- if (($uidnumber >= $ldap_min_uid) && ($uidnumber < $ldap_max_uid)) {
- $blah{$uidnumber} = 1;
- }
- }
- }
-
- $ldap->unbind;
- undef $results;
-
- foreach my $key (sort { $a <=> $b } (keys(%blah))) {
- if ($blah{$key} > 1) {
- print "WARNING : uid number $key is used several time!" . nl();
- }
- }
-
- my $next_free_uidnumber;
- for ($next_free_uidnumber = $ldap_min_uid; $next_free_uidnumber <= $ldap_max_uid; $next_free_uidnumber++) {
- if (!defined($blah{$next_free_uidnumber})) {
- last;
- }
- }
-
- if ($next_free_uidnumber < $ldap_max_uid) {
- print "next free uid number : $next_free_uidnumber" . nl();
- }
- else {
- print "No more uid number available!" . nl();
- exit 1;
- }
-
- my $uidn = $next_free_uidnumber;
- my $gidn = 3500; # gid is snmc...
-
- my $description = ();
- my $folder = '';
- if ( $belongs_network ) {
- push ( @$description, 'RPRO' );
- push ( @$description, 'PSRO' );
- push ( @$description, 'CWRW' );
- $folder = 'network';
- } elsif ( $belongs_security ) {
- push ( @$description, 'RPRW' );
- push ( @$description, 'PSRW' );
- push ( @$description, 'CWRO' );
- $folder = 'security';
- } elsif ( $belongs_iss3 ) {
- push ( @$description, 'RPRW' );
- push ( @$description, 'PSRW' );
- push ( @$description, 'CWRA' );
- $folder = 'iss3';
- }
-
- my $uid_dn = "uid=${username},ou=${folder},ou=people,o=snet,dc=snmc,dc=cec,dc=eu,dc=int";
-
- print "Creating user '$username' using the following parameters:".nl();
- print " - Realname: '$name'".nl();
- print " - Email: '$mail'".nl();
- print " - UID number: '$uidn'" .nl();
- print " - GID number: '$gidn'" .nl();
- print " - description: " . Dumper ( $description ) . nl();
- print " - uid_dn: '$uid_dn'".nl();
- print " - SNetAUDIT: '$IM;$run_user;A;".time."'".nl();
- print br;
-
- # Need to SSH to home.snmc.cec.eu.int
- # if ( ! -d "/opt/home/$username" ) {
- # print "Creation directory";
- # system "mkdir /opt/home/$username";
- # system "chown $next_free_uidnumber:3500 /opt/home/$username";
- # }
-
- my $word = 'P@ssword01';
-
- # password is sha1 automatically on server side.
- #
- # srand(time ^ $$);
- # my @saltchars=('a'..'z','A'..'Z',0..9,'.','/');
- # my $salt=$saltchars[int(rand($#saltchars+1))];
- # $salt.=$saltchars[int(rand($#saltchars+1))];
- # my $pass = crypt($word,$salt);
- my $pass = $word;
-
- print "Adding to the SNet LDAP server '$ldap_server'".nl();
-
- $ldap = Net::LDAP->new($ldap_server) or die "$@";
- $ldap->bind ( $ldap_admin, password => $ldap_passwd );
-
- $results = $ldap->add ( $uid_dn,
- attr => [
- 'cn' => $username,
- 'sn' => $username,
- 'uid' => $username,
- 'uidNumber' => $uidn,
- 'gidNumber' => $gidn,
- 'description' => $description,
- 'mail' => $mail,
- 'gecos' => $name,
- 'homeDirectory' => "/home/$username",
- 'loginShell' => '/bin/ksh',
- 'userPassword' => '{crypt}'.$pass,
-
- #'shadowLastChange' => '11640',
- #'shadowFlag' => '0',
- 'SNetDN' => $uid_dn,
- 'SNetAUDIT' => "$IM;$run_user;A;".time,
- 'objectClass' => ['inetOrgPerson', 'organizationalPerson', 'person', 'posixAccount', 'simpleSecurityObject', 'SNetPerson', 'top' ],
- ]
- );
- if ( ( $results->code ) && ( $results->code != 32 ) ) {
- print "Code:" . $results->code . " '" . $results->error ."'" .nl();
- $ldap->unbind;
- exit 1;
- }
-
- $results->code && warn "failed to add entry: ", $results->error ;
-
- undef $results;
-
-# $result = $ldap->modify( "cn=snmc,ou=group,dc=snmc,dc=cec,dc=eu,dc=int", add => { memberUid => $username } );
-# $result->code && warn "failed to modify group snmc: ", $result->error ;
-# $result = $ldap->modify( "cn=NS,ou=group,dc=snmc,dc=cec,dc=eu,dc=int", add => { memberUid => $username } );
-# $result->code && warn "failed to modify group: ", $result->error ;
-
- print "User '$username' created.".nl();
-
-} else {
-
- if ( (defined($action)) && ($action eq "Submit") ) {
-
- if ($pcount > 1) {
- print "ERROR: only 1 group is valid".nl();
- }elsif ($pcount < 1) {
-
- print "ERROR: at least 1 group is needed".nl();
- }
- if ( defined($username) && ($username !~ /^$/) && ($username !~ /^[\w-]+$/ ) ) {
- print "ERROR: username contains some unsupported characters.".nl();
- }
- if ( defined($IM) && ($IM !~ /^$/) && ( $IM !~ /^IM\d{10}$/ ) ) {
- print "ERROR: IM is not a valid IM number.".nl();
- }
- }
- print_prompt($username, $IM);
-}
-print '</div>';
-print "<hr> <address>Snet NS Team</address><br> <a href=\"\">Home Page</a>";
-print end_html;
-
-exit 1;
-
diff --git a/backup/ldap_NS_adduser_old.pl b/backup/ldap_NS_adduser_old.pl
deleted file mode 100755
index baa52e8edc81d0f3f42789b52adf6c8e173362a0..0000000000000000000000000000000000000000
--- a/backup/ldap_NS_adduser_old.pl
+++ /dev/null
@@ -1,475 +0,0 @@
-#!/usr/bin/perl
-
-#
-use strict;
-use warnings;
-
-#
-use Data::Dumper;
-use CGI qw/:standard start_ol/;
-use Config::IniFiles;
-use File::Basename;
-
-use Net::LDAP;
-use Data::Dumper;
-
-# unbuffered output:
-$| = 1;
-
-BEGIN {
- my $iniFile = new Config::IniFiles( -file => "/opt/etc/ini/global.ini" );
- push( @INC, $iniFile->val( 'APPLICATION', 'LIBRARY' ) );
-}
-use SNET::access;
-use SNET::common;
-use SNET::html;
-use SNET::ActiveDirectory;
-
-use vars qw($verbose $debug $help $env $script $cli_mode $action $IM $username $belongs_iss3 $belongs_network $belongs_security);
-$debug = 0;
-$verbose = 0;
-($script) = split(/\./,basename($0));
-
-my $title = "LDAP Add User";
-my $function = $title;
-$function =~s/\s/_/g;
-my $href = "";
-my $header = "";
-my $html_msg = "";
-
-my $global_iniFile = new Config::IniFiles( -file => "/opt/etc/ini/global.ini" );
-
-$env = "test"; # "prod";
-($html_msg) = Access_snet_script_head( $script, $global_iniFile, $ENV, $env );
-
-# Get current user
-my $run_user = '';
-if (defined($ENV{"HTTP_AUTHUSER"})) {
- $run_user = $ENV{"HTTP_AUTHUSER"};
-}
-if ( $cli_mode && ($run_user eq '') ) {
- $run_user = $ENV{"USERNAME"};
-}
-$run_user =~ s/uid=//;
-$run_user =~ s/,.*$//g;
-
-=head1 print_prompt - HTML Form
-
- Display the HTML Form parameters.
-
- Arguments:
- - Login name:
- - Text field to write the new login name to be created. The username should already exist in Net1.
- - IM:
- - Text field to write the SMT IM associated with the request.
- - Options:
- - iss3,network,security: select only one where the user belong to.
- - verbose: active the verbose output.
- - debug: active the debug output.
-
-=cut
-
-sub print_prompt ($$)
-{
- my ($username, $IM) = @_;
-
- print start_form(-enctype=>&CGI::MULTIPART);
-
- print "<em>Login name (same as net1): </em>";
- print textfield(-name=>'username',
- -default=>($username?$username:''),
- -size=>50,
- -maxlength=>80);
- print nl();
-
- print nl();
- print "<em>IM (Full SMT ticket number): </em>";
- print textfield(-name=>'IM',
- -default=>($IM?$IM:''),
- -override=>1,
- -size=>50,
- -maxlength=>100);
- print nl();
-
- print nl();
- print "<em>Options: </em>".nl();
- print checkbox_group(-name=>'belongs',
- -values=>['iss3','network','security','verbose','debug'],
- -linebreak=>'true');
- print nl();
-
- print "<p>",submit('action','Submit'),reset;
- print end_form();
-
-}
-
-=head1 do_work - HTML Parameters
-
- display the parameters passed to the web interface.
-
- Arguments: None
-
-=cut
-
-sub do_work ()
-{
- my(@values,$key);
-
- return if (!param);
- print "<h2>Here are the current settings used for the $title processor</h2>";
-
- foreach $key (param) {
- next if ( $key =~/passw/i );
- print "<strong>$key</strong> -> ";
- @values = param($key);
- print join(", ",@values).nl();
- }
- print nl().nl();
-}
-
-$action = '';
-
-$IM = param('IM') if (defined(param('IM')) && (param('IM') !~ /^$/) && (param('IM') =~ /^IM\d+$/) );
-$action = param('action') if (defined(param('action')) && (param('action') !~ /^$/) && (param('action') =~ /^\w+$/) );
-$username = param('username') if (defined(param('username')) && (param('username') !~ /^$/) && (param('username')=~ /^[\w-]+$/ ) );
-
-$belongs_iss3 = 0;
-$belongs_network = 0;
-$belongs_security = 0;
-my $pcount = 0;
-
-if ( ( defined (param('belongs') ) && (param('belongs') !~ /^$/ ) ) ) {
- my @values = param('belongs');
- my $belongs = join(", ",@values);
- $belongs =~s/\n//;
- $belongs =~s/\r//;
- $belongs =~s/\s+//;
- if ( $belongs =~ /iss3/ ) {
- $belongs_iss3 = 1;
- $pcount++;
- }
- if ( $belongs =~ /network/ ) {
- $belongs_network = 1;
- $pcount++;
- }
- if ( $belongs =~ /security/ ) {
- $belongs_security = 1;
- $pcount++;
- }
-
- $verbose = 1 if ( $belongs =~ /verbose/ );
- $debug = 1 if ( $belongs =~ /debug/ );
-}
-
-print header(
- -charset => 'UTF-8',
- );
-
-dg_header_html( $title, 1, 0, $href, $header );
-print $html_msg . nl();
-
-# TODO add only one belongs_* stuff
-#$belongs_iss3 = 0;
-#$belongs_network = 0;
-#$belongs_security = 0;
-
-if ( defined($username) && ($username !~ /^$/) && ($username =~ /^[\w-]+$/ ) && defined($IM) && ($IM !~ /^$/) && ( $IM =~ /^IM\d{10}$/ ) && (defined($action)) && ($action eq "Submit") && ($pcount == 1) ) {
-
- do_work();
-
- my $AiniFile = new Config::IniFiles( -file => $global_iniFile->val( 'INI', 'AD' ) );
- my $adserver = $AiniFile->val( 'AD_NET1', 'SERVER' );
- print "error value of adserver is undefined" if ( !defined($adserver) );
- my $aduser = $AiniFile->val( 'AD_NET1', 'USER' );
- print "error value of aduser is undefined" if ( !defined($aduser) );
- my $adpasswd = $AiniFile->val( 'AD_NET1', 'PASSWORD');
- print "error value of adpasswd is undefined" if ( !defined($adpasswd) );
-
- my $homeserver = "home.snmc.cec.eu.int";
- my $ldap_server = 'vldap02.dev.snmc.cec.eu.int';
- my $ldap_admin = 'cn=administrator,ou=admin,dc=snmc,dc=cec,dc=eu,dc=int';
- my $ldap_passwd = 'HNY2K3';
- my $ldap_min_uid = 2000;
- my $ldap_max_uid = 10000;
-
- my $attrs = [ 'displayName', 'mail' ];
-
- my ( $mail, $name ) = ( '', '' );
- print "Searching Net1 for userlogin : '$username'".nl();
-
- my $ad = Net::LDAP->new( $adserver )
- or die "Could not connect to AD: $adserver!";
-
- $ad->bind($aduser, password=>$adpasswd);
-
- my $searchbase = 'OU=Users_ITIC,OU=DIGIT,OU=DGs,DC=net1,DC=cec,DC=eu,DC=int';
- my $filter = "sAMAccountName=$username";
-
- my $results = $ad->search(base=>$searchbase,filter=>$filter,attrs=>$attrs);
- if ( ( $results->code ) && ( $results->code != 32 ) ) {
- print "Code:" . $results->code . " '" . $results->error ."'" .nl();
- $ad->unbind;
- exit 1;
- }
- my $count = $results->count;
-
- if ( $count != 1 ) {
- print "More than 1 entries fetched from the AD Net1. Do not know what to do. One and only one entry should be found." . nl();
- $ad->unbind;
- exit;
- } else {
- print "'$count' record fetched from Net1.".nl();
- }
-
- my $entry = $results->entry( 0 );
-
- $mail = $entry->get_value('mail');
- $name = $entry->get_value('displayName');
- $name =~s/\s\(.*$//;
- $mail = lc( $mail );
-
- $ad->unbind;
- undef $results;
-
- print "Pursuing the addition of user '$username' with parameters:".nl();
- print " - Realname: '$name'".nl();
- print " - Email: '$mail'".nl();
- print br;
-
- # Check if username already exist
- my $ldap = Net::LDAP->new( $ldap_server ) or die "$@";
- $ldap->bind;
- $results = $ldap->search( base => "ou=people,o=snet,dc=snmc,dc=cec,dc=eu,dc=int", filter => "(uid=$username)", attrs => ["cn", "uidNumber"]);
- $results->code && die $results->error;
-
- $count = $results->count;
-
- if ( $count != 0 ) {
- print "Account already exist ('$count') in SNet LDAP. stopping process." . nl();
- $entry = $results->entry( 0 );
- print "cn: " . $entry->get_value('cn') . " uid " . $entry->get_value('uidNumber') .nl();
- $ldap->unbind;
- exit;
- } else {
- print "Did not found any existing entry in the LDAP SNet directory.".nl();
- }
-
- undef $results;
-
- $results = $ldap->search( base => "ou=people,o=dead,dc=snmc,dc=cec,dc=eu,dc=int", filter => "(uid=$username)", attrs => ["cn", "uidNumber"]);
-
- # TODO: branch does not yet exist...
- if ( ( $results->code ) && ( $results->code != 32 ) ) {
- print "Code:" . $results->code . " '" . $results->error ."'" .nl();
- $ldap->unbind;
- exit 1;
- }
- $count = $results->count;
-
- if ( $count != 0 ) {
- print "Account already exist in SNet LDAP for the old members! stopping process." . nl();
- $ldap->unbind;
- exit;
- } else {
- print "Did not found any existing entry in the LDAP SNet old members directory.".nl();
- }
-
- undef $results;
-
- # fetching all the uid, to find the next available uid
-
- # first tree... the living one...
- $results = $ldap->search( base => "ou=people,o=snet,dc=snmc,dc=cec,dc=eu,dc=int", filter => "(uid=*)", attrs => ["cn", "uidNumber"]);
- if ( ( $results->code ) && ( $results->code != 32 ) ) {
- print "Code:" . $results->code . " '" . $results->error ."'" .nl();
- $ldap->unbind;
- exit 1;
- }
-
- my %blah;
- foreach my $entry ($results->entries) {
-
- # $entry->dump;
- my $uid=$entry->get_value( 'cn' );
- my $uidnumber=$entry->get_value( 'uidNumber');
-
- if (defined($blah{$uidnumber})) {
- $blah{$uidnumber}=$blah{$uidnumber} + 1;
- }
- else {
- if (($uidnumber >= $ldap_min_uid) && ($uidnumber < 10000)) {
- $blah{$uidnumber} = 1;
- }
- }
- }
-
- undef $results;
-
- # searching the dead one...
- $results = $ldap->search( base => "ou=people,o=dead,dc=snmc,dc=cec,dc=eu,dc=int", filter => "(uid=*)", attrs => ["cn", "uidNumber"]);
- if ( ( $results->code ) && ( $results->code != 32 ) ) {
- print "Code:" . $results->code . " '" . $results->error ."'" .nl();
- $ldap->unbind;
- exit 1;
- }
-
- foreach my $entry ($results->entries) {
-
- # $entry->dump;
- my $uid=$entry->get_value( 'cn' );
- my $uidnumber=$entry->get_value( 'uidNumber');
-
- if (defined($blah{$uidnumber})) {
- $blah{$uidnumber}=$blah{$uidnumber} + 1;
- }
- else {
- if (($uidnumber >= $ldap_min_uid) && ($uidnumber < $ldap_max_uid)) {
- $blah{$uidnumber} = 1;
- }
- }
- }
-
- $ldap->unbind;
- undef $results;
-
- foreach my $key (sort { $a <=> $b } (keys(%blah))) {
- if ($blah{$key} > 1) {
- print "WARNING : uid number $key is used several time!" . nl();
- }
- }
-
- my $next_free_uidnumber;
- for ($next_free_uidnumber = $ldap_min_uid; $next_free_uidnumber <= $ldap_max_uid; $next_free_uidnumber++) {
- if (!defined($blah{$next_free_uidnumber})) {
- last;
- }
- }
-
- if ($next_free_uidnumber < $ldap_max_uid) {
- print "next free uid number : $next_free_uidnumber" . nl();
- }
- else {
- print "No more uid number available!" . nl();
- exit 1;
- }
-
- my $uidn = $next_free_uidnumber;
- my $gidn = 3500; # gid is snmc...
-
- my $description = ();
- my $folder = '';
- if ( $belongs_network ) {
- push ( @$description, 'RPRO' );
- push ( @$description, 'PSRO' );
- push ( @$description, 'CWRW' );
- $folder = 'network';
- } elsif ( $belongs_security ) {
- push ( @$description, 'RPRW' );
- push ( @$description, 'PSRW' );
- push ( @$description, 'CWRO' );
- $folder = 'security';
- } elsif ( $belongs_iss3 ) {
- push ( @$description, 'RPRW' );
- push ( @$description, 'PSRW' );
- push ( @$description, 'CWRA' );
- $folder = 'iss3';
- }
-
- my $uid_dn = "uid=${username},ou=${folder},ou=people,o=snet,dc=snmc,dc=cec,dc=eu,dc=int";
-
- print "Creating user '$username' using the following parameters:".nl();
- print " - Realname: '$name'".nl();
- print " - Email: '$mail'".nl();
- print " - UID number: '$uidn'" .nl();
- print " - GID number: '$gidn'" .nl();
- print " - description: " . Dumper ( $description ) . nl();
- print " - uid_dn: '$uid_dn'".nl();
- print " - SNetAUDIT: '$IM;$run_user;A;".time."'".nl();
- print br;
-
- # Need to SSH to home.snmc.cec.eu.int
- # if ( ! -d "/opt/home/$username" ) {
- # print "Creation directory";
- # system "mkdir /opt/home/$username";
- # system "chown $next_free_uidnumber:3500 /opt/home/$username";
- # }
-
- my $word = 'P@ssword01';
-
- # password is sha1 automatically on server side.
- #
- # srand(time ^ $$);
- # my @saltchars=('a'..'z','A'..'Z',0..9,'.','/');
- # my $salt=$saltchars[int(rand($#saltchars+1))];
- # $salt.=$saltchars[int(rand($#saltchars+1))];
- # my $pass = crypt($word,$salt);
- my $pass = $word;
-
- print "Adding to the SNet LDAP server '$ldap_server'".nl();
-
- $ldap = Net::LDAP->new($ldap_server) or die "$@";
- $ldap->bind ( $ldap_admin, password => $ldap_passwd );
-
- $results = $ldap->add ( $uid_dn,
- attr => [
- 'cn' => $username,
- 'sn' => $username,
- 'uid' => $username,
- 'uidNumber' => $uidn,
- 'gidNumber' => $gidn,
- 'description' => $description,
- 'mail' => $mail,
- 'gecos' => $name,
- 'homeDirectory' => "/home/$username",
- 'loginShell' => '/bin/ksh',
- 'userPassword' => '{crypt}'.$pass,
-
- #'shadowLastChange' => '11640',
- #'shadowFlag' => '0',
- 'SNetDN' => $uid_dn,
- 'SNetAUDIT' => "$IM;$run_user;A;".time,
- 'objectClass' => ['inetOrgPerson', 'organizationalPerson', 'person', 'posixAccount', 'simpleSecurityObject', 'SNetPerson', 'top' ],
- ]
- );
- if ( ( $results->code ) && ( $results->code != 32 ) ) {
- print "Code:" . $results->code . " '" . $results->error ."'" .nl();
- $ldap->unbind;
- exit 1;
- }
-
- $results->code && warn "failed to add entry: ", $results->error ;
-
- undef $results;
-
-# $result = $ldap->modify( "cn=snmc,ou=group,dc=snmc,dc=cec,dc=eu,dc=int", add => { memberUid => $username } );
-# $result->code && warn "failed to modify group snmc: ", $result->error ;
-# $result = $ldap->modify( "cn=NS,ou=group,dc=snmc,dc=cec,dc=eu,dc=int", add => { memberUid => $username } );
-# $result->code && warn "failed to modify group: ", $result->error ;
-
- print "User '$username' created.".nl();
-
-} else {
-
- if ( (defined($action)) && ($action eq "Submit") ) {
-
- if ($pcount > 1) {
- print "ERROR: only 1 group is valid".nl();
- }elsif ($pcount < 1) {
-
- print "ERROR: at least 1 group is needed".nl();
- }
- if ( defined($username) && ($username !~ /^$/) && ($username !~ /^[\w-]+$/ ) ) {
- print "ERROR: username contains some unsupported characters.".nl();
- }
- if ( defined($IM) && ($IM !~ /^$/) && ( $IM !~ /^IM\d{10}$/ ) ) {
- print "ERROR: IM is not a valid IM number.".nl();
- }
- }
- print_prompt($username, $IM);
-}
-print '</div>';
-print "<hr> <address>Snet NS Team</address><br> <a href=\"\">Home Page</a>";
-print end_html;
-
-exit 1;
-