diff --git a/ldap_NS.pl b/ldap_NS.pl
index 146c8b8084eeb01317b79d9ab99cdea31d2df43e..1eced7e0255240090c1ca37bbbc43f11ada78df5 100755
--- a/ldap_NS.pl
+++ b/ldap_NS.pl
@@ -22,13 +22,11 @@ use HTML::Template;
use Crypt::CBC;
use Crypt::Blowfish;
+use Crypt::SmbHash;
use MIME::Base64;
+use DateTime;
-use lib (
- new Config::IniFiles(
- -file => "/opt/etc/ini/global.ini"
- )->val( 'APPLICATION', 'LIBRARY' )
-);
+use lib ( new Config::IniFiles( -file => "/opt/etc/ini/global.ini" )->val( 'APPLICATION', 'LIBRARY' ) );
use SNET::access;
use SNET::common;
@@ -36,30 +34,30 @@ use SNET::html;
use SNET::ActiveDirectory;
use SNET::LdapNS qw(:all);
-use Net::LDAP::Constant qw(
-LDAP_CONTROL_PASSWORDPOLICY
-LDAP_PP_PASSWORD_EXPIRED
-LDAP_PP_ACCOUNT_LOCKED
-LDAP_PP_CHANGE_AFTER_RESET
+use Net::LDAP::Constant qw(
+ LDAP_CONTROL_PASSWORDPOLICY
+ LDAP_PP_PASSWORD_EXPIRED
+ LDAP_PP_ACCOUNT_LOCKED
+ LDAP_PP_CHANGE_AFTER_RESET
);
use SNET::Magic::MagicHash;
my $ldap_snmc;
-my $homepage='/cgi-bin/auth/ldap_NS.pl';
-my $sessiondir='/var/tmp/www-data/ldapns';
-my $templatedir='/opt/auth/cgi-bin/templates';
+my $homepage = '/cgi-bin/auth/ldap_NS.pl';
+my $sessiondir = '/var/tmp/www-data/ldapns';
+my $templatedir = '/opt/auth/cgi-bin/templates';
-my ($cgi, $params, $error, $message, $sid, $session, $key);
-my ($connected, $isAdmin, $userMustChange, $audit_user);
+my ( $cgi, $params, $error, $message, $sid, $session, $key );
+my ( $connected, $isAdmin, $userMustChange, $audit_user );
my $debug;
my $LOGIN;
-my ($TAB_HOME, $INFO, $PASSWD, $EXPIRED);
-my ($TAB_USERS, $USERINFOS, $DELUSER, $ADDUSER, $MODUSER, $RESET);
-my ($TAB_GROUPS, $GROUPINFOS, $DELGROUP, $ADDGROUP, $MODGROUP);
-my ($TAB_POLICY, $POLICYINFOS, $DELPOLICY, $ADDPOLICY, $MODPOLICY);
+my ( $TAB_HOME, $INFO, $PASSWD, $EXPIRED );
+my ( $TAB_USERS, $USERINFOS, $DELUSER, $ADDUSER, $ADDUSERPROFILE, $MODUSER, $RESET );
+my ( $TAB_GROUPS, $GROUPINFOS, $DELGROUP, $ADDGROUP, $MODGROUP );
+my ( $TAB_POLICY, $POLICYINFOS, $DELPOLICY, $ADDPOLICY, $MODPOLICY );
sub reconnect_ldap_snmc;
sub refresh_posixGroups;
@@ -75,2415 +73,2625 @@ my $mod_synchro;
INIT {
- # unbuffered output:
- $| = 1;
+ # unbuffered output:
+ $| = 1;
- # turn on/off debug
- # if isAdmin is set, will be automatically set to 2
- $debug = 1;
+ # turn on/off debug
+ # if isAdmin is set, will be automatically set to 2
+ $debug = 1;
- $mod_synchro = 0;
+ $mod_synchro = 0;
- ($connected, $isAdmin, $userMustChange) = (0, 0, 0);
+ ( $connected, $isAdmin, $userMustChange ) = ( 0, 0, 0 );
- $ldap_snmc = {
- #'server' => 'ldap.snmc.cec.eu.int',
- 'server' => 'vldap-jmo.snmc.cec.eu.int',
- 'label' => 'ldap_snmc',
- 'starttls' => 1,
- 'debug' => $debug,
- 'verbose' => $debug,
- };
+ $ldap_snmc = {
- reset_tab_actions;
+ #'server' => 'ldap.snmc.cec.eu.int',
+ 'server' => 'vldap-jmo.snmc.cec.eu.int',
+ 'label' => 'ldap_snmc',
+ 'starttls' => 1,
+ 'debug' => $debug,
+ 'verbose' => $debug,
+ };
- # add and overwrite some FormBuilder validation methods
- my $validate = \%CGI::FormBuilder::Field::VALIDATE;
+ reset_tab_actions;
- $validate->{'IM'} = '/^IM[0-9]{10}$/';
+ # add and overwrite some FormBuilder validation methods
+ my $validate = \%CGI::FormBuilder::Field::VALIDATE;
- my $uid = '[a-zA-Z][\-a-zA-Z0-9]{6,16}';
- $validate->{'UID'} = '/^'.$uid.'$/';
+ $validate->{'IM'} = '/^IM[0-9]{10}$/';
- my $word = '[a-zA-Z0-9][a-zA-Z0-9_-]*[a-zA-Z0-9]';
- my $anchored_word = '/^'.$word.'$/';
+ my $uid = '[a-zA-Z][\-a-zA-Z0-9]{6,16}';
+ $validate->{'UID'} = '/^' . $uid . '$/';
- my $peopletree = $SNET::LdapNS::PEOPLE.','.$SNET::LdapNS::SNET;
- $validate->{'USERDN'} = '/^(?i)uid='.$uid.','.$peopletree.'$/';
+ my $word = '[a-zA-Z0-9][a-zA-Z0-9_-]*[a-zA-Z0-9]';
+ my $anchored_word = '/^' . $word . '$/';
- $validate->{'GROUP'} = $anchored_word;
+ my $peopletree = $SNET::LdapNS::PEOPLE . ',' . $SNET::LdapNS::SNET;
+ $validate->{'USERDN'} = '/^(?i)uid=' . $uid . ',' . $peopletree . '$/';
- $validate->{'UIDNUMBER'} = '/^[2-9][0-9]{3}$/';
- $validate->{'GIDNUMBER'} = '/^[2-9][0-9]{3}$/';
- $validate->{'EMAIL'} = '/^[\w\-\+\._]+\@[a-zA-Z0-9][-a-zA-Z0-9\.]*(\.[a-zA-Z]+)+$/';
- $validate->{'GECOS'} = '/^\w+(\s+\w+)+$/';
- $validate->{'DESCRIPTION'} = '/^\w+(\s+\w+)*$/';
- $validate->{'GROUPCLASS'} = '/^(posixGroup|groupOfNames)$/';
+ $validate->{'GROUP'} = $anchored_word;
- $validate->{'PPOLICY'} = $anchored_word;
- $validate->{'PPOLICYDN'} = '/^(?i)documentIdentifier='.$word.','.$SNET::LdapNS::POLICIES.'/';
+ $validate->{'UIDNUMBER'} = '/^[2-9][0-9]{3}$/';
+ $validate->{'GIDNUMBER'} = '/^[2-9][0-9]{3}$/';
+ $validate->{'EMAIL'} = '/^[\w\-\+\._]+\@[a-zA-Z0-9][-a-zA-Z0-9\.]*(\.[a-zA-Z]+)+$/';
+ $validate->{'GECOS'} = '/^\w+(\s+\w+)+$/';
+ $validate->{'DESCRIPTION'} = '/^\w+(\s+\w+)*$/';
+ $validate->{'GROUPCLASS'} = '/^(posixGroup|groupOfNames)$/';
+ $validate->{'PROFILE'} = '/^(Compliance|Managment|Network|Official|ProjectImplementation|ProjectManager|Security|ServiceDesk|SuportingService|TestDesignArchitect)$/';
- while (my ($k, $v) = each %{$SNET::LdapNS::pwdPolicyAttributes}) {
- my $type = ${$v}[0];
- if ($type eq 'bool') {
- $validate->{$k} = '/^(true|false)$/';
- }
- elsif ($type eq 'nbool') {
- $validate->{$k} = '/^(counted|forbidden)$/';
- }
- elsif ($type eq 'extbool') {
- $validate->{$k} = '/^(on|off|strict)$/';
- }
- elsif (($type eq 'int') || ($type eq 'second')) {
- $validate->{$k} = '/^[0-9]+$/';
+ $validate->{'PPOLICY'} = $anchored_word;
+ $validate->{'PPOLICYDN'} = '/^(?i)documentIdentifier=' . $word . ',' . $SNET::LdapNS::POLICIES . '/';
+
+ while ( my ( $k, $v ) = each %{$SNET::LdapNS::pwdPolicyAttributes} ) {
+ my $type = ${$v}[0];
+ if ( $type eq 'bool' ) {
+ $validate->{$k} = '/^(true|false)$/';
+ } elsif ( $type eq 'nbool' ) {
+ $validate->{$k} = '/^(counted|forbidden)$/';
+ } elsif ( $type eq 'extbool' ) {
+ $validate->{$k} = '/^(on|off|strict)$/';
+ } elsif ( ( $type eq 'int' ) || ( $type eq 'second' ) ) {
+ $validate->{$k} = '/^[0-9]+$/';
+ }
}
- }
}
-sub reset_actions {
- ($INFO, $PASSWD) = (0, 0);
- ($USERINFOS, $DELUSER, $ADDUSER, $MODUSER, $RESET) = (0, 0, 0, 0, 0);
- ($GROUPINFOS, $DELGROUP, $ADDGROUP, $MODGROUP) = (0, 0, 0, 0);
- ($POLICYINFOS, $DELPOLICY, $ADDPOLICY, $MODPOLICY) = (0, 0, 0, 0);
+sub reset_actions
+{
+ ( $INFO, $PASSWD ) = ( 0, 0 );
+ ( $USERINFOS, $DELUSER, $ADDUSER, $ADDUSERPROFILE, $MODUSER, $RESET ) = ( 0, 0, 0, 0, 0, 0 );
+ ( $GROUPINFOS, $DELGROUP, $ADDGROUP, $MODGROUP ) = ( 0, 0, 0, 0 );
+ ( $POLICYINFOS, $DELPOLICY, $ADDPOLICY, $MODPOLICY ) = ( 0, 0, 0, 0 );
}
-sub reset_tab_actions {
- $LOGIN = 0;
- $TAB_HOME = 0;
- $TAB_USERS = 0;
- $TAB_GROUPS = 0;
- $TAB_POLICY = 0;
- reset_actions;
+sub reset_tab_actions
+{
+ $LOGIN = 0;
+ $TAB_HOME = 0;
+ $TAB_USERS = 0;
+ $TAB_GROUPS = 0;
+ $TAB_POLICY = 0;
+ reset_actions;
}
-sub parse_messages {
- if (defined($session) && defined($session->param('error'))) {
- $error = $session->param('error');
- $session->clear(['error']);
- }
- if (defined($session) && defined($session->param('message'))) {
- $message = $session->param('message');
- $session->clear(['message']);
- }
- $error =~ s/\s+at\s+(\/|ldap).*//i if (
- defined($error) && ($debug < 2)
- );
+sub parse_messages
+{
+ if ( defined( $session ) && defined( $session->param( 'error' ) ) ) {
+ $error = $session->param( 'error' );
+ $session->clear( ['error'] );
+ }
+ if ( defined( $session ) && defined( $session->param( 'message' ) ) ) {
+ $message = $session->param( 'message' );
+ $session->clear( ['message'] );
+ }
+ $error =~ s/\s+at\s+(\/|ldap).*//i if ( defined( $error ) && ( $debug < 2 ) );
}
-sub redirect($) {
- my $params = shift;
- $params = '?tab=home' unless (defined($params) && ($params =~ m/^\?.+=.+/));
- if ($params =~ m/\?tab=([[:alnum:]]+)/) {
- $session->param('tab', $1);
- }
- print $cgi->redirect(
- $homepage.$params,
- -status => 302
- );
- exit 0;
+sub redirect($)
+{
+ my $params = shift;
+ $params = '?tab=home' unless ( defined( $params ) && ( $params =~ m/^\?.+=.+/ ) );
+ if ( $params =~ m/\?tab=([[:alnum:]]+)/ ) {
+ $session->param( 'tab', $1 );
+ }
+ print $cgi->redirect( $homepage . $params, -status => 302 );
+ exit 0;
}
-sub redirect_login {
- redirect('?login=1');
+sub redirect_login
+{
+ redirect( '?login=1' );
}
-sub redirect_homepage {
- redirect('?tab=home');
+sub redirect_homepage
+{
+ redirect( '?tab=home' );
}
-sub ldapns_logout {
- $session->delete();
- redirect_login;
+sub ldapns_logout
+{
+ $session->delete();
+ redirect_login;
}
-sub synchronize_del_users($$) {
+sub synchronize_del_users($$)
+{
- my ($uid, $synchronize) = @_;
+ my ( $uid, $synchronize ) = @_;
- print STDERR "synchronize_del_users($mod_synchro/$synchronize)\n";
+ print STDERR "synchronize_del_users($mod_synchro/$synchronize)\n";
- return unless ($mod_synchro && $synchronize);
+ return unless ( $mod_synchro && $synchronize );
- my $error_msg = "unable to delete user from old database: ";
- my $error = 0;
- my $binddn;
+ my $error_msg = "unable to delete user from old database: ";
+ my $error = 0;
+ my $binddn;
- eval {
+ eval {
- die "invalid uid" unless (defined($uid));
+ die "invalid uid" unless ( defined( $uid ) );
- my $global_iniFile = new Config::IniFiles( -file => "/opt/etc/ini/global.ini" );
- my $ldap_iniFile = new Config::IniFiles( -file => $global_iniFile->val( 'INI', 'LDAP' ) );
+ my $global_iniFile = new Config::IniFiles( -file => "/opt/etc/ini/global.ini" );
+ my $ldap_iniFile = new Config::IniFiles( -file => $global_iniFile->val( 'INI', 'LDAP' ) );
- my $binddn = $ldap_iniFile->val( 'LDAP_CREDENTIALS', 'USER' );
- my $passwd = $ldap_iniFile->val( 'LDAP_CREDENTIALS', 'PASSWORD' );
- my @servers = split(/,/, $ldap_iniFile->val( 'LDAP_SNET_SERVER_LIST', 'SERVERS'));
+ my $binddn = $ldap_iniFile->val( 'LDAP_CREDENTIALS', 'USER' );
+ my $passwd = $ldap_iniFile->val( 'LDAP_CREDENTIALS', 'PASSWORD' );
+ my @servers = split( /,/, $ldap_iniFile->val( 'LDAP_SNET_SERVER_LIST', 'SERVERS' ) );
- SNET::LdapNS::ldapns_add_dn_exception($binddn);
+ SNET::LdapNS::ldapns_add_dn_exception( $binddn );
- foreach my $server (@servers) {
+ foreach my $server ( @servers ) {
- my $host = $ldap_iniFile->val( $server, 'SERVER' );
- my $base = $ldap_iniFile->val( $server, 'BASE' );
+ my $host = $ldap_iniFile->val( $server, 'SERVER' );
+ my $base = $ldap_iniFile->val( $server, 'BASE' );
- die "invalid host `$host'" unless ($host =~ m/^(?:ldap:\/\/)?([^:]+)(?::389)?$/i);
- my $fqdn = $1;
+ die "invalid host `$host'" unless ( $host =~ m/^(?:ldap:\/\/)?([^:]+)(?::389)?$/i );
+ my $fqdn = $1;
- SNET::LdapNS::ldapns_bind(
- $fqdn,
- $binddn,
- $passwd,
- $host,
- 'LDAPISS',
- 0, 0, 0
- );
-
- my $connection = SNET::LdapNS::get_connection($host);
+ SNET::LdapNS::ldapns_bind( $fqdn, $binddn, $passwd, $host, 'LDAPISS', 0, 0, 0 );
- $uid = $connection->clean_dn($uid);
- my $res;
+ my $connection = SNET::LdapNS::get_connection( $host );
- eval {
- $res = SNET::LdapNS::getPosixAccount(
- $host,
- $uid,
- 'ou=People,'.$base
- );
- };
- if ($@) {
- $error++;
- $error_msg .= "[uid=$uid]: skipping missing user; ";
- print STDERR "synchronize_del_users: skipping non-existing user `$uid'\n";
- next;
- }
-
- print STDERR "synchronize_del_users: deleting user `$uid'\n";
- my @keys = keys(%{$res});
- my $dn = shift(@keys);
- die "invalid uid `$uid'" unless (
- lc($dn) eq lc('uid='.$uid.',ou=People,'.$base)
- );
-
- eval {
-
- my $entry = Net::LDAP::Entry->new($dn);
- $entry->delete();
- my $result = $entry->update($connection->{'connection'});
- die "[uid=$uid]: ".(
- defined($result->error_desc) ? $result->error_desc : $result->error()
- ).'; ' if ($result->is_error());
-
- # update automount
- $entry = Net::LDAP::Entry->new(
- 'automountKey='.$uid.',automountMapName=auto_home,'.$base,
- );
- $entry->delete();
- $result = $entry->update($connection->{'connection'});
- die "[homedir=$uid]: ".(
- defined($result->error_desc) ? $result->error_desc : $result->error()
- ).'; ' if ($result->is_error());
-
- # update cn=snmc
- $entry = Net::LDAP::Entry->new(
- 'cn=snmc,ou=group,'.$base,
- );
- $entry->changetype('modify');
- $entry->delete('memberUid' => [$uid]);
- $result = $entry->update($connection->{'connection'});
- die "[cn=snmc:$uid]: ".(
- defined($result->error_desc) ? $result->error_desc : $result->error()
- ).'; ' if ($result->is_error());
-
- # update cn=NS
- $entry = Net::LDAP::Entry->new(
- 'cn=NS,ou=group,'.$base,
- );
- $entry->changetype('modify');
- $entry->delete('memberUid' => [$uid]);
- $result = $entry->update($connection->{'connection'});
- die "[cn=snmc:$uid]: ".(
- defined($result->error_desc) ? $result->error_desc : $result->error()
- ).'; ' if ($result->is_error());
-
- };
- if ($@) {
- $error_msg.='['.$host.'] '.$@.';';
- $error++;
- }
+ $uid = $connection->clean_dn( $uid );
+ my $res;
- }
+ eval { $res = SNET::LdapNS::getPosixAccount( $host, $uid, 'ou=People,' . $base ); };
+ if ( $@ ) {
+ $error++;
+ $error_msg .= "[uid=$uid]: skipping missing user; ";
+ print STDERR "synchronize_del_users: skipping non-existing user `$uid'\n";
+ next;
+ }
- };
- if ($@) {
- $error++;
- $error_msg .= $@;
- }
- SNET::LdapNS::ldapns_del_dn_exception($binddn) if (defined($binddn));
- $session->param('error', $error_msg) if ($error);
+ print STDERR "synchronize_del_users: deleting user `$uid'\n";
+ my @keys = keys( %{$res} );
+ my $dn = shift( @keys );
+ die "invalid uid `$uid'" unless ( lc( $dn ) eq lc( 'uid=' . $uid . ',ou=People,' . $base ) );
+
+ eval {
+
+ my $entry = Net::LDAP::Entry->new( $dn );
+ $entry->delete();
+ my $result = $entry->update( $connection->{'connection'} );
+ die "[uid=$uid]: " . ( defined( $result->error_desc ) ? $result->error_desc : $result->error() ) . '; ' if ( $result->is_error() );
+
+ # update automount
+ $entry = Net::LDAP::Entry->new( 'automountKey=' . $uid . ',automountMapName=auto_home,' . $base, );
+ $entry->delete();
+ $result = $entry->update( $connection->{'connection'} );
+ die "[homedir=$uid]: " . ( defined( $result->error_desc ) ? $result->error_desc : $result->error() ) . '; ' if ( $result->is_error() );
+
+ # update cn=snmc
+ $entry = Net::LDAP::Entry->new( 'cn=snmc,ou=group,' . $base, );
+ $entry->changetype( 'modify' );
+ $entry->delete( 'memberUid' => [$uid] );
+ $result = $entry->update( $connection->{'connection'} );
+ die "[cn=snmc:$uid]: " . ( defined( $result->error_desc ) ? $result->error_desc : $result->error() ) . '; ' if ( $result->is_error() );
+
+ # update cn=NS
+ $entry = Net::LDAP::Entry->new( 'cn=NS,ou=group,' . $base, );
+ $entry->changetype( 'modify' );
+ $entry->delete( 'memberUid' => [$uid] );
+ $result = $entry->update( $connection->{'connection'} );
+ die "[cn=snmc:$uid]: " . ( defined( $result->error_desc ) ? $result->error_desc : $result->error() ) . '; ' if ( $result->is_error() );
+
+ };
+ if ( $@ ) {
+ $error_msg .= '[' . $host . '] ' . $@ . ';';
+ $error++;
+ }
-}
+ }
-sub synchronize_add_users($$) {
+ };
+ if ( $@ ) {
+ $error++;
+ $error_msg .= $@;
+ }
+ SNET::LdapNS::ldapns_del_dn_exception( $binddn ) if ( defined( $binddn ) );
+ $session->param( 'error', $error_msg ) if ( $error );
- my ($entry, $synchronize) = @_;
- return unless ($mod_synchro && $synchronize);
+}
- my $error_msg = "unable to synchronize user with old database: ";
- my $error = 0;
- my $binddn;
+sub synchronize_add_users($$)
+{
- eval {
+ my ( $entry, $synchronize ) = @_;
+ return unless ( $mod_synchro && $synchronize );
- my $global_iniFile = new Config::IniFiles( -file => "/opt/etc/ini/global.ini" );
- my $ldap_iniFile = new Config::IniFiles( -file => $global_iniFile->val( 'INI', 'LDAP' ) );
+ my $error_msg = "unable to synchronize user with old database: ";
+ my $error = 0;
+ my $binddn;
- my $binddn = $ldap_iniFile->val( 'LDAP_CREDENTIALS', 'USER' );
- my $passwd = $ldap_iniFile->val( 'LDAP_CREDENTIALS', 'PASSWORD' );
- my @servers = split(/,/, $ldap_iniFile->val( 'LDAP_SNET_SERVER_LIST', 'SERVERS'));
- my $homeserver = $ldap_iniFile->val( 'LDAP_SNET_HOMESERVER', 'SERVER' );
+ eval {
- SNET::LdapNS::ldapns_add_dn_exception($binddn);
+ my $global_iniFile = new Config::IniFiles( -file => "/opt/etc/ini/global.ini" );
+ my $ldap_iniFile = new Config::IniFiles( -file => $global_iniFile->val( 'INI', 'LDAP' ) );
- die "invalid entry" unless (
- defined($entry)
- &&
- (ref($entry) eq 'HASH')
- );
+ my $binddn = $ldap_iniFile->val( 'LDAP_CREDENTIALS', 'USER' );
+ my $passwd = $ldap_iniFile->val( 'LDAP_CREDENTIALS', 'PASSWORD' );
+ my @servers = split( /,/, $ldap_iniFile->val( 'LDAP_SNET_SERVER_LIST', 'SERVERS' ) );
+ my $homeserver = $ldap_iniFile->val( 'LDAP_SNET_HOMESERVER', 'SERVER' );
- my %nocasehash;
- tie %nocasehash, 'MagicHash', {
- 'KEY' => sub { return lc($_[0]) },
- };
+ SNET::LdapNS::ldapns_add_dn_exception( $binddn );
- while (my ($k, $v) = each %{$entry}) {
+ die "invalid entry" unless ( defined( $entry )
+ && ( ref( $entry ) eq 'HASH' ) );
- die 'entry uid undefined' unless (
- (ref($v) eq 'HASH') && (defined($v->{'uid'}))
- );
+ my %nocasehash;
+ tie %nocasehash, 'MagicHash', { 'KEY' => sub { return lc( $_[0] ) }, };
- my %nocasehash_v;
- tie %nocasehash_v, 'MagicHash', {
- 'KEY' => sub { return lc($_[0]) },
- };
- while (my ($kk, $vv) = each %{$v}) {
- $nocasehash_v{$kk} = $vv;
- }
- $nocasehash{$k} = \%nocasehash_v;
+ while ( my ( $k, $v ) = each %{$entry} ) {
- $nocasehash{$k}->{'homeDirectory'} = ['/home/'.${$v->{'uid'}}[0]];
- $nocasehash{$k}->{'shadowLastChange'} = ['11640'];
- $nocasehash{$k}->{'shadowFlag'} = [0];
- $nocasehash{$k}->{'loginShell'} = ['/bin/ksh'];
- $nocasehash{$k}->{'cn'} = [${$v->{'uid'}}[0]];
+ die 'entry uid undefined' unless ( ( ref( $v ) eq 'HASH' ) && ( defined( $v->{'uid'} ) ) );
- }
+ my %nocasehash_v;
+ tie %nocasehash_v, 'MagicHash', { 'KEY' => sub { return lc( $_[0] ) }, };
+ while ( my ( $kk, $vv ) = each %{$v} ) {
+ $nocasehash_v{$kk} = $vv;
+ }
+ $nocasehash{$k} = \%nocasehash_v;
- foreach my $server (@servers) {
+ $nocasehash{$k}->{'homeDirectory'} = [ '/home/' . ${ $v->{'uid'} }[0] ];
+ $nocasehash{$k}->{'shadowLastChange'} = ['11640'];
+ $nocasehash{$k}->{'shadowFlag'} = [0];
+ $nocasehash{$k}->{'loginShell'} = ['/bin/ksh'];
+ $nocasehash{$k}->{'cn'} = [ ${ $v->{'uid'} }[0] ];
- my $host = $ldap_iniFile->val( $server, 'SERVER' );
- my $base = $ldap_iniFile->val( $server, 'BASE' );
- my $class = $ldap_iniFile->val( $server, 'MAILCLASS' );
+ }
- die "invalid host `$host'" unless ($host =~ m/^(?:ldap:\/\/)?([^:]+)(?::389)?$/i);
- my $fqdn = $1;
+ foreach my $server ( @servers ) {
- SNET::LdapNS::ldapns_bind(
- $fqdn,
- $binddn,
- $passwd,
- $host,
- 'LDAPISS',
- 0, 0, 0
- );
-
- my $connection = SNET::LdapNS::get_connection($host);
+ my $host = $ldap_iniFile->val( $server, 'SERVER' );
+ my $base = $ldap_iniFile->val( $server, 'BASE' );
+ my $class = $ldap_iniFile->val( $server, 'MAILCLASS' );
- while (my ($k, $v) = each %nocasehash) {
+ die "invalid host `$host'" unless ( $host =~ m/^(?:ldap:\/\/)?([^:]+)(?::389)?$/i );
+ my $fqdn = $1;
- my $uid = $connection->clean_dn(${$v->{'uid'}}[0]);
- my $res;
+ SNET::LdapNS::ldapns_bind( $fqdn, $binddn, $passwd, $host, 'LDAPISS', 0, 0, 0 );
- eval {
- $res = SNET::LdapNS::getPosixAccount(
- $host,
- $uid,
- 'ou=People,'.$base
- );
- };
- if (!$@) {
- if (defined($res) && (keys(%{$res}) >= 1)) {
- $error++;
- $error_msg .= "[uid=$uid]: skipping existing user; ";
- print STDERR "synchronize_add_users: skipping existing user `$uid'\n";
- next;
- }
- }
+ my $connection = SNET::LdapNS::get_connection( $host );
- print STDERR "synchronize_add_users: synchronizing user `$uid'\n";
+ while ( my ( $k, $v ) = each %nocasehash ) {
- delete($v->{'objectclass'});
- delete($v->{'auditinformation'});
- delete($v->{'pwdreset'});
+ my $uid = $connection->clean_dn( ${ $v->{'uid'} }[0] );
+ my $res;
- $v->{'objectClass'} = [qw(top posixAccount shadowAccount account), $class];
+ eval { $res = SNET::LdapNS::getPosixAccount( $host, $uid, 'ou=People,' . $base ); };
+ if ( !$@ ) {
+ if ( defined( $res ) && ( keys( %{$res} ) >= 1 ) ) {
+ $error++;
+ $error_msg .= "[uid=$uid]: skipping existing user; ";
+ print STDERR "synchronize_add_users: skipping existing user `$uid'\n";
+ next;
+ }
+ }
- my $dn = 'uid='.$uid.',ou=People,'.$base;
+ print STDERR "synchronize_add_users: synchronizing user `$uid'\n";
- eval {
+ delete( $v->{'objectclass'} );
+ delete( $v->{'auditinformation'} );
+ delete( $v->{'pwdreset'} );
- my $entry = Net::LDAP::Entry->new($dn);
- while (my ($kk, $vv) = each %{$v}) {
- $entry->add($kk => $vv);
- }
- $entry->changetype('add');
-
- #print STDERR 'uid='.$uid.',ou=People,'.$base.' => '.Dumper($entry)."\n";
-
- my $result = $entry->update($connection->{'connection'});
- die "[uid=$uid]: ".(
- defined($result->error_desc) ? $result->error_desc : $result->error()
- ).'; ' if ($result->is_error());
-
- # update automount
- $entry = Net::LDAP::Entry->new(
- 'automountKey='.$uid.',automountMapName=auto_home,'.$base,
- 'automountkey' => [$uid],
- 'objectClass' => [ 'automount', 'top' ],
- 'automountInformation' => [ $homeserver.':/opt/home/&' ],
- );
- $entry->changetype('add');
- $result = $entry->update($connection->{'connection'});
- die "[homedir=$uid]: ".(
- defined($result->error_desc) ? $result->error_desc : $result->error()
- ).'; ' if ($result->is_error());
-
- # update cn=snmc
- $entry = Net::LDAP::Entry->new(
- 'cn=snmc,ou=group,'.$base,
- );
- $entry->changetype('modify');
- $entry->add('memberUid' => [$uid]);
- $result = $entry->update($connection->{'connection'});
- die "[cn=snmc=$uid]: ".(
- defined($result->error_desc) ? $result->error_desc : $result->error()
- ).'; ' if ($result->is_error());
-
- # update cn=NS
- $entry = Net::LDAP::Entry->new(
- 'cn=NS,ou=group,'.$base,
- );
- $entry->changetype('modify');
- $entry->add('memberUid' => [$uid]);
- $result = $entry->update($connection->{'connection'});
- die "[cn=snmc=$uid]: ".(
- defined($result->error_desc) ? $result->error_desc : $result->error()
- ).'; ' if ($result->is_error());
+ $v->{'objectClass'} = [ qw(top posixAccount shadowAccount account), $class ];
- };
- if ($@) {
- $error_msg.='['.$host.'] '.$@.';';
- $error++;
- }
+ my $dn = 'uid=' . $uid . ',ou=People,' . $base;
- }
+ eval {
- }
+ my $entry = Net::LDAP::Entry->new( $dn );
+ while ( my ( $kk, $vv ) = each %{$v} ) {
+ $entry->add( $kk => $vv );
+ }
+ $entry->changetype( 'add' );
- };
- if ($@) {
- $error++;
- $error_msg .= $@;
- }
- SNET::LdapNS::ldapns_del_dn_exception($binddn) if (defined($binddn));
- $session->param('error', $error_msg) if ($error);
+ #print STDERR 'uid='.$uid.',ou=People,'.$base.' => '.Dumper($entry)."\n";
-}
+ my $result = $entry->update( $connection->{'connection'} );
+ die "[uid=$uid]: " . ( defined( $result->error_desc ) ? $result->error_desc : $result->error() ) . '; ' if ( $result->is_error() );
-sub synchronize_passwords($$$;$$) {
+ # update automount
+ $entry = Net::LDAP::Entry->new(
+ 'automountKey=' . $uid . ',automountMapName=auto_home,' . $base,
+ 'automountkey' => [$uid],
+ 'objectClass' => [ 'automount', 'top' ],
+ 'automountInformation' => [ $homeserver . ':/opt/home/&' ],
+ );
+ $entry->changetype( 'add' );
+ $result = $entry->update( $connection->{'connection'} );
+ die "[homedir=$uid]: " . ( defined( $result->error_desc ) ? $result->error_desc : $result->error() ) . '; ' if ( $result->is_error() );
- my $error_msg = "unable to synchronize password with old database: ";
- my $error = 0;
+ # update cn=snmc
+ $entry = Net::LDAP::Entry->new( 'cn=snmc,ou=group,' . $base, );
+ $entry->changetype( 'modify' );
+ $entry->add( 'memberUid' => [$uid] );
+ $result = $entry->update( $connection->{'connection'} );
+ die "[cn=snmc=$uid]: " . ( defined( $result->error_desc ) ? $result->error_desc : $result->error() ) . '; ' if ( $result->is_error() );
- eval {
+ # update cn=NS
+ $entry = Net::LDAP::Entry->new( 'cn=NS,ou=group,' . $base, );
+ $entry->changetype( 'modify' );
+ $entry->add( 'memberUid' => [$uid] );
+ $result = $entry->update( $connection->{'connection'} );
+ die "[cn=snmc=$uid]: " . ( defined( $result->error_desc ) ? $result->error_desc : $result->error() ) . '; ' if ( $result->is_error() );
- my ($synchronize, $label, $new, $uid, $old) = @_;
- return unless ($mod_synchro && $synchronize);
+ };
+ if ( $@ ) {
+ $error_msg .= '[' . $host . '] ' . $@ . ';';
+ $error++;
+ }
- die 'missing parameters' unless (
- defined($label) && defined($new)
- );
+ }
- my $ldap = SNET::LdapNS::get_connection($label)
- or die "invalid connection's label `$label'";
+ }
- if (defined($uid)) {
- $uid = $ldap->clean_dn($uid);
- }
- else {
- $uid = $ldap->clean_dn($ldap->{'user'});
+ };
+ if ( $@ ) {
+ $error++;
+ $error_msg .= $@;
}
+ SNET::LdapNS::ldapns_del_dn_exception( $binddn ) if ( defined( $binddn ) );
+ $session->param( 'error', $error_msg ) if ( $error );
- $error_msg .= '[uid='.$uid.'] : ';
-
- my $global_iniFile = new Config::IniFiles( -file => "/opt/etc/ini/global.ini" );
- my $ldap_iniFile = new Config::IniFiles( -file => $global_iniFile->val( 'INI', 'LDAP' ) );
+}
- my $salt = join '', ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64];
- my $crypt = '{CRYPT}'.crypt($new, $salt);
+sub synchronize_samba_password($$;$)
+{
- my @servers = split(/,/, $ldap_iniFile->val( 'LDAP_SNET_SERVER_LIST', 'SERVERS'));
+ my $error_msg = "unable to synchronize password with samba credential: ";
+ my $error = 0;
- foreach my $server (@servers) {
+ eval {
+ my ( $label, $new, $uid ) = @_;
- my $host = $ldap_iniFile->val( $server, 'SERVER' );
- my $base = $ldap_iniFile->val( $server, 'BASE' );
+ die 'missing parameters' unless ( defined( $label ) && defined( $new ) );
- eval {
+ my $ldap = SNET::LdapNS::get_connection( $label )
+ or die "invalid connection's label `$label'";
- die "invalid host `$host'" unless ($host =~ m/^(?:ldap:\/\/)?([^:]+)(?::389)?$/i);
- my $fqdn = $1;
+ if ( defined( $uid ) ) {
+ $uid = $ldap->clean_dn( $uid );
+ } else {
+ $uid = $ldap->clean_dn( $ldap->{'user'} );
+ }
- my $dn = 'uid='.$uid.',ou=People,'.$base;
- my $binddn;
- my $passwd;
+ $error_msg .= '[uid=' . $uid . '] : ';
- if (defined($old)) {
- $binddn = 'uid='.$uid.',ou=People,'.$base;
- $passwd = $old;
- }
- else {
- $binddn = $ldap_iniFile->val( 'LDAP_CREDENTIALS', 'USER' );
- $passwd = $ldap_iniFile->val( 'LDAP_CREDENTIALS', 'PASSWORD' );
- die "not going to reset $binddn password" if (lc($dn) eq lc($binddn));
- SNET::LdapNS::ldapns_add_dn_exception($binddn);
- }
+ ### If user NOT is SAMBA compliant:
+ SNET::LdapNS::check_user_smb_ready( $label, $uid );
- SNET::LdapNS::ldapns_bind(
- $fqdn,
- $binddn,
- $passwd,
- $host,
- 'LDAPISS',
- 0, 0, 0
- );
+ # TODO: inject SAMBA schema.
- my $connection = SNET::LdapNS::get_connection($host);
+ my ( $lm, $nt ) = ntlmgen $new;
+ my $dt = DateTime->now()->set_time_zone( "Europe/Luxembourg" );
+ my $current_epoch = $dt->epoch();
- if (defined($old)) {
- $connection->passwd2($dn, $old, $crypt);
- }
- else {
- $connection->passwd2($dn, $salt, $crypt);
- }
+ SNET::LdapNS::smb_passwd( $label, $lm, $nt, $current_epoch, $uid )
- };
- if ($@) {
- $error_msg.='['.$host.'] '.$@.';';
+ };
+ if ( $@ ) {
$error++;
- }
-
+ $error_msg .= $@;
}
- };
- if ($@) {
- $error++;
- $error_msg .= $@;
- }
-
- $session->param('error', $error_msg) if ($error);
+ $session->param( 'error', $error_msg ) if ( $error );
}
-sub fetch_net1_userinfos($) {
+sub synchronize_passwords($$$;$$)
+{
- my $uid = shift;
+ my $error_msg = "unable to synchronize password with old database: ";
+ my $error = 0;
- my $global_iniFile = new Config::IniFiles( -file => "/opt/etc/ini/global.ini" );
- my $AiniFile = new Config::IniFiles( -file => $global_iniFile->val( 'INI', 'AD' ) );
+ eval {
- my $ldap_ad = {
- 'server' => $AiniFile->val( 'AD_NET1', 'SERVER' ),
- 'user' => $AiniFile->val( 'AD_NET1', 'USER' ),
- 'password' => $AiniFile->val( 'AD_NET1', 'PASSWORD'),
- 'label' => 'ad',
- 'starttls' => 0,
- 'debug' => 0,
- 'verbose' => 0,
- };
+ my ( $synchronize, $label, $new, $uid, $old ) = @_;
+ return unless ( $mod_synchro && $synchronize );
- die 'missing parameters' unless (
- defined($uid) && ($uid =~ m/^[a-z0-9]+$/i)
- );
+ die 'missing parameters' unless ( defined( $label ) && defined( $new ) );
- SNET::LdapNS::ldapns_bind(
- $ldap_ad->{'server'},
- $ldap_ad->{'user'},
- $ldap_ad->{'password'},
- $ldap_ad->{'label'},
- 'LDAPISS',
- $ldap_ad->{'starttls'},
- $ldap_ad->{'debug'},
- $ldap_ad->{'verbose'}
- );
+ my $ldap = SNET::LdapNS::get_connection( $label )
+ or die "invalid connection's label `$label'";
- my $connection = SNET::LdapNS::get_connection($ldap_ad->{'label'});
+ if ( defined( $uid ) ) {
+ $uid = $ldap->clean_dn( $uid );
+ } else {
+ $uid = $ldap->clean_dn( $ldap->{'user'} );
+ }
- my $userInfos = $connection->search(
- base => 'OU=DIGIT,OU=DGs,DC=net1,DC=cec,DC=eu,DC=int',
- scope => 'sub',
- filter => '(sAMAccountName='.$uid.')',
- attrs => ['mail', 'displayName']
- );
+ $error_msg .= '[uid=' . $uid . '] : ';
- die "user `$uid' not found in Net1 AD" unless defined($userInfos);
- die 'More than 1 entries fetched from the AD Net1' unless (scalar(keys(%{$userInfos})) == 1);
+ my $global_iniFile = new Config::IniFiles( -file => "/opt/etc/ini/global.ini" );
+ my $ldap_iniFile = new Config::IniFiles( -file => $global_iniFile->val( 'INI', 'LDAP' ) );
- return $userInfos;
+ my $salt = join '', ( '.', '/', 0 .. 9, 'A' .. 'Z', 'a' .. 'z' )[ rand 64, rand 64 ];
+ my $crypt = '{CRYPT}' . crypt( $new, $salt );
-}
+ my @servers = split( /,/, $ldap_iniFile->val( 'LDAP_SNET_SERVER_LIST', 'SERVERS' ) );
-sub encode_sessionauth($) {
+ foreach my $server ( @servers ) {
- my $password = shift;
+ my $host = $ldap_iniFile->val( $server, 'SERVER' );
+ my $base = $ldap_iniFile->val( $server, 'BASE' );
- my $cipher = Crypt::CBC->new(
- -key => $key,
- -cipher => 'Blowfish'
- );
- my $sessionauth = encode_base64(
- $cipher->encrypt($password)
- );
- chomp($sessionauth);
- $session->param('sessionauth', $sessionauth);
+ eval {
-}
+ die "invalid host `$host'" unless ( $host =~ m/^(?:ldap:\/\/)?([^:]+)(?::389)?$/i );
+ my $fqdn = $1;
-sub decode_sessionauth {
+ my $dn = 'uid=' . $uid . ',ou=People,' . $base;
+ my $binddn;
+ my $passwd;
- my $cipher = Crypt::CBC->new(
- -key => $key,
- -cipher => 'Blowfish'
- );
- my $password = $cipher->decrypt(
- decode_base64($session->param('sessionauth'))
- );
- return $password;
+ if ( defined( $old ) ) {
+ $binddn = 'uid=' . $uid . ',ou=People,' . $base;
+ $passwd = $old;
+ } else {
+ $binddn = $ldap_iniFile->val( 'LDAP_CREDENTIALS', 'USER' );
+ $passwd = $ldap_iniFile->val( 'LDAP_CREDENTIALS', 'PASSWORD' );
+ die "not going to reset $binddn password" if ( lc( $dn ) eq lc( $binddn ) );
+ SNET::LdapNS::ldapns_add_dn_exception( $binddn );
+ }
-}
+ SNET::LdapNS::ldapns_bind( $fqdn, $binddn, $passwd, $host, 'LDAPISS', 0, 0, 0 );
-sub connect_ldap_snmc($$$) {
-
- my ($user, $password, $isAdmin) = @_;
-
- # overwrite debug for admin
- $ldap_snmc->{'debug'} = $isAdmin;
-
- return if ($connected);
-
- $ldap_snmc->{'user'} = $user;
- $ldap_snmc->{'password'} = $password;
-
- print STDERR "ldap_NS.pl: creating connection to ".$ldap_snmc->{'server'}." ...\n" if ($debug >2);
-
- my $pp = SNET::LdapNS::ldapns_bind(
- $ldap_snmc->{'server'},
- $ldap_snmc->{'user'},
- $ldap_snmc->{'password'},
- $ldap_snmc->{'label'},
- $audit_user,
- $ldap_snmc->{'starttls'},
- $ldap_snmc->{'debug'},
- $ldap_snmc->{'verbose'}
- );
-
- print STDERR "ldap_NS.pl: connection established\n" if ($debug >2);
-
- if (!defined($session)) {
- $session = new CGI::Session (
- 'driver:File',
- undef,
- {'Directory' => $sessiondir}
- ) or die CGI::Session->errstr;
- $sid = $session->id();
- }
-
- $connected = 1;
-
- $session->param('user', $user);
-
- # $error could have been set to 'invalid empty session'
- # after a logout/login
- undef $error;
- $session->clear(['error']);
-
- if (defined($pp->{'error'})) {
-
- print STDERR "ldap_NS.pl: ppolicy error!\n" if ($debug >2);
-
- if ($pp->{'error'} == LDAP_PP_PASSWORD_EXPIRED) {
- $session->param('error', 'Your password has expired');
- $session->param('userMustChange', 1);
- $userMustChange = 1;
- $session->param('isAdmin', 0);
- $session->clear(['userInfos']);
- }
- elsif ($pp->{'error'} == LDAP_PP_CHANGE_AFTER_RESET) {
- $session->param('error', 'You must change your password immediately');
- $session->param('userMustChange', 1);
- $userMustChange = 1;
- $session->param('isAdmin', 0);
- $session->clear(['userInfos']);
- }
- else {
- $session->param('error', 'Undefined password policy error('.$pp->{'error'}.')');
- $session->param('isAdmin', 0);
- }
- }
- else {
-
- if (defined($pp->{'warning'})) {
-
- print STDERR "ldap_NS.pl: ppolicy warning!\n" if ($debug >2);
-
- if (defined($pp->{'warning'}->{'graceAuthNsRemaining'})) {
- $session->param('error',
- 'Grace authentications remaining: '.$pp->{'warning'}->{'graceAuthNsRemaining'}
- );
- }
- elsif (defined($pp->{'warning'}->{'timeBeforeExpiration'})) {
+ my $connection = SNET::LdapNS::get_connection( $host );
- if ($pp->{'warning'}->{'timeBeforeExpiration'} > 0) {
+ if ( defined( $old ) ) {
+ $connection->passwd2( $dn, $old, $crypt );
+ } else {
+ $connection->passwd2( $dn, $salt, $crypt );
+ }
- my ($days, $hours, $minutes) = (gmtime($pp->{'warning'}->{'timeBeforeExpiration'}))[7,2,1];
- my @values = ();
- my @formats = ();
+ };
+ if ( $@ ) {
+ $error_msg .= '[' . $host . '] ' . $@ . ';';
+ $error++;
+ }
- if ($days == 1) {
- push (@formats, 'one day');
- }
- elsif ($days > 1) {
- push (@values, $days);
- push (@formats, '%d days');
- }
+ }
- if ($hours == 1) {
- push (@formats, 'one hour');
- }
- elsif ($hours > 1) {
- push (@values, $hours);
- push (@formats, '%d hours');
- }
+ };
+ if ( $@ ) {
+ $error++;
+ $error_msg .= $@;
+ }
- if ($minutes <= 1) {
- push (@formats, 'one minute');
- }
- elsif ($minutes > 1) {
- push (@values, $minutes);
- push (@formats, '%d minutes');
- }
+ $session->param( 'error', $error_msg ) if ( $error );
- my $message = sprintf('Your password will expire in '.join(', ', @formats), @values);
+}
- if ($days < 7) {
- $session->param('error', $message);
- }
- else {
- $session->param('message', $message);
- }
+sub fetch_net1_userinfos($)
+{
- }
- else {
- # no ppolicy, or no pwdChangedTime
- $session->param('message', 'Your password never expires');
- }
+ my $uid = shift;
- }
+ my $global_iniFile = new Config::IniFiles( -file => "/opt/etc/ini/global.ini" );
+ my $AiniFile = new Config::IniFiles( -file => $global_iniFile->val( 'INI', 'AD' ) );
+
+ my $ldap_ad = {
+ 'server' => $AiniFile->val( 'AD_NET1', 'SERVER' ),
+ 'user' => $AiniFile->val( 'AD_NET1', 'USER' ),
+ 'password' => $AiniFile->val( 'AD_NET1', 'PASSWORD' ),
+ 'label' => 'ad',
+ 'starttls' => 0,
+ 'debug' => 0,
+ 'verbose' => 0,
+ };
- }
+ die 'missing parameters' unless ( defined( $uid ) && ( $uid =~ m/^[a-z0-9]+$/i ) );
- $session->param('userMustChange', 0);
- refresh_userInfos;
+ SNET::LdapNS::ldapns_bind( $ldap_ad->{'server'}, $ldap_ad->{'user'}, $ldap_ad->{'password'}, $ldap_ad->{'label'}, 'LDAPISS', $ldap_ad->{'starttls'}, $ldap_ad->{'debug'}, $ldap_ad->{'verbose'} );
- }
+ my $connection = SNET::LdapNS::get_connection( $ldap_ad->{'label'} );
- encode_sessionauth($password);
+ my $userInfos = $connection->search(
+ base => 'OU=DIGIT,OU=DGs,DC=net1,DC=cec,DC=eu,DC=int',
+ scope => 'sub',
+ filter => '(sAMAccountName=' . $uid . ')',
+ attrs => [ 'mail', 'displayName' ]
+ );
- if ($userMustChange) {
- reset_tab_actions;
- display_passwd;
- }
+ die "user `$uid' not found in Net1 AD" unless defined( $userInfos );
+ die 'More than 1 entries fetched from the AD Net1' unless ( scalar( keys( %{$userInfos} ) ) == 1 );
- $session->param('tab', 'home') unless (defined($session->param('tab')));
+ return $userInfos;
}
-sub reconnect_ldap_snmc {
- return if ($connected);
- my $user = $session->param('user');
- my $password = decode_sessionauth;
- connect_ldap_snmc($user, $password, $isAdmin);
-}
+sub encode_sessionauth($)
+{
-sub refresh_ppolicy {
- return if defined($session->param('pwdPolicies'));
- eval {
+ my $password = shift;
- reconnect_ldap_snmc;
- my $pwdPolicies = SNET::LdapNS::getAllPwdPolicies($ldap_snmc->{'label'});
- if (1) {
- my $defaultPwdPolicy = SNET::LdapNS::getPwdPolicy(
- $ldap_snmc->{'label'}, $SNET::LdapNS::defaultPwdPolicy
- );
- my @keys = keys(%{$defaultPwdPolicy});
- $pwdPolicies->{$keys[0]} = $defaultPwdPolicy->{$keys[0]};
- }
- $session->param('pwdPolicies', $pwdPolicies);
-
- };
- if ($@) {
- $session->param('error', $@);
- redirect_homepage;
- }
-}
+ my $cipher = Crypt::CBC->new( -key => $key,
+ -cipher => 'Blowfish' );
+ my $sessionauth = encode_base64( $cipher->encrypt( $password ) );
+ chomp( $sessionauth );
+ $session->param( 'sessionauth', $sessionauth );
-sub refresh_posixAccounts {
- return if defined($session->param('posixAccounts'));
- eval {
- reconnect_ldap_snmc;
- my $posixAccounts = SNET::LdapNS::getAllPosixAccounts($ldap_snmc->{'label'});
- $session->param('posixAccounts', $posixAccounts);
- };
- if ($@) {
- $session->param('error', $@);
- redirect_homepage;
- }
}
-sub refresh_posixGroups {
- return if defined($session->param('posixGroups'));
- eval {
- reconnect_ldap_snmc;
- my $posixGroups = SNET::LdapNS::getAllPosixGroups($ldap_snmc->{'label'});
- $session->param('posixGroups', $posixGroups);
- };
- if ($@) {
- $session->param('error', $@);
- redirect_homepage;
- }
-}
+sub decode_sessionauth
+{
+
+ my $cipher = Crypt::CBC->new( -key => $key,
+ -cipher => 'Blowfish' );
+ my $password = $cipher->decrypt( decode_base64( $session->param( 'sessionauth' ) ) );
+ return $password;
-sub refresh_groupOfNames {
- return if defined($session->param('groupOfNames'));
- eval {
- reconnect_ldap_snmc;
- my $groupOfNames = SNET::LdapNS::getAllGroupOfNames($ldap_snmc->{'label'});
- $session->param('groupOfNames', $groupOfNames);
- };
- if ($@) {
- $session->param('error', $@);
- redirect_homepage;
- }
}
-sub refresh_userInfos {
+sub connect_ldap_snmc($$$)
+{
- print STDERR "ldap_NS.pl: entering refresh_userInfos\n" if ($debug >2);
+ my ( $user, $password, $isAdmin ) = @_;
- reconnect_ldap_snmc;
-
- eval {
- return if ($session->param('userMustChange') > 0);
- print STDERR "ldap_NS.pl: fetching `".$session->param('user')."' posixAccount\n" if ($debug >2);
- my $userInfos = SNET::LdapNS::getPosixAccount(
- $ldap_snmc->{'label'},
- $session->param('user')
- );
- $session->param('userInfos', $userInfos);
-
- print STDERR "ldap_NS.pl: checking user privileges ...\n" if ($debug >2);
- $isAdmin = SNET::LdapNS::isAdmin($ldap_snmc->{'label'});
- $session->param('isAdmin', $isAdmin);
- print STDERR "ldap_NS.pl: user ".(
- $isAdmin ? "is admin" : "is not admin"
- )."\n" if ($debug >2);
-
- };
- if ($@) {
- $session->param('error', $@);
- redirect_homepage;
- }
+ # overwrite debug for admin
+ $ldap_snmc->{'debug'} = $isAdmin;
-}
+ return if ( $connected );
-sub getsize_multipleselect($) {
+ $ldap_snmc->{'user'} = $user;
+ $ldap_snmc->{'password'} = $password;
- my $options = $_[0];
- my $size = 0;
+ print STDERR "ldap_NS.pl: creating connection to " . $ldap_snmc->{'server'} . " ...\n" if ( $debug > 2 );
- if (defined($options)) {
- if (ref($options) eq 'ARRAY') {
- $size = scalar(@{$options});
- }
- elsif (ref($options) eq 'HASH') {
- $size = scalar(keys(%{$options}));
+ my $pp = SNET::LdapNS::ldapns_bind( $ldap_snmc->{'server'}, $ldap_snmc->{'user'}, $ldap_snmc->{'password'}, $ldap_snmc->{'label'},
+ $audit_user, $ldap_snmc->{'starttls'}, $ldap_snmc->{'debug'}, $ldap_snmc->{'verbose'} );
+
+ print STDERR "ldap_NS.pl: connection established\n" if ( $debug > 2 );
+
+ if ( !defined( $session ) ) {
+ $session = new CGI::Session( 'driver:File', undef, { 'Directory' => $sessiondir } ) or die CGI::Session->errstr;
+ $sid = $session->id();
}
- }
- if ($size > 10) {
- $size = 10;
- }
- elsif ($size < 5) {
- $size = 5;
- }
+ $connected = 1;
- return $size;
+ $session->param( 'user', $user );
-}
+ # $error could have been set to 'invalid empty session'
+ # after a logout/login
+ undef $error;
+ $session->clear( ['error'] );
-sub print_ns_headers($) {
-
- my $title = shift;
- my $header_title = $cgi->h1( $cgi->a({href=>$homepage}, "SNet LdapNS") );
-
- my $cookies = [];
- push (@{$cookies},
- $cgi->cookie(
- -name => "SESSION_ID",
- -value => $session->id(),
- -path => '/cgi-bin/auth',
- -secure => 1,
- )
- ) if (defined($session));
-
- push (@{$cookies},
- $cgi->cookie(
- -name => "SESSION_KEY",
- -value => $key,
- -path => '/cgi-bin/auth',
- -secure => 1,
- )
- );
-
- my $template_header = HTML::Template->new(filename => $templatedir.'/ldapns_header.tmpl');
-
- $template_header->param('login', $LOGIN);
-
- $template_header->param('tab_home', $TAB_HOME);
- $template_header->param('isAdmin', $isAdmin);
- $template_header->param('userMustChange', $userMustChange);
- $template_header->param('info', $INFO);
- $template_header->param('passwd', $PASSWD);
-
- $template_header->param('tab_users', $TAB_USERS);
- $template_header->param('userinfos', $USERINFOS);
- $template_header->param('adduser', $ADDUSER);
- $template_header->param('deluser', $DELUSER);
- $template_header->param('moduser', $MODUSER);
- $template_header->param('reset', $RESET);
-
- $template_header->param('tab_groups', $TAB_GROUPS);
- $template_header->param('groupinfos', $GROUPINFOS);
- $template_header->param('addgroup', $ADDGROUP);
- $template_header->param('delgroup', $DELGROUP);
- $template_header->param('modgroup', $MODGROUP);
-
- $template_header->param('tab_policy', $TAB_POLICY);
- $template_header->param('policyinfos', $POLICYINFOS);
- $template_header->param('addpolicy', $ADDPOLICY);
- $template_header->param('delpolicy', $DELPOLICY);
- $template_header->param('modpolicy', $MODPOLICY);
-
- print $cgi->header(
- -charset => 'UTF-8',
- -cookie => $cookies,
- );
-
- # $title; $js_enable, $xport, $html, $header_title, $jsarray, $cssarray
- dg_header_html( $title, 0, 0, undef, $header_title, undef, ['css/ldapns.css']);
- print $template_header->output;
+ if ( defined( $pp->{'error'} ) ) {
-}
+ print STDERR "ldap_NS.pl: ppolicy error!\n" if ( $debug > 2 );
-sub print_ns_footers {
+ if ( $pp->{'error'} == LDAP_PP_PASSWORD_EXPIRED ) {
+ $session->param( 'error', 'Your password has expired' );
+ $session->param( 'userMustChange', 1 );
+ $userMustChange = 1;
+ $session->param( 'isAdmin', 0 );
+ $session->clear( ['userInfos'] );
+ } elsif ( $pp->{'error'} == LDAP_PP_CHANGE_AFTER_RESET ) {
+ $session->param( 'error', 'You must change your password immediately' );
+ $session->param( 'userMustChange', 1 );
+ $userMustChange = 1;
+ $session->param( 'isAdmin', 0 );
+ $session->clear( ['userInfos'] );
+ } else {
+ $session->param( 'error', 'Undefined password policy error(' . $pp->{'error'} . ')' );
+ $session->param( 'isAdmin', 0 );
+ }
+ } else {
- my $template_footer = HTML::Template->new(filename => $templatedir.'/ldapns_footer.tmpl');
- $template_footer->param('login', $LOGIN);
+ if ( defined( $pp->{'warning'} ) ) {
- parse_messages;
- $template_footer->param('error' => defined($error));
- $template_footer->param('error_msg' => $error);
- $template_footer->param('message' => defined($message));
- $template_footer->param('message_msg' => $message);
+ print STDERR "ldap_NS.pl: ppolicy warning!\n" if ( $debug > 2 );
- print $template_footer->output;
- print $cgi->end_html;
- exit 0;
+ if ( defined( $pp->{'warning'}->{'graceAuthNsRemaining'} ) ) {
+ $session->param( 'error', 'Grace authentications remaining: ' . $pp->{'warning'}->{'graceAuthNsRemaining'} );
+ } elsif ( defined( $pp->{'warning'}->{'timeBeforeExpiration'} ) ) {
-}
+ if ( $pp->{'warning'}->{'timeBeforeExpiration'} > 0 ) {
+ my ( $days, $hours, $minutes ) = ( gmtime( $pp->{'warning'}->{'timeBeforeExpiration'} ) )[ 7, 2, 1 ];
+ my @values = ();
+ my @formats = ();
-sub render_ppolicyinfos($;$) {
+ if ( $days == 1 ) {
+ push( @formats, 'one day' );
+ } elsif ( $days > 1 ) {
+ push( @values, $days );
+ push( @formats, '%d days' );
+ }
- my ($policyInfos, $audit) = @_;
- $audit = 0 unless defined($audit);
+ if ( $hours == 1 ) {
+ push( @formats, 'one hour' );
+ } elsif ( $hours > 1 ) {
+ push( @values, $hours );
+ push( @formats, '%d hours' );
+ }
- my $template = HTML::Template->new(filename => $templatedir.'/policyinfos.tmpl');
+ if ( $minutes <= 1 ) {
+ push( @formats, 'one minute' );
+ } elsif ( $minutes > 1 ) {
+ push( @values, $minutes );
+ push( @formats, '%d minutes' );
+ }
- foreach my $dn (sort { $a cmp $b } keys(%{$policyInfos})) {
- my $attrs = $policyInfos->{$dn};
- my @attrs;
- delete($attrs->{'auditinformation'}) unless ($audit);
- $attrs->{'objectclass'} = [qw(pwdPolicy)];
- foreach my $attr (sort { $a cmp $b } keys(%{$attrs})) {
- my $value = $attrs->{$attr};
- foreach my $val (@{$value}) {
+ my $message = sprintf( 'Your password will expire in ' . join( ', ', @formats ), @values );
- if (defined($SNET::LdapNS::pwdPolicyAttributes->{$attr})) {
- my $type = ${$SNET::LdapNS::pwdPolicyAttributes->{$attr}}[0];
- if ($type eq 'bool') {
- $val = lc("$val");
- }
- elsif ($type eq 'extbool') {
- if ($val <= 0) {
- $val = 'false';
- }
- elsif ($val == 1) {
- $val = 'true';
- }
- else {
- $val = 'strict';
- }
- }
- elsif ($type eq 'second') {
- $val = $val."s";
- }
-# elsif ($type eq 'int') {
-# }
- elsif ($type eq 'string') {
- next;
- }
- elsif ($type eq 'nbool') {
- $val = ($val > 0 ) ? 'counted' : 'forbidden';
- }
- }
- push(@attrs, {'attr' => $attr, 'value' => $val});
- }
- }
- $template->param('policydn' => $dn);
- $template->param('attrs' => \@attrs);
- print $template->output;
- }
+ if ( $days < 7 ) {
+ $session->param( 'error', $message );
+ } else {
+ $session->param( 'message', $message );
+ }
-}
+ } else {
+ # no ppolicy, or no pwdChangedTime
+ $session->param( 'message', 'Your password never expires' );
+ }
-sub render_userinfos($;$) {
+ }
- my ($userInfos, $audit) = @_;
- $audit = 0 unless defined($audit);
+ }
- my $template = HTML::Template->new(filename => $templatedir.'/userinfos.tmpl');
+ $session->param( 'userMustChange', 0 );
+ refresh_userInfos;
- foreach my $dn (sort { $a cmp $b } keys(%{$userInfos})) {
- my $attrs = $userInfos->{$dn};
- my @attrs;
- if (defined($attrs->{'pwdreset'})) {
- delete($attrs->{'pwdreset'});
- $template->param('reset' => 1);
- }
- else {
- $template->param('reset' => 0);
}
- delete($attrs->{'auditinformation'}) unless ($audit);
- foreach my $attr (sort { $a cmp $b } keys(%{$attrs})) {
- my $value = $attrs->{$attr};
- foreach (@{$value}) {
- push(@attrs, {'attr' => $attr, 'value' => $_});
- }
+
+ encode_sessionauth( $password );
+
+ if ( $userMustChange ) {
+ reset_tab_actions;
+ display_passwd;
}
- $template->param('userdn' => $dn);
- $template->param('attrs' => \@attrs);
- print $template->output;
- }
+
+ $session->param( 'tab', 'home' ) unless ( defined( $session->param( 'tab' ) ) );
}
-sub render_groupinfos($;$) {
+sub reconnect_ldap_snmc
+{
+ return if ( $connected );
+ my $user = $session->param( 'user' );
+ my $password = decode_sessionauth;
+ connect_ldap_snmc( $user, $password, $isAdmin );
+}
- my ($groupInfos, $audit) = @_;
- $audit = 0 unless defined($audit);
+sub refresh_ppolicy
+{
+ return if defined( $session->param( 'pwdPolicies' ) );
+ eval {
- my $template = HTML::Template->new(filename => $templatedir.'/groupinfos.tmpl');
+ reconnect_ldap_snmc;
+ my $pwdPolicies = SNET::LdapNS::getAllPwdPolicies( $ldap_snmc->{'label'} );
+ if ( 1 ) {
+ my $defaultPwdPolicy = SNET::LdapNS::getPwdPolicy( $ldap_snmc->{'label'}, $SNET::LdapNS::defaultPwdPolicy );
+ my @keys = keys( %{$defaultPwdPolicy} );
+ $pwdPolicies->{ $keys[0] } = $defaultPwdPolicy->{ $keys[0] };
+ }
+ $session->param( 'pwdPolicies', $pwdPolicies );
- foreach my $dn (sort { $a cmp $b } keys(%{$groupInfos})) {
- my $attrs = $groupInfos->{$dn};
- my $objectClass;
- if (defined($attrs->{'objectClass'})) {
- $objectClass = ${$attrs->{'objectClass'}}[0];
- delete($attrs->{'objectClass'});
- }
- delete($attrs->{'auditinformation'}) unless ($audit);
- my @attrs;
- foreach my $attr (sort { $a cmp $b } keys(%{$attrs})) {
- my $value = $attrs->{$attr};
- foreach (@{$value}) {
- push(@attrs, {'attr' => $attr, 'value' => $_});
- }
- }
- if (defined($objectClass)) {
- unshift(@attrs, {'attr' => 'objectclass', 'value' => $objectClass} );
+ };
+ if ( $@ ) {
+ $session->param( 'error', $@ );
+ redirect_homepage;
}
- $template->param('groupdn' => $dn);
- $template->param('attrs' => \@attrs);
- print $template->output;
- }
+}
+sub refresh_posixAccounts
+{
+ return if defined( $session->param( 'posixAccounts' ) );
+ eval {
+ reconnect_ldap_snmc;
+ my $posixAccounts = SNET::LdapNS::getAllPosixAccounts( $ldap_snmc->{'label'} );
+ $session->param( 'posixAccounts', $posixAccounts );
+ };
+ if ( $@ ) {
+ $session->param( 'error', $@ );
+ redirect_homepage;
+ }
}
-sub get_default_description($) {
-
- my $group = shift;
- my @description;
-
- if ($group eq 'iss3') {
- push(@description, 'CWRA');
- }
- elsif ($group eq 'network') {
- push(@description, 'CWRW');
- }
- elsif ($group eq 'security') {
- push(@description, 'CWRO');
- }
- elsif ($group eq 'official') {
- push(@description, 'CWRO');
- }
- else {
- return undef;
- }
- return \@description;
+sub refresh_posixGroups
+{
+ return if defined( $session->param( 'posixGroups' ) );
+ eval {
+ reconnect_ldap_snmc;
+ my $posixGroups = SNET::LdapNS::getAllPosixGroups( $ldap_snmc->{'label'} );
+ $session->param( 'posixGroups', $posixGroups );
+ };
+ if ( $@ ) {
+ $session->param( 'error', $@ );
+ redirect_homepage;
+ }
}
-sub display_userinfos {
-
- $USERINFOS = 1;
-
- refresh_posixAccounts;
-
- my $userInfos;
- my $options = {};
-
- my $validate = {
- uid => 'UID',
- };
-
- my $form = CGI::FormBuilder->new(
- name => 'ldapns_userinfos_form',
- header => 0,
- stylesheet => 1,
- styleclass => 'ldapns_fb',
- text => 'Display user',
- fields => [qw(uid audit)],
- template => $templatedir.'/selectuser.tmpl',
- method => 'post',
- javascript => 1,
- validate => $validate,
- required => 'uid',
- submit => 'Display',
- );
-
- my $posixAccounts = $session->param('posixAccounts');
- foreach my $values (values(%{$posixAccounts})) {
- my $uid = ${$values->{'uid'}}[0];
- my $gecos = ${$values->{'gecos'}}[0];
- $options->{$uid} = $uid.' - '.$gecos;
- }
-
- if ($form->submitted eq 'Display') {
+sub refresh_groupOfNames
+{
+ return if defined( $session->param( 'groupOfNames' ) );
eval {
- die 'invalid parameters' unless $form->validate;
- my @uids = $form->field(name => 'uid');
- die 'You must select at least one user' unless (scalar(@uids) > 0);
+ reconnect_ldap_snmc;
+ my $groupOfNames = SNET::LdapNS::getAllGroupOfNames( $ldap_snmc->{'label'} );
+ $session->param( 'groupOfNames', $groupOfNames );
+ };
+ if ( $@ ) {
+ $session->param( 'error', $@ );
+ redirect_homepage;
+ }
+}
- map { die "invalid uid `$_'" unless defined($options->{$_}) } @uids;
+sub refresh_userInfos
+{
- reconnect_ldap_snmc;
+ print STDERR "ldap_NS.pl: entering refresh_userInfos\n" if ( $debug > 2 );
- foreach my $uid (@uids) {
- my $infos = SNET::LdapNS::getPosixAccount(
- $ldap_snmc->{'label'},
- $uid
- );
- while (my ($k, $v) = each (%{$infos})) {
- $userInfos->{$k} = $v;
- }
- }
+ reconnect_ldap_snmc;
+
+ eval {
+ return if ( $session->param( 'userMustChange' ) > 0 );
+ print STDERR "ldap_NS.pl: fetching `" . $session->param( 'user' ) . "' posixAccount\n" if ( $debug > 2 );
+ my $userInfos = SNET::LdapNS::getPosixAccount( $ldap_snmc->{'label'}, $session->param( 'user' ) );
+ $session->param( 'userInfos', $userInfos );
+
+ print STDERR "ldap_NS.pl: checking user privileges ...\n" if ( $debug > 2 );
+ $isAdmin = SNET::LdapNS::isAdmin( $ldap_snmc->{'label'} );
+ $session->param( 'isAdmin', $isAdmin );
+ print STDERR "ldap_NS.pl: user " . ( $isAdmin ? "is admin" : "is not admin" ) . "\n" if ( $debug > 2 );
};
- if ($@) {
- $session->param('error', $@);
- undef $userInfos;
- }
- }
-
- $form->field(
- name => 'audit',
- type => 'checkbox',
- comment => 'Display auditInformation?',
- options => 'yes',
- selected => 0,
- );
-
- $form->field(
- name => 'uid',
- options => $options,
- sortopts => 'NAME',
- type => 'select',
- size => getsize_multipleselect($options),
- multiple => 1,
- );
-
- my $audit = (
- defined($form->field(name => 'audit'))
- );
-
- print_ns_headers("LdapNS display users");
- print $form->render;
- render_userinfos($userInfos, $audit) if defined($userInfos);
- print_ns_footers;
+ if ( $@ ) {
+ $session->param( 'error', $@ );
+ redirect_homepage;
+ }
}
-sub display_adduser {
+sub getsize_multipleselect($)
+{
- $ADDUSER = 1;
+ my $options = $_[0];
+ my $size = 0;
- refresh_posixAccounts;
- refresh_posixGroups;
+ if ( defined( $options ) ) {
+ if ( ref( $options ) eq 'ARRAY' ) {
+ $size = scalar( @{$options} );
+ } elsif ( ref( $options ) eq 'HASH' ) {
+ $size = scalar( keys( %{$options} ) );
+ }
+ }
- my $options = {};
-
- my $jsfunc = <<'EOJS';
- // skip js validation if fetching userInfos from Net1
- if (form._submitted_value.value.match(/^Refresh/)) {
- var uid = form.elements['uid'].value;
- var group = form.elements['group'].value;
- if ((uid == null) && (group == null)) {
- alert('Please fill uid and/or group prior to Refresh');
- }
- return true;
+ if ( $size > 10 ) {
+ $size = 10;
+ } elsif ( $size < 5 ) {
+ $size = 5;
}
-EOJS
- my $validate = {
- IM => 'IM',
- uid => 'UID',
- uidNumber => 'UIDNUMBER',
- mail => 'EMAIL',
- gecos => 'GECOS',
- group => 'GIDNUMBER',
- description => 'DESCRIPTION',
- };
-
- my $fields = [qw(IM uid mail gecos group)];
-
- my $form_fields = [qw(_submitted_value IM uid uidNumber mail gecos group description)];
- push (@{$form_fields}, 'synchronize') if ($mod_synchro);
-
- my $form = CGI::FormBuilder->new(
- name => 'ldapns_adduser_form',
- header => 0,
- stylesheet => 1,
- styleclass => 'ldapns_fb',
- text => 'Add user',
- fields => $form_fields,
- template => $templatedir.'/adduser.tmpl',
- method => 'post',
- javascript => 1,
- jsfunc => $jsfunc,
- validate => $validate,
- required => $fields,
- reset => 1,
- );
-
- if ($mod_synchro) {
- $form->field(
- name => 'synchronize',
- type => 'checkbox',
- comment => 'Synchronize with old LDAP database?',
- options => 'yes',
- );
- $form->field(
- name => 'synchronize',
- value => 'yes'
- ) unless ($form->submitted);
- }
- $form->tmpl_param('mod_synchro' => $mod_synchro);
-
- $form->field(
- name => 'description',
- comment => 'optional',
- growable => 1,
- );
- $form->field(
- name => '_submitted_value',
- type => 'hidden',
- );
- $form->field(
- name => 'uidNumber',
- comment => 'optional [2000..9999]',
- );
- $form->field(
- name => 'IM',
- comment => 'SMT ticket number',
- );
- $form->field(
- name => 'gecos',
- comment => 'LASTNAME Firstname',
- );
- $form->field(
- name => 'group',
- comment => 'refresh Description',
- );
- $form->field(
- name => 'uid',
- comment => 'fetch Mail & Gecos',
- );
-
- my $posixGroups = $session->param('posixGroups');
- foreach my $values (values(%{$posixGroups})) {
- my $cn = ${$values->{'cn'}}[0];
- my $gidNumber = ${$values->{'gidnumber'}}[0];
- $options->{$gidNumber} = $cn;
- }
-
- if (scalar(keys(%{$options})) == 0) {
- $session->param('error', 'Unable to fetch available posixGroups');
- redirect('?tab=groups&action=addgroup');
- }
-
- if (($form->submitted eq 'Uid') || ($form->submitted eq 'Group')) {
+ return $size;
- eval {
+}
- foreach my $field (@{$fields}) {
- $form->field(
- 'name' => $field,
- required => 0
- );
- }
- my $valid = 0;
- $form->field('name' => 'uid', required => 1);
- $valid += $form->validate;
- $form->field('name' => 'uid', required => 0);
- $form->field('name' => 'group', required => 1);
- $valid += $form->validate;
+sub print_ns_headers($)
+{
+
+ my $title = shift;
+ my $header_title = $cgi->h1( $cgi->a( { href => $homepage }, "SNet LdapNS" ) );
+
+ my $cookies = [];
+ push(
+ @{$cookies},
+ $cgi->cookie(
+ -name => "SESSION_ID",
+ -value => $session->id(),
+ -path => '/cgi-bin/auth',
+ -secure => 1,
+ )
+ ) if ( defined( $session ) );
+
+ push(
+ @{$cookies},
+ $cgi->cookie(
+ -name => "SESSION_KEY",
+ -value => $key,
+ -path => '/cgi-bin/auth',
+ -secure => 1,
+ )
+ );
- die 'invalid parameters' unless $valid;
+ my $template_header = HTML::Template->new( filename => $templatedir . '/ldapns_header.tmpl' );
- my $uid = $form->field(name => 'uid');
- if (defined($uid) && length($uid)) {
- my $userInfos = fetch_net1_userinfos($uid);
- my @keys = keys(%{$userInfos});
- my $dn = $keys[0];
+ $template_header->param( 'login', $LOGIN );
- $form->field(
- name => 'mail',
- force => 1,
- value => ${$userInfos->{$dn}->{'mail'}}[0],
- ) if defined($userInfos->{$dn}->{'mail'});
-
- if (defined($userInfos->{$dn}->{'displayname'})) {
- my $gecos = ${$userInfos->{$dn}->{'displayname'}}[0];
- $gecos =~ s/\s+\(.*$//;
- $form->field(
- name => 'gecos',
- force => 1,
- value => $gecos,
- );
- }
- }
+ $template_header->param( 'tab_home', $TAB_HOME );
+ $template_header->param( 'isAdmin', $isAdmin );
+ $template_header->param( 'userMustChange', $userMustChange );
+ $template_header->param( 'info', $INFO );
+ $template_header->param( 'passwd', $PASSWD );
- my $group = $form->field(name => 'group');
- if (defined($group) && length($group)) {
- my $description = get_default_description($options->{$group});
- $form->field(
- name => 'description',
- force => 1,
- value => $description,
- );
- }
+ $template_header->param( 'tab_users', $TAB_USERS );
+ $template_header->param( 'userinfos', $USERINFOS );
+ $template_header->param( 'adduser', $ADDUSER );
+ $template_header->param( 'adduserprofile', $ADDUSERPROFILE );
+ $template_header->param( 'deluser', $DELUSER );
+ $template_header->param( 'moduser', $MODUSER );
+ $template_header->param( 'reset', $RESET );
- };
- if ($@) {
- $session->param('error', $@);
- }
+ $template_header->param( 'tab_groups', $TAB_GROUPS );
+ $template_header->param( 'groupinfos', $GROUPINFOS );
+ $template_header->param( 'addgroup', $ADDGROUP );
+ $template_header->param( 'delgroup', $DELGROUP );
+ $template_header->param( 'modgroup', $MODGROUP );
- }
- elsif ($form->submitted eq 'Add') {
+ $template_header->param( 'tab_policy', $TAB_POLICY );
+ $template_header->param( 'policyinfos', $POLICYINFOS );
+ $template_header->param( 'addpolicy', $ADDPOLICY );
+ $template_header->param( 'delpolicy', $DELPOLICY );
+ $template_header->param( 'modpolicy', $MODPOLICY );
- my $entry;
+ print $cgi->header( -charset => 'UTF-8',
+ -cookie => $cookies, );
- eval {
+ # $title; $js_enable, $xport, $html, $header_title, $jsarray, $cssarray
+ dg_header_html( $title, 0, 0, undef, $header_title, undef, ['css/ldapns.css'] );
+ print $template_header->output;
- die 'invalid parameters' unless $form->validate($validate);
+}
- my $uidNumber = $form->field(name => 'uidNumber') || undef;
- my $uid = $form->field(name => 'uid');
+sub print_ns_footers
+{
- my $posixAccounts = $session->param('posixAccounts');
- foreach my $values (values(%{$posixAccounts})) {
- die "user `$uid' already exists" if (
- $uid eq ${$values->{'uid'}}[0]
- );
- next unless defined($uidNumber);
- die "user id `$uidNumber' already exists" if (
- $uidNumber == ${$values->{'uidnumber'}}[0]
- );
- }
+ my $template_footer = HTML::Template->new( filename => $templatedir . '/ldapns_footer.tmpl' );
+ $template_footer->param( 'login', $LOGIN );
- my $group = $form->field(name => 'group');
- my $description = get_default_description($options->{$group});
- $description = [] unless defined($description);
+ parse_messages;
+ $template_footer->param( 'error' => defined( $error ) );
+ $template_footer->param( 'error_msg' => $error );
+ $template_footer->param( 'message' => defined( $message ) );
+ $template_footer->param( 'message_msg' => $message );
- if (defined($form->field(name => 'description'))) {
- push(@{$description}, $form->field(name => 'description'));
- }
+ print $template_footer->output;
+ print $cgi->end_html;
+ exit 0;
- my %uniq_description;
- foreach my $desc (@{$description}) {
- $uniq_description{$desc}++;
- }
- $description = [];
- foreach my $desc (keys(%uniq_description)) {
- push(@{$description}, $desc) if (
- defined($desc)
- &&
- length($desc)
- );
- }
- undef $description unless (scalar(@{$description}));
+}
- print STDERR "description is defined: ".(defined($description))."\n";
+sub render_ppolicyinfos($;$)
+{
+
+ my ( $policyInfos, $audit ) = @_;
+ $audit = 0 unless defined( $audit );
+
+ my $template = HTML::Template->new( filename => $templatedir . '/policyinfos.tmpl' );
+
+ foreach my $dn ( sort { $a cmp $b } keys( %{$policyInfos} ) ) {
+ my $attrs = $policyInfos->{$dn};
+ my @attrs;
+ delete( $attrs->{'auditinformation'} ) unless ( $audit );
+ $attrs->{'objectclass'} = [qw(pwdPolicy)];
+ foreach my $attr ( sort { $a cmp $b } keys( %{$attrs} ) ) {
+ my $value = $attrs->{$attr};
+ foreach my $val ( @{$value} ) {
+
+ if ( defined( $SNET::LdapNS::pwdPolicyAttributes->{$attr} ) ) {
+ my $type = ${ $SNET::LdapNS::pwdPolicyAttributes->{$attr} }[0];
+ if ( $type eq 'bool' ) {
+ $val = lc( "$val" );
+ } elsif ( $type eq 'extbool' ) {
+ if ( $val <= 0 ) {
+ $val = 'false';
+ } elsif ( $val == 1 ) {
+ $val = 'true';
+ } else {
+ $val = 'strict';
+ }
+ } elsif ( $type eq 'second' ) {
+ $val = $val . "s";
+ }
+
+ # elsif ($type eq 'int') {
+ # }
+ elsif ( $type eq 'string' ) {
+ next;
+ } elsif ( $type eq 'nbool' ) {
+ $val = ( $val > 0 ) ? 'counted' : 'forbidden';
+ }
+ }
+ push( @attrs, { 'attr' => $attr, 'value' => $val } );
+ }
+ }
+ $template->param( 'policydn' => $dn );
+ $template->param( 'attrs' => \@attrs );
+ print $template->output;
+ }
- reconnect_ldap_snmc;
- $entry = SNET::LdapNS::addPosixAccount(
- $ldap_snmc->{'label'},
- $form->field(name => 'IM'),
- $uid,
- $group,
- $form->field(name => 'gecos'),
- $form->field(name => 'mail'),
- $uidNumber,
- $description,
- ) or die "Unable to create LDAP entry for `$uid'";
+}
- $session->clear(['posixAccounts']);
+sub render_userinfos($;$)
+{
- };
- if ($@) {
- $session->param('error', $@);
- }
- else {
+ my ( $userInfos, $audit ) = @_;
+ $audit = 0 unless defined( $audit );
- my @attributes = $entry->attributes(nooptions => 1);
- my $dn = $entry->dn;
- my $userInfos;
+ my $template = HTML::Template->new( filename => $templatedir . '/userinfos.tmpl' );
- eval {
- $userInfos = SNET::LdapNS::getPosixAccount(
- $ldap_snmc->{'label'},
- $dn
- );
- };
- if ($@) {
- print STDERR "unable to fetch userInfos for `$dn': $@\n";
- $userInfos = {
- $dn => {},
- };
- foreach my $attr (@attributes) {
- next if ($attr =~ m/objectclass/i);
- next if ($attr =~ m/shadow/i);
- next if ($attr =~ m/^cn|sn$/i);
- $userInfos->{$dn}->{lc($attr)} = $entry->get_value($attr, asref => 1);
+ foreach my $dn ( sort { $a cmp $b } keys( %{$userInfos} ) ) {
+ my $attrs = $userInfos->{$dn};
+ my @attrs;
+ if ( defined( $attrs->{'pwdreset'} ) ) {
+ delete( $attrs->{'pwdreset'} );
+ $template->param( 'reset' => 1 );
+ } else {
+ $template->param( 'reset' => 0 );
}
- }
- else {
- print STDERR "looking good, fetched userInfos for `$dn'\n";
- foreach my $attr (@attributes) {
- next unless (
- ($attr =~ m/userPassword/i)
- ||
- ($attr =~ m/auditinformation/i)
- );
- $userInfos->{$dn}->{lc($attr)} = $entry->get_value($attr, asref => 1);
+ delete( $attrs->{'auditinformation'} ) unless ( $audit );
+ foreach my $attr ( sort { $a cmp $b } keys( %{$attrs} ) ) {
+ my $value = $attrs->{$attr};
+ foreach ( @{$value} ) {
+ push( @attrs, { 'attr' => $attr, 'value' => $_ } );
+ }
}
- }
+ $template->param( 'userdn' => $dn );
+ $template->param( 'attrs' => \@attrs );
+ print $template->output;
+ }
+
+}
+
+sub render_groupinfos($;$)
+{
- synchronize_add_users($userInfos, defined($form->field(name => 'synchronize')));
+ my ( $groupInfos, $audit ) = @_;
+ $audit = 0 unless defined( $audit );
- $session->param('message', 'user added successfully');
- print_ns_headers("LdapNS add users");
- render_userinfos($userInfos);
- print_ns_footers;
+ my $template = HTML::Template->new( filename => $templatedir . '/groupinfos.tmpl' );
+ foreach my $dn ( sort { $a cmp $b } keys( %{$groupInfos} ) ) {
+ my $attrs = $groupInfos->{$dn};
+ my $objectClass;
+ if ( defined( $attrs->{'objectClass'} ) ) {
+ $objectClass = ${ $attrs->{'objectClass'} }[0];
+ delete( $attrs->{'objectClass'} );
+ }
+ delete( $attrs->{'auditinformation'} ) unless ( $audit );
+ my @attrs;
+ foreach my $attr ( sort { $a cmp $b } keys( %{$attrs} ) ) {
+ my $value = $attrs->{$attr};
+ foreach ( @{$value} ) {
+ push( @attrs, { 'attr' => $attr, 'value' => $_ } );
+ }
+ }
+ if ( defined( $objectClass ) ) {
+ unshift( @attrs, { 'attr' => 'objectclass', 'value' => $objectClass } );
+ }
+ $template->param( 'groupdn' => $dn );
+ $template->param( 'attrs' => \@attrs );
+ print $template->output;
}
- }
+}
- $form->field(
- name => 'group',
- options => $options,
- type => 'select',
- size => getsize_multipleselect($options),
- sortopts => 'NAME',
- selectname => 0,
- multiple => 0,
- );
+sub get_default_description($)
+{
- print_ns_headers("LdapNS add users");
- print $form->render;
- print_ns_footers;
+ my $group = shift;
+ my @description;
+ if ( $group eq 'ss' ) {
+ push( @description, 'CWRA' );
+ } elsif ( $group eq 'network' ) {
+ push( @description, 'CWRW' );
+ } elsif ( $group eq 'security' ) {
+ push( @description, 'CWRW' );
+ } elsif ( $group eq 'official' ) {
+ push( @description, 'CWRO' );
+ } else {
+ return undef;
+ }
+ return \@description;
}
+sub display_userinfos
+{
-sub display_deluser {
+ $USERINFOS = 1;
- $DELUSER = 1;
+ refresh_posixAccounts;
- refresh_posixAccounts;
+ my $userInfos;
+ my $options = {};
+
+ my $validate = { uid => 'UID', };
+
+ my $form = CGI::FormBuilder->new(
+ name => 'ldapns_userinfos_form',
+ header => 0,
+ stylesheet => 1,
+ styleclass => 'ldapns_fb',
+ text => 'Display user',
+ fields => [qw(uid audit)],
+ template => $templatedir . '/selectuser.tmpl',
+ method => 'post',
+ javascript => 1,
+ validate => $validate,
+ required => 'uid',
+ submit => 'Display',
+ );
- my $options = {};
- my $deluser = $session->param('deluser');
- my $type = 'select';
-
- my $jsfunc = <<'EOJS';
- // skip on Cancel
- if (form._submitted_value.value == 'Cancel') {
- return true;
+ my $posixAccounts = $session->param( 'posixAccounts' );
+ foreach my $values ( values( %{$posixAccounts} ) ) {
+ my $uid = ${ $values->{'uid'} }[0];
+ my $gecos = ${ $values->{'gecos'} }[0];
+ $options->{$uid} = $uid . ' - ' . $gecos;
}
-EOJS
- my $validate = {
- IM => 'IM',
- uid => 'UID',
- };
-
- my $form_fields = [qw(_submitted_value IM uid)];
- push (@{$form_fields}, 'synchronize') if ($mod_synchro);
-
- my $form = CGI::FormBuilder->new(
- name => 'ldapns_deluser_form',
- header => 0,
- stylesheet => 1,
- styleclass => 'ldapns_fb',
- text => 'Delete user',
- fields => $form_fields,
- template => $templatedir.'/deluser.tmpl',
- method => 'post',
- required => [qw(IM uid)],
- javascript => 1,
- sticky => 1,
- selectname => 0,
- jsfunc => $jsfunc,
- validate => $validate,
- );
-
- if ($mod_synchro) {
- $form->field(
- name => 'synchronize',
- type => 'checkbox',
- comment => 'Synchronize with old LDAP database?',
- options => 'yes',
- );
- $form->field(
- name => 'synchronize',
- value => 'yes'
- ) unless ($form->submitted);
- }
- $form->tmpl_param('mod_synchro' => $mod_synchro);
+ if ( $form->submitted eq 'Display' ) {
+ eval {
+ die 'invalid parameters' unless $form->validate;
+ my @uids = $form->field( name => 'uid' );
+ die 'You must select at least one user' unless ( scalar( @uids ) > 0 );
+ map { die "invalid uid `$_'" unless defined( $options->{$_} ) } @uids;
- $form->field(
- name => '_submitted_value',
- type => 'hidden',
- );
- $form->field(
- name => 'IM',
- comment => 'SMT ticket number',
- );
+ reconnect_ldap_snmc;
- if ($form->submitted eq 'Delete') {
+ foreach my $uid ( @uids ) {
+ my $infos = SNET::LdapNS::getPosixAccount( $ldap_snmc->{'label'}, $uid );
+ while ( my ( $k, $v ) = each( %{$infos} ) ) {
+ $userInfos->{$k} = $v;
+ }
+ }
- eval {
+ };
+ if ( $@ ) {
+ $session->param( 'error', $@ );
+ undef $userInfos;
+ }
+ }
- die 'invalid parameters' unless $form->validate($validate);
- my @uids = $form->field(name => 'uid');
- die 'You must select a single user' unless (scalar(@uids) == 1);
-
- $deluser->{'IM'} = $form->field(name => 'IM');
- foreach my $uid (@uids) {
- $options->{$uid} = $deluser->{'options'}->{$uid}
- or die "invalid uid `$uid'";
- }
- $deluser->{'options'} = $options;
- $session->param('deluser', $deluser);
-
- };
- if ($@) {
- $session->param('error', $@);
- display_blank("LdapNS delete users");
- }
-
- $type = 'checkbox';
- $form->field(name => 'uid', disabled => 1);
- $form->field(name => 'IM', disabled => 1);
-
- $form->tmpl_param('submit1' => 'Confirm');
- $form->tmpl_param('submit2' => 1);
- $form->tmpl_param('submit2_value' => 'Cancel');
-
- }
- elsif ($form->submitted eq 'Confirm') {
- my $deluser = $session->param('deluser');
- my @uids = keys(%{$deluser->{'options'}});
- my $IM = $deluser->{'IM'};
- my @deleted_uid;
- my $uid;
- eval {
- reconnect_ldap_snmc;
- foreach $uid (@uids) {
- SNET::LdapNS::deletePosixAccount(
- $ldap_snmc->{'label'},
- $IM,
- $uid
- );
- push(@deleted_uid, $uid);
- synchronize_del_users($uid, defined($form->field(name => 'synchronize')));
- }
- };
- if ($@) {
- $session->param('error', $@);
- }
- if (scalar(@deleted_uid)) {
- print STDERR 'Successful deletion of '.join(', ', @deleted_uid)."\n";
- $session->param('message', 'Successful deletion of '.join(', ', @deleted_uid));
- $session->clear(['posixAccounts']);
- }
- $session->clear(['deluser']);
- display_blank("LdapNS delete users");
- }
- elsif ($form->submitted eq 'Cancel') {
- $session->param('error', 'delete operation cancelled');
- $session->clear(['deluser']);
- display_blank("LdapNS delete users");
- }
- else {
- my $posixAccounts = $session->param('posixAccounts');
- foreach my $values (values(%{$posixAccounts})) {
- my $uid = ${$values->{'uid'}}[0];
- next if ($uid eq $session->param('user'));
- my $gecos = ${$values->{'gecos'}}[0];
- $options->{$uid} = $uid.' - '.$gecos;
- }
- $deluser->{'options'} = $options;
- $session->param('deluser', $deluser);
- $form->tmpl_param('submit1' => 'Delete');
- }
-
- if (scalar(keys(%{$options})) == 0) {
- $session->param('error', 'Unable to fetch available posixAccounts');
- display_blank("LdapNS delete users");
- }
-
- $form->field(
- name => 'uid',
- options => $options,
- sortopts => 'NAME',
- linebreaks => 1,
- type => $type,
- multiple => 0,
- );
-
- if ($type eq 'select') {
$form->field(
- size => getsize_multipleselect($options),
+ name => 'audit',
+ type => 'checkbox',
+ comment => 'Display auditInformation?',
+ options => 'yes',
+ selected => 0,
);
- }
- print_ns_headers("LdapNS delete users");
- print $form->render();
- print_ns_footers;
+ $form->field(
+ name => 'uid',
+ options => $options,
+ sortopts => 'NAME',
+ type => 'select',
+ size => getsize_multipleselect( $options ),
+ multiple => 1,
+ );
-}
+ my $audit = ( defined( $form->field( name => 'audit' ) ) );
+
+ print_ns_headers( "LdapNS display users" );
+ print $form->render;
+ render_userinfos( $userInfos, $audit ) if defined( $userInfos );
+ print_ns_footers;
-sub display_moduser {
- $MODUSER = 1;
- $session->param('error', 'Not yet implemented');
- display_blank("LdapNS modify users");
}
-sub display_reset {
+sub display_adduser
+{
- $RESET = 1;
+ $ADDUSER = 1;
- refresh_posixAccounts;
+ refresh_posixAccounts;
+ refresh_posixGroups;
- my $options = {};
- my $reset = $session->param('reset');
- my $type = 'select';
+ my $options = {};
- my $jsfunc = <<'EOJS';
- // skip on Cancel
- if (form._submitted_value.value == 'Cancel') {
+ my $jsfunc = <<'EOJS';
+ // skip js validation if fetching userInfos from Net1
+ if (form._submitted_value.value.match(/^Refresh/)) {
+ var uid = form.elements['uid'].value;
+ var group = form.elements['group'].value;
+ if ((uid == null) && (group == null)) {
+ alert('Please fill uid and/or group prior to Refresh');
+ }
return true;
}
EOJS
- my $validate = {
- uid => 'UID',
- };
-
- my $form_fields = [qw(_submitted_value uid)];
- push (@{$form_fields}, 'synchronize') if ($mod_synchro);
-
- my $form = CGI::FormBuilder->new(
- name => 'ldapns_reset_form',
- header => 0,
- stylesheet => 1,
- styleclass => 'ldapns_fb',
- text => 'Reset password',
- fields => $form_fields,
- template => $templatedir.'/reset.tmpl',
- method => 'post',
- required => [qw(uid)],
- javascript => 1,
- selectname => 0,
- jsfunc => $jsfunc,
- validate => $validate,
- );
-
- if ($mod_synchro) {
- $form->field(
- name => 'synchronize',
- type => 'checkbox',
- comment => 'Synchronize with old LDAP database?',
- options => 'yes',
+ my $validate = {
+ IM => 'IM',
+ uid => 'UID',
+ uidNumber => 'UIDNUMBER',
+ mail => 'EMAIL',
+ gecos => 'GECOS',
+ group => 'GIDNUMBER',
+ description => 'DESCRIPTION',
+ };
+
+ my $fields = [qw(IM uid mail gecos group)];
+
+ my $form_fields = [qw(_submitted_value IM uid uidNumber mail gecos group description)];
+ push( @{$form_fields}, 'synchronize' ) if ( $mod_synchro );
+
+ my $form = CGI::FormBuilder->new(
+ name => 'ldapns_adduser_form',
+ header => 0,
+ stylesheet => 1,
+ styleclass => 'ldapns_fb',
+ text => 'Add user',
+ fields => $form_fields,
+ template => $templatedir . '/adduser.tmpl',
+ method => 'post',
+ javascript => 1,
+ jsfunc => $jsfunc,
+ validate => $validate,
+ required => $fields,
+ reset => 1,
);
- $form->field(
- name => 'synchronize',
- value => 'yes'
- ) unless ($form->submitted);
- }
- $form->tmpl_param('mod_synchro' => $mod_synchro);
-
- $form->field(
- name => '_submitted_value',
- type => 'hidden',
- );
-
- if ($form->submitted eq 'Reset') {
- eval {
- die 'invalid parameters' unless $form->validate($validate);
- my @uids = $form->field(name => 'uid');
- die 'You must select a single user' unless (scalar(@uids) == 1);
+ if ( $mod_synchro ) {
+ $form->field(
+ name => 'synchronize',
+ type => 'checkbox',
+ comment => 'Synchronize with old LDAP database?',
+ options => 'yes',
+ );
+ $form->field(
+ name => 'synchronize',
+ value => 'yes'
+ ) unless ( $form->submitted );
+ }
+ $form->tmpl_param( 'mod_synchro' => $mod_synchro );
- my $uid = shift(@uids);
- $options->{$uid} = $reset->{'options'}->{$uid}
- or die "invalid uid `$uid'";
+ $form->field(
+ name => 'description',
+ comment => 'optional',
+ growable => 1,
+ );
+ $form->field( name => '_submitted_value',
+ type => 'hidden', );
+ $form->field( name => 'uidNumber',
+ comment => 'optional [2000..9999]', );
+ $form->field( name => 'IM',
+ comment => 'SMT ticket number', );
+ $form->field( name => 'gecos',
+ comment => 'LASTNAME Firstname', );
+ $form->field( name => 'group',
+ comment => 'refresh Description', );
+ $form->field( name => 'uid',
+ comment => 'fetch Mail & Gecos', );
- $reset->{'options'} = $options;
- $session->param('reset', $reset);
+ my $posixGroups = $session->param( 'posixGroups' );
+ foreach my $values ( values( %{$posixGroups} ) ) {
+ my $cn = ${ $values->{'cn'} }[0];
+ my $gidNumber = ${ $values->{'gidnumber'} }[0];
+ $options->{$gidNumber} = $cn;
+ }
- };
- if ($@) {
- $session->param('error', $@);
- display_blank("LdapNS reset passwords");
+ if ( scalar( keys( %{$options} ) ) == 0 ) {
+ $session->param( 'error', 'Unable to fetch available posixGroups' );
+ redirect( '?tab=groups&action=addgroup' );
}
- $type = 'checkbox';
- $form->field(name => 'uid', disabled => 1);
+ if ( ( $form->submitted eq 'Uid' ) || ( $form->submitted eq 'Group' ) ) {
- $form->tmpl_param('submit1' => 'Confirm');
- $form->tmpl_param('submit2' => 1);
- $form->tmpl_param('submit2_value' => 'Cancel');
+ eval {
- }
- elsif ($form->submitted eq 'Confirm') {
- my $reset = $session->param('reset');
- my @uids = keys(%{$reset->{'options'}});
- my $uid = shift(@uids);
- eval {
+ foreach my $field ( @{$fields} ) {
+ $form->field( 'name' => $field,
+ required => 0 );
+ }
+ my $valid = 0;
+ $form->field( 'name' => 'uid', required => 1 );
+ $valid += $form->validate;
+ $form->field( 'name' => 'uid', required => 0 );
+ $form->field( 'name' => 'group', required => 1 );
+ $valid += $form->validate;
+
+ die 'invalid parameters' unless $valid;
+
+ my $uid = $form->field( name => 'uid' );
+ if ( defined( $uid ) && length( $uid ) ) {
+ my $userInfos = fetch_net1_userinfos( $uid );
+ my @keys = keys( %{$userInfos} );
+ my $dn = $keys[0];
+
+ $form->field(
+ name => 'mail',
+ force => 1,
+ value => lc( ${ $userInfos->{$dn}->{'mail'} }[0] ),
+ ) if defined( $userInfos->{$dn}->{'mail'} );
+
+ if ( defined( $userInfos->{$dn}->{'displayname'} ) ) {
+ my $gecos = ${ $userInfos->{$dn}->{'displayname'} }[0];
+ $gecos =~ s/\s+\(.*$//;
+ $form->field(
+ name => 'gecos',
+ force => 1,
+ value => $gecos,
+ );
+ }
+ }
- reconnect_ldap_snmc;
- my $pwdinfos = SNET::LdapNS::pwdReset(
- $ldap_snmc->{'label'},
- $uid
- ) or die "Unable to reset password for `$uid'";
-
- synchronize_passwords(
- defined($form->field(name => 'synchronize')),
- $ldap_snmc->{'label'},
- $pwdinfos->{'value'},
- $uid
- );
-
- $session->param('error', $pwdinfos->{'error'}) if (defined($pwdinfos->{'error'}));
- if (defined($pwdinfos->{'value'})) {
- $session->param('message', "new password for `$uid': ".$pwdinfos->{'value'});
+ my $group = $form->field( name => 'group' );
+ if ( defined( $group ) && length( $group ) ) {
+ my $description = get_default_description( $options->{$group} );
+ $form->field(
+ name => 'description',
+ force => 1,
+ value => $description,
+ );
+ }
+
+ };
+ if ( $@ ) {
+ $session->param( 'error', $@ );
+ }
+
+ } elsif ( $form->submitted eq 'Add' ) {
+
+ my $entry;
+
+ eval {
+
+ die 'invalid parameters' unless $form->validate( $validate );
+
+ my $uidNumber = $form->field( name => 'uidNumber' ) || undef;
+ my $uid = $form->field( name => 'uid' );
+
+ my $posixAccounts = $session->param( 'posixAccounts' );
+ foreach my $values ( values( %{$posixAccounts} ) ) {
+ die "user `$uid' already exists" if ( $uid eq ${ $values->{'uid'} }[0] );
+ next unless defined( $uidNumber );
+ die "user id `$uidNumber' already exists" if ( $uidNumber == ${ $values->{'uidnumber'} }[0] );
+ }
+
+ my $group = $form->field( name => 'group' );
+ my $description = get_default_description( $options->{$group} );
+ $description = [] unless defined( $description );
+
+ if ( defined( $form->field( name => 'description' ) ) ) {
+ push( @{$description}, $form->field( name => 'description' ) );
+ }
+
+ my %uniq_description;
+ foreach my $desc ( @{$description} ) {
+ $uniq_description{$desc}++;
+ }
+ $description = [];
+ foreach my $desc ( keys( %uniq_description ) ) {
+ push( @{$description}, $desc ) if ( defined( $desc )
+ && length( $desc ) );
+ }
+ undef $description unless ( scalar( @{$description} ) );
+
+ print STDERR "description is defined: " . ( defined( $description ) ) . "\n";
+
+ reconnect_ldap_snmc;
+ $entry = SNET::LdapNS::addPosixAccount( $ldap_snmc->{'label'}, $form->field( name => 'IM' ),
+ $uid, $group,
+ $form->field( name => 'gecos' ),
+ $form->field( name => 'mail' ),
+ $uidNumber, $description, )
+ or die "Unable to create LDAP entry for `$uid'";
+
+ $session->clear( ['posixAccounts'] );
+
+ };
+ if ( $@ ) {
+ $session->param( 'error', $@ );
+ } else {
+
+ my @attributes = $entry->attributes( nooptions => 1 );
+ my $dn = $entry->dn;
+ my $userInfos;
+
+ eval { $userInfos = SNET::LdapNS::getPosixAccount( $ldap_snmc->{'label'}, $dn ); };
+ if ( $@ ) {
+ print STDERR "unable to fetch userInfos for `$dn': $@\n";
+ $userInfos = { $dn => {}, };
+ foreach my $attr ( @attributes ) {
+ next if ( $attr =~ m/objectclass/i );
+ next if ( $attr =~ m/shadow/i );
+ next if ( $attr =~ m/^cn|sn$/i );
+ $userInfos->{$dn}->{ lc( $attr ) } = $entry->get_value( $attr, asref => 1 );
+ }
+ } else {
+ print STDERR "looking good, fetched userInfos for `$dn'\n";
+ foreach my $attr ( @attributes ) {
+ next unless ( ( $attr =~ m/userPassword/i )
+ || ( $attr =~ m/auditinformation/i ) );
+ $userInfos->{$dn}->{ lc( $attr ) } = $entry->get_value( $attr, asref => 1 );
+ }
+ }
+
+ synchronize_add_users( $userInfos, defined( $form->field( name => 'synchronize' ) ) );
+
+ $session->param( 'message', 'user added successfully' );
+ print_ns_headers( "LdapNS add users" );
+ render_userinfos( $userInfos );
+ print_ns_footers;
+
+ }
+
+ }
+
+ $form->field(
+ name => 'group',
+ options => $options,
+ type => 'select',
+ size => getsize_multipleselect( $options ),
+ sortopts => 'NAME',
+ selectname => 0,
+ multiple => 0,
+ );
+
+ print_ns_headers( "LdapNS add users" );
+ print $form->render;
+ print_ns_footers;
+
+}
+
+sub display_adduserprofile
+{
+
+ $ADDUSERPROFILE = 1;
+
+ refresh_posixAccounts;
+ refresh_posixGroups;
+ refresh_groupOfNames;
+
+ my $options = ();
+
+ my $jsfunc = <<'EOJS';
+ // skip js validation if fetching userInfos from Net1
+ if (form._submitted_value.value.match(/^Refresh/)) {
+ var uid = form.elements['uid'].value;
+ if (uid == null) {
+ alert('Please fill uid prior to Refresh');
}
+ return true;
+ }
+EOJS
+ my $validate = {
+ IM => 'IM',
+ uid => 'UID',
+ uidNumber => 'UIDNUMBER',
+ mail => 'EMAIL',
+ gecos => 'GECOS',
+ description => 'DESCRIPTION',
+ profile => 'PROFILE',
};
- if ($@) {
- $session->param('error', $@);
- }
- else {
- print STDERR "Password resetted for `$uid'\n";
- }
- $session->clear(['reset']);
- display_blank("LdapNS reset passwords");
- }
- elsif ($form->submitted eq 'Cancel') {
- $session->param('error', 'reset operation cancelled');
- $session->clear(['reset']);
- display_blank("LdapNS reset passwords");
- }
- else {
- my $posixAccounts = $session->param('posixAccounts');
- foreach my $values (values(%{$posixAccounts})) {
- my $uid = ${$values->{'uid'}}[0];
- next if ($uid eq $session->param('user'));
- my $gecos = ${$values->{'gecos'}}[0];
- $options->{$uid} = $uid.' - '.$gecos;
- }
- $reset->{'options'} = $options;
- $session->param('reset', $reset);
- $form->tmpl_param('submit1' => 'Reset');
- }
-
- if (scalar(keys(%{$options})) == 0) {
- $session->param('error', 'Unable to fetch available posixAccounts');
- display_blank("LdapNS reset passwords");
- }
-
- $form->field(
- name => 'uid',
- options => $options,
- sortopts => 'NAME',
- linebreaks => 1,
- type => $type,
- multiple => 0,
- );
-
- if ($type eq 'select') {
+
+ my $fields = [qw(IM uid mail gecos profile)];
+
+ my $form_fields = [qw(_submitted_value IM uid uidNumber mail gecos profile bcp description)];
+
+ my $form = CGI::FormBuilder->new(
+ name => 'ldapns_adduserprofile_form',
+ header => 0,
+ stylesheet => 1,
+ styleclass => 'ldapns_fb',
+ text => 'Add user profile based',
+ fields => $form_fields,
+ template => $templatedir . '/adduserprofile.tmpl',
+ method => 'post',
+ javascript => 1,
+ jsfunc => $jsfunc,
+ validate => $validate,
+ required => $fields,
+ reset => 1,
+ );
+
+ $form->field(
+ name => 'description',
+ comment => 'optional',
+ growable => 1,
+ );
+ $form->field( name => '_submitted_value',
+ type => 'hidden', );
+ $form->field( name => 'uidNumber',
+ comment => 'optional [2000..9999]', );
+ $form->field( name => 'IM',
+ comment => 'SMT ticket number', );
+ $form->field( name => 'gecos',
+ comment => 'LASTNAME Firstname', );
$form->field(
- size => getsize_multipleselect($options),
+ name => 'bcp',
+ comment => 'Is the user belonging to the BCP team',
+ options => 'yes',
+ selected => 0,
);
- }
+ $form->field( name => 'uid',
+ comment => 'fetch Mail & Gecos', );
+
+ $options->{'Compliance'} = 'Compliance';
+ $options->{'Managment'} = 'Managment';
+ $options->{'Network'} = 'Network';
+ $options->{'Official'} = 'Official';
+ $options->{'ProjectImplementation'} = 'ProjectImplementation';
+ $options->{'ProjectManager'} = 'ProjectManager';
+ $options->{'Security'} = 'Security';
+ $options->{'ServiceDesk'} = 'ServiceDesk';
+ $options->{'SuportingService'} = 'SuportingService';
+ $options->{'TestDesignArchitect'} = 'TestDesignArchitect';
+
+ my $options_profile = ();
+ $options_profile->{'Compliance'}{'description'} = 'profile:compliance';
+ $options_profile->{'Compliance'}{'CWRO'} = 'groupOfNames';
+ $options_profile->{'Compliance'}{'PSRO'} = 'groupOfNames';
+ $options_profile->{'Compliance'}{'RPRO'} = 'groupOfNames';
+ $options_profile->{'Compliance'}{'compliance'} = 'posixGroup';
+ $options_profile->{'Compliance'}{'com'} = 'posixGroup';
+ $options_profile->{'Compliance'}{'snmc'} = 'posixGroup';
+ $options_profile->{'Compliance'}{'casusers'} = 'posixGroup';
+
+ $options_profile->{'Managment'}{'description'} = 'profile:managment';
+ $options_profile->{'Managment'}{'CWRO'} = 'groupOfNames';
+ $options_profile->{'Managment'}{'PSRO'} = 'groupOfNames';
+ $options_profile->{'Managment'}{'RPRO'} = 'groupOfNames';
+ $options_profile->{'Managment'}{'snmc'} = 'posixGroup';
+ $options_profile->{'Managment'}{'casusers'} = 'posixGroup';
+
+ $options_profile->{'Network'}{'description'} = 'profile:network';
+ $options_profile->{'Network'}{'CWRW'} = 'groupOfNames';
+ $options_profile->{'Network'}{'PSRO'} = 'groupOfNames';
+ $options_profile->{'Network'}{'RPRO'} = 'groupOfNames';
+ $options_profile->{'Network'}{'network'} = 'posixGroup';
+ $options_profile->{'Network'}{'net'} = 'posixGroup';
+ $options_profile->{'Network'}{'snmc'} = 'posixGroup';
+ $options_profile->{'Network'}{'casusers'} = 'posixGroup';
+
+ $options_profile->{'Official'}{'description'} = 'profile:official';
+ $options_profile->{'Official'}{'CWRO'} = 'groupOfNames';
+ $options_profile->{'Official'}{'PSRO'} = 'groupOfNames';
+ $options_profile->{'Official'}{'RPRO'} = 'groupOfNames';
+ $options_profile->{'Official'}{'c2nsteam'} = 'posixGroup';
+ $options_profile->{'Official'}{'officials'} = 'posixGroup';
+ $options_profile->{'Official'}{'casusers'} = 'posixGroup';
+ $options_profile->{'Official'}{'sherlock'} = 'posixGroup';
+
+ $options_profile->{'ProjectImplementation'}{'description'} = 'profile:projectimplementation';
+ $options_profile->{'ProjectImplementation'}{'CWRW'} = 'groupOfNames';
+ $options_profile->{'ProjectImplementation'}{'PSRW'} = 'groupOfNames';
+ $options_profile->{'ProjectImplementation'}{'RPRW'} = 'groupOfNames';
+ $options_profile->{'ProjectImplementation'}{'pi'} = 'posixGroup';
+ $options_profile->{'ProjectImplementation'}{'snmc'} = 'posixGroup';
+ $options_profile->{'ProjectImplementation'}{'casusers'} = 'posixGroup';
+
+ $options_profile->{'ProjectManager'}{'description'} = 'profile:projectmanager';
+ $options_profile->{'ProjectManager'}{'CWRO'} = 'groupOfNames';
+ $options_profile->{'ProjectManager'}{'PSRO'} = 'groupOfNames';
+ $options_profile->{'ProjectManager'}{'RPRO'} = 'groupOfNames';
+ $options_profile->{'ProjectManager'}{'pm'} = 'posixGroup';
+ $options_profile->{'ProjectManager'}{'project'} = 'posixGroup';
+ $options_profile->{'ProjectManager'}{'snmc'} = 'posixGroup';
+ $options_profile->{'ProjectManager'}{'casusers'} = 'posixGroup';
+
+ $options_profile->{'Security'}{'description'} = 'profile:security';
+ $options_profile->{'Security'}{'CWRW'} = 'groupOfNames';
+ $options_profile->{'Security'}{'PSRW'} = 'groupOfNames';
+ $options_profile->{'Security'}{'RPRW'} = 'groupOfNames';
+ $options_profile->{'Security'}{'droppy'} = 'groupOfNames';
+ $options_profile->{'Security'}{'bindhg'} = 'posixGroup';
+ $options_profile->{'Security'}{'logs'} = 'posixGroup';
+ $options_profile->{'Security'}{'sec'} = 'posixGroup';
+ $options_profile->{'Security'}{'security'} = 'posixGroup';
+ $options_profile->{'Security'}{'snmc'} = 'posixGroup';
+ $options_profile->{'Security'}{'casusers'} = 'posixGroup';
+
+ $options_profile->{'ServiceDesk'}{'description'} = 'profile:servicedesk';
+ $options_profile->{'ServiceDesk'}{'CWRW'} = 'groupOfNames';
+ $options_profile->{'ServiceDesk'}{'PSRW'} = 'groupOfNames';
+ $options_profile->{'ServiceDesk'}{'RPRW'} = 'groupOfNames';
+ $options_profile->{'ServiceDesk'}{'noc'} = 'posixGroup';
+ $options_profile->{'ServiceDesk'}{'snmc'} = 'posixGroup';
+ $options_profile->{'ServiceDesk'}{'casusers'} = 'posixGroup';
+
+ $options_profile->{'SupportingService'}{'description'} = 'profile:supportingservice';
+ $options_profile->{'SupportingService'}{'CWRA'} = 'groupOfNames';
+ $options_profile->{'SupportingService'}{'PSRW'} = 'groupOfNames';
+ $options_profile->{'SupportingService'}{'RPRW'} = 'groupOfNames';
+ $options_profile->{'SupportingService'}{'droppy'} = 'groupOfNames';
+ $options_profile->{'SupportingService'}{'bindhg'} = 'posixGroup';
+ $options_profile->{'SupportingService'}{'logs'} = 'posixGroup';
+ $options_profile->{'SupportingService'}{'ss'} = 'posixGroup';
+ $options_profile->{'SupportingService'}{'sup'} = 'posixGroup';
+ $options_profile->{'SupportingService'}{'vael'} = 'posixGroup';
+ $options_profile->{'SupportingService'}{'snmc'} = 'posixGroup';
+ $options_profile->{'SupportingService'}{'casusers'} = 'posixGroup';
+
+ $options_profile->{'TestDesignArchitect'}{'description'} = 'profile:testdesignarchitect';
+ $options_profile->{'TestDesignArchitect'}{'CWRW'} = 'groupOfNames';
+ $options_profile->{'TestDesignArchitect'}{'PSRW'} = 'groupOfNames';
+ $options_profile->{'TestDesignArchitect'}{'RPRW'} = 'groupOfNames';
+ $options_profile->{'TestDesignArchitect'}{'tda'} = 'posixGroup';
+ $options_profile->{'TestDesignArchitect'}{'snmc'} = 'posixGroup';
+ $options_profile->{'TestDesignArchitect'}{'casusers'} = 'posixGroup';
- print_ns_headers("LdapNS reset passwords");
- print $form->render();
- print_ns_footers;
+ $form->field(
+ name => 'profile',
+ comment => 'Select the right profile',
+ options => $options,
+ sortopts => 'NAME',
+ linebreaks => 1,
+ type => 'select',
+ multiple => 0,
+ );
-}
+ if ( $form->submitted eq 'Uid' ) {
+ eval {
-sub select_group {
+ foreach my $field ( @{$fields} ) {
+ $form->field( 'name' => $field,
+ required => 0 );
+ }
+ my $valid = 0;
+ $form->field( 'name' => 'uid', required => 1 );
+ $valid += $form->validate;
+
+ die 'invalid parameters' unless $valid;
+
+ my $uid = $form->field( name => 'uid' );
+ if ( defined( $uid ) && length( $uid ) ) {
+ my $userInfos = fetch_net1_userinfos( $uid );
+ my @keys = keys( %{$userInfos} );
+ my $dn = $keys[0];
+
+ $form->field(
+ name => 'mail',
+ force => 1,
+ value => lc( ${ $userInfos->{$dn}->{'mail'} }[0] ),
+ ) if defined( $userInfos->{$dn}->{'mail'} );
+
+ if ( defined( $userInfos->{$dn}->{'displayname'} ) ) {
+ my $gecos = ${ $userInfos->{$dn}->{'displayname'} }[0];
+ $gecos =~ s/\s+\(.*$//;
+ $form->field(
+ name => 'gecos',
+ force => 1,
+ value => $gecos,
+ );
+ }
+ }
- my $modgroup = $session->param('modgroup');
- my $objectClass = $modgroup->{'objectClass'};
- my $groups;
- my $options;
+ };
+ if ( $@ ) {
+ $session->param( 'error', $@ );
+ }
+
+ } elsif ( $form->submitted eq 'Add' ) {
- return 1 if (defined($modgroup->{'group'}));
+ my $entry;
- if ($objectClass eq 'posixGroup') {
- $groups = $session->param('posixGroups');
- }
- else {
- $groups = $session->param('groupOfNames');
- }
+ eval {
- my $addoptions = {};
- my $deloptions = {};
+ die 'invalid parameters' unless $form->validate( $validate );
- my $validate = {
- group => 'GROUP',
- };
+ my $uidNumber = $form->field( name => 'uidNumber' ) || undef;
+ my $uid = $form->field( name => 'uid' );
- my $jsfunc = <<'EOJS';
- // skip on back
- if (form._submitted_value.value == 'Previous') {
+ my $posixAccounts = $session->param( 'posixAccounts' );
+ foreach my $values ( values( %{$posixAccounts} ) ) {
+ die "user `$uid' already exists" if ( $uid eq ${ $values->{'uid'} }[0] );
+ next unless defined( $uidNumber );
+ die "user id `$uidNumber' already exists" if ( $uidNumber == ${ $values->{'uidnumber'} }[0] );
+ }
+
+ my $profile = $form->field( name => 'profile' );
+ my $group = 'snmc';
+ my $group_id = 3500;
+ if ( $options->{$profile} eq 'Official' ) {
+ $group = 'officials';
+ $group_id = 3800;
+ }
+ my $description;
+ $description = [] unless defined( $description );
+
+ push( @{$description}, 'profile:' . $options->{$profile} );
+
+ if ( defined( $form->field( name => 'description' ) ) ) {
+ push( @{$description}, $form->field( name => 'description' ) );
+ }
+
+ my %uniq_description;
+ foreach my $desc ( @{$description} ) {
+ $uniq_description{$desc}++;
+ }
+ $description = [];
+ foreach my $desc ( keys( %uniq_description ) ) {
+ push( @{$description}, $desc ) if ( defined( $desc )
+ && length( $desc ) );
+ }
+ undef $description unless ( scalar( @{$description} ) );
+
+ print STDERR "description is defined: " . ( defined( $description ) ) . "\n";
+
+ reconnect_ldap_snmc;
+ $entry = SNET::LdapNS::addPosixAccount( $ldap_snmc->{'label'}, $form->field( name => 'IM' ),
+ $uid, $group_id,
+ $form->field( name => 'gecos' ),
+ $form->field( name => 'mail' ),
+ $uidNumber, $description, )
+ or die "Unable to create LDAP entry for `$uid'";
+
+ $session->clear( ['posixAccounts'] );
+
+ };
+ if ( $@ ) {
+ $session->param( 'error', $@ );
+ } else {
+
+ my @attributes = $entry->attributes( nooptions => 1 );
+ my $dn = $entry->dn;
+ my $userInfos;
+
+ eval { $userInfos = SNET::LdapNS::getPosixAccount( $ldap_snmc->{'label'}, $dn ); };
+ if ( $@ ) {
+ print STDERR "unable to fetch userInfos for `$dn': $@\n";
+ $userInfos = { $dn => {}, };
+ foreach my $attr ( @attributes ) {
+ next if ( $attr =~ m/objectclass/i );
+ next if ( $attr =~ m/shadow/i );
+ next if ( $attr =~ m/^cn|sn$/i );
+ $userInfos->{$dn}->{ lc( $attr ) } = $entry->get_value( $attr, asref => 1 );
+ }
+ } else {
+ print STDERR "looking good, fetched userInfos for `$dn'\n";
+ foreach my $attr ( @attributes ) {
+ next unless ( ( $attr =~ m/userPassword/i )
+ || ( $attr =~ m/auditinformation/i ) );
+ $userInfos->{$dn}->{ lc( $attr ) } = $entry->get_value( $attr, asref => 1 );
+ }
+ }
+
+ synchronize_add_users( $userInfos, defined( $form->field( name => 'synchronize' ) ) );
+
+ $session->param( 'message', 'user added successfully' );
+ print_ns_headers( "LdapNS add users" );
+ render_userinfos( $userInfos );
+
+ # user parameters
+
+ # TODO add profile to the group
+
+ undef $entry;
+
+ my $addoptions = {};
+
+ my $profile = $form->field( name => 'profile' );
+ my $IM = $form->field( name => 'IM' );
+ my $objectClass = '';
+
+ if ( defined( $form->field( name => 'audit' ) ) ) {
+ print Dumper ( $form->field( name => 'audit' ) );
+ $options_profile->{$profile}{'bcp'} = 'posixGroup';
+ }
+
+ foreach my $group ( keys %{ $options_profile->{$profile} } ) {
+
+ next if ( $group eq 'description' );
+ $objectClass = $options_profile->{$profile}{$group};
+ print STDERR "Searching the $objectClass group '$group' existance.\n";
+ print STDERR Dumper( $session->param( 'posixGroups' ) );
+ print STDERR Dumper( $session->param( 'groupOfNames' ) );
+
+ my $notfound = 1;
+ if ( $objectClass eq 'posixGroup' ) {
+ foreach my $values ( values( %{ $session->param( 'posixGroups' ) } ) ) {
+ if ( ${ $values->{'cn'} }[0] eq $group ) {
+ $notfound = 0;
+ last;
+ }
+ }
+
+ } else {
+
+ foreach my $values ( values( %{ $session->param( 'groupOfNames' ) } ) ) {
+ if ( ${ $values->{'cn'} }[0] eq $group ) {
+ $notfound = 0;
+ last;
+ }
+ }
+
+ }
+ if ( $notfound ) {
+ print STDERR "The $objectClass group '$group' doesnot exist, skipping.\n";
+ next;
+ }
+
+ eval {
+
+ my @to_add = keys( %{$addoptions} );
+
+ my $add_function;
+ my $get_function;
+
+ if ( $objectClass eq 'posixGroup' ) {
+ $add_function = \&SNET::LdapNS::addToPosixGroup;
+ $get_function = \&SNET::LdapNS::getPosixGroup;
+ } else {
+ $add_function = \&SNET::LdapNS::addToGroupOfNames;
+ $get_function = \&SNET::LdapNS::getGroupOfNames;
+ }
+
+ reconnect_ldap_snmc;
+
+ if ( scalar( @to_add ) ) {
+ &{$add_function}( $ldap_snmc->{'label'}, $IM, $group, \@to_add ) or die SNET::LdapNS::error( $ldap_snmc->{'label'} );
+ }
+
+ $session->param( 'message', 'group modification successful' );
+ $entry = &{$get_function}( $ldap_snmc->{'label'}, $group, );
+
+ };
+ if ( $@ ) {
+ $session->param( 'error', $@ );
+ }
+ if ( defined( $entry ) ) {
+ render_groupinfos( $entry );
+ }
+
+ }
+
+ }
+ }
+
+ print_ns_headers( "LdapNS add users" );
+ print $form->render;
+ print_ns_footers;
+
+}
+
+sub display_deluser
+{
+
+ $DELUSER = 1;
+
+ refresh_posixAccounts;
+
+ my $options = {};
+ my $deluser = $session->param( 'deluser' );
+ my $type = 'select';
+
+ my $jsfunc = <<'EOJS';
+ // skip on Cancel
+ if (form._submitted_value.value == 'Cancel') {
return true;
}
EOJS
- my $form = CGI::FormBuilder->new(
- name => 'ldapns_selectgroup_form',
- header => 0,
- stylesheet => 1,
- styleclass => 'ldapns_fb',
- text => "Select group",
- fields => [qw(group)],
- template => $templatedir.'/selectgroup.tmpl',
- submit => [qw(Previous Next)],
- method => 'post',
- selectname => 0,
- javascript => 1,
- jsfunc => $jsfunc,
- required => 'ALL',
- validate => $validate,
- );
-
- if ($form->submitted eq 'Previous') {
- $session->clear(['modgroup']);
- redirect('?tab=groups&action=modgroup');
- }
-
- foreach my $values (values(%{$groups})) {
- my $cn = ${$values->{'cn'}}[0];
- $options->{$cn} = $cn;
- }
-
- if (scalar(keys(%{$options})) == 0) {
- $session->clear(['modgroup']);
- $session->param('error', 'Unable to fetch available groups');
- redirect('?tab=groups&action=addgroup');
- }
-
- $form->field(
- name => 'group',
- options => $options,
- sortopts => 'NAME',
- type => 'select',
- size => getsize_multipleselect($options),
- multiple => 0,
- );
-
- if ($form->submitted eq 'Next') {
+ my $validate = {
+ IM => 'IM',
+ uid => 'UID',
+ };
- eval {
+ my $form_fields = [qw(_submitted_value IM uid)];
+ push( @{$form_fields}, 'synchronize' ) if ( $mod_synchro );
+
+ my $form = CGI::FormBuilder->new(
+ name => 'ldapns_deluser_form',
+ header => 0,
+ stylesheet => 1,
+ styleclass => 'ldapns_fb',
+ text => 'Delete user',
+ fields => $form_fields,
+ template => $templatedir . '/deluser.tmpl',
+ method => 'post',
+ required => [qw(IM uid)],
+ javascript => 1,
+ sticky => 1,
+ selectname => 0,
+ jsfunc => $jsfunc,
+ validate => $validate,
+ );
- die 'invalid parameters' unless $form->validate(
- $validate
- );
+ if ( $mod_synchro ) {
+ $form->field(
+ name => 'synchronize',
+ type => 'checkbox',
+ comment => 'Synchronize with old LDAP database?',
+ options => 'yes',
+ );
+ $form->field(
+ name => 'synchronize',
+ value => 'yes'
+ ) unless ( $form->submitted );
+ }
+ $form->tmpl_param( 'mod_synchro' => $mod_synchro );
- my $posixAccounts = $session->param('posixAccounts');
- my $cn = $form->field(name => 'group');
- my $member_attr;
- my $group;
+ $form->field( name => '_submitted_value',
+ type => 'hidden', );
+ $form->field( name => 'IM',
+ comment => 'SMT ticket number', );
- reconnect_ldap_snmc;
- if ($objectClass eq 'posixGroup') {
- $group = SNET::LdapNS::getPosixGroup(
- $ldap_snmc->{'label'},
- $cn
- );
- $member_attr = 'memberuid';
- }
- else {
- $group = SNET::LdapNS::getGroupOfNames(
- $ldap_snmc->{'label'},
- $cn
- );
- $member_attr = 'member';
- }
- die 'invalid group' unless (keys(%{$group}) == 1);
+ if ( $form->submitted eq 'Delete' ) {
- my @keys = keys(%{$group});
- my $group_dn = shift(@keys);
+ eval {
- while (my ($dn, $attrs) = each(%{$posixAccounts})) {
- my $uid = ${$attrs->{'uid'}}[0];
- my $gecos = ${$attrs->{'gecos'}}[0];
- if ($member_attr eq 'memberuid') {
- $addoptions->{$uid} = $uid.' - '.$gecos;
- }
- else {
- $addoptions->{lc($dn)} = $uid.' - '.$gecos;
+ die 'invalid parameters' unless $form->validate( $validate );
+ my @uids = $form->field( name => 'uid' );
+ die 'You must select a single user' unless ( scalar( @uids ) == 1 );
+
+ $deluser->{'IM'} = $form->field( name => 'IM' );
+ foreach my $uid ( @uids ) {
+ $options->{$uid} = $deluser->{'options'}->{$uid}
+ or die "invalid uid `$uid'";
+ }
+ $deluser->{'options'} = $options;
+ $session->param( 'deluser', $deluser );
+
+ };
+ if ( $@ ) {
+ $session->param( 'error', $@ );
+ display_blank( "LdapNS delete users" );
}
- }
- foreach my $member (@{$group->{$group_dn}->{$member_attr}}) {
- $member = lc($member) if ($member_attr eq 'member');
- my $userinfos = $addoptions->{$member};
- if (defined($userinfos)) {
- delete($addoptions->{$member});
- $deloptions->{$member} = $userinfos;
+ $type = 'checkbox';
+ $form->field( name => 'uid', disabled => 1 );
+ $form->field( name => 'IM', disabled => 1 );
+
+ $form->tmpl_param( 'submit1' => 'Confirm' );
+ $form->tmpl_param( 'submit2' => 1 );
+ $form->tmpl_param( 'submit2_value' => 'Cancel' );
+
+ } elsif ( $form->submitted eq 'Confirm' ) {
+ my $deluser = $session->param( 'deluser' );
+ my @uids = keys( %{ $deluser->{'options'} } );
+ my $IM = $deluser->{'IM'};
+ my @deleted_uid;
+ my $uid;
+ eval {
+ reconnect_ldap_snmc;
+ foreach $uid ( @uids ) {
+ SNET::LdapNS::deletePosixAccount( $ldap_snmc->{'label'}, $IM, $uid );
+ push( @deleted_uid, $uid );
+ synchronize_del_users( $uid, defined( $form->field( name => 'synchronize' ) ) );
+ }
+ };
+ if ( $@ ) {
+ $session->param( 'error', $@ );
}
- else{
- $deloptions->{$member} = $member;
+ if ( scalar( @deleted_uid ) ) {
+ print STDERR 'Successful deletion of ' . join( ', ', @deleted_uid ) . "\n";
+ $session->param( 'message', 'Successful deletion of ' . join( ', ', @deleted_uid ) );
+ $session->clear( ['posixAccounts'] );
}
- }
+ $session->clear( ['deluser'] );
+ display_blank( "LdapNS delete users" );
+ } elsif ( $form->submitted eq 'Cancel' ) {
+ $session->param( 'error', 'delete operation cancelled' );
+ $session->clear( ['deluser'] );
+ display_blank( "LdapNS delete users" );
+ } else {
+ my $posixAccounts = $session->param( 'posixAccounts' );
+ foreach my $values ( values( %{$posixAccounts} ) ) {
+ my $uid = ${ $values->{'uid'} }[0];
+ next if ( $uid eq $session->param( 'user' ) );
+ my $gecos = ${ $values->{'gecos'} }[0];
+ $options->{$uid} = $uid . ' - ' . $gecos;
+ }
+ $deluser->{'options'} = $options;
+ $session->param( 'deluser', $deluser );
+ $form->tmpl_param( 'submit1' => 'Delete' );
+ }
- $modgroup->{'addoptions'} = $addoptions;
- $modgroup->{'deloptions'} = $deloptions;
- $modgroup->{'group'} = $cn;
+ if ( scalar( keys( %{$options} ) ) == 0 ) {
+ $session->param( 'error', 'Unable to fetch available posixAccounts' );
+ display_blank( "LdapNS delete users" );
+ }
- };
- if ($@) {
- $session->param('error', $@);
- display_blank("LdapNS modify groups");
+ $form->field(
+ name => 'uid',
+ options => $options,
+ sortopts => 'NAME',
+ linebreaks => 1,
+ type => $type,
+ multiple => 0,
+ );
+
+ if ( $type eq 'select' ) {
+ $form->field( size => getsize_multipleselect( $options ), );
}
- $session->param('modgroup', $modgroup);
- return 1;
- }
+ print_ns_headers( "LdapNS delete users" );
+ print $form->render();
+ print_ns_footers;
- print_ns_headers("LdapNS modify groups");
- print $form->render;
- print_ns_footers;
+}
+sub display_moduser
+{
+ $MODUSER = 1;
+ $session->param( 'error', 'Not yet implemented' );
+ display_blank( "LdapNS modify users" );
}
-sub select_group_objectclass($) {
-
- my $title = shift;
- my $sessionparam = $session->param('action');
-
- if (
- ($sessionparam ne 'addgroup')
- &&
- ($sessionparam ne 'delgroup')
- &&
- ($sessionparam ne 'modgroup')
- ) {
- $session->param('error', "invalid action $sessionparam");
- redirect_homepage;
- }
-
- if (defined($session->param($sessionparam))) {
-
- my $objectClass = $session->param($sessionparam)->{'objectClass'};
- if ($objectClass eq 'posixGroup') {
- refresh_posixGroups;
- }
- else {
- refresh_groupOfNames;
- }
- return -1;
- }
-
- my $validate = {
- IM => 'IM',
- objectClass => 'GROUPCLASS',
- };
-
- my $form = CGI::FormBuilder->new(
- name => 'ldapns_selectgroupclass_form',
- header => 0,
- stylesheet => 1,
- styleclass => 'ldapns_fb',
- text => 'select group type',
- fields => [qw(IM objectClass)],
- template => $templatedir.'/selectgroupclass.tmpl',
- method => 'post',
- submit => 'Select',
- javascript => 1,
- required => 'ALL',
- validate => $validate,
- );
- $form->field(
- name => 'objectClass',
- options => {
- 'posixGroup' => 'posixGroups',
- 'groupOfNames' => 'groupOfNames'
- },
- linebreaks => 1,
- comment => 'posixGroups or groupOfNames',
- multiple => 0,
- );
- $form->field(
- name => 'IM',
- comment => 'SMT ticket number',
- );
-
- if ($form->submitted eq 'Select') {
-
- my $IM = $form->field(name => 'IM');
- my $objectClass = ($form->field(name => 'objectClass') eq 'posixGroup') ? 'posixGroup' : 'groupOfNames';
+sub display_reset
+{
- eval {
- die 'invalid parameters' unless $form->validate($validate);
- $session->param($sessionparam,
- {
- IM => $IM,
- objectClass => $objectClass,
- }
- );
- };
- if ($@) {
- $session->param('error', $@);
- display_blank($title);
+ $RESET = 1;
+
+ refresh_posixAccounts;
+
+ my $options = {};
+ my $reset = $session->param( 'reset' );
+ my $type = 'select';
+
+ my $jsfunc = <<'EOJS';
+ // skip on Cancel
+ if (form._submitted_value.value == 'Cancel') {
+ return true;
}
+EOJS
+
+ my $validate = { uid => 'UID', };
+
+ my $form_fields = [qw(_submitted_value uid)];
+ push( @{$form_fields}, 'synchronize' ) if ( $mod_synchro );
+
+ my $form = CGI::FormBuilder->new(
+ name => 'ldapns_reset_form',
+ header => 0,
+ stylesheet => 1,
+ styleclass => 'ldapns_fb',
+ text => 'Reset password',
+ fields => $form_fields,
+ template => $templatedir . '/reset.tmpl',
+ method => 'post',
+ required => [qw(uid)],
+ javascript => 1,
+ selectname => 0,
+ jsfunc => $jsfunc,
+ validate => $validate,
+ );
+
+ if ( $mod_synchro ) {
+ $form->field(
+ name => 'synchronize',
+ type => 'checkbox',
+ comment => 'Synchronize with old LDAP database?',
+ options => 'yes',
+ );
+ $form->field(
+ name => 'synchronize',
+ value => 'yes'
+ ) unless ( $form->submitted );
+ }
+ $form->tmpl_param( 'mod_synchro' => $mod_synchro );
+
+ $form->field( name => '_submitted_value',
+ type => 'hidden', );
+
+ if ( $form->submitted eq 'Reset' ) {
+ eval {
+
+ die 'invalid parameters' unless $form->validate( $validate );
+ my @uids = $form->field( name => 'uid' );
+ die 'You must select a single user' unless ( scalar( @uids ) == 1 );
+
+ my $uid = shift( @uids );
+ $options->{$uid} = $reset->{'options'}->{$uid}
+ or die "invalid uid `$uid'";
+
+ $reset->{'options'} = $options;
+ $session->param( 'reset', $reset );
+
+ };
+ if ( $@ ) {
+ $session->param( 'error', $@ );
+ display_blank( "LdapNS reset passwords" );
+ }
+
+ $type = 'checkbox';
+ $form->field( name => 'uid', disabled => 1 );
+
+ $form->tmpl_param( 'submit1' => 'Confirm' );
+ $form->tmpl_param( 'submit2' => 1 );
+ $form->tmpl_param( 'submit2_value' => 'Cancel' );
+
+ } elsif ( $form->submitted eq 'Confirm' ) {
+ my $reset = $session->param( 'reset' );
+ my @uids = keys( %{ $reset->{'options'} } );
+ my $uid = shift( @uids );
+ eval {
- if ($objectClass eq 'posixGroup') {
- refresh_posixGroups;
+ reconnect_ldap_snmc;
+ my $pwdinfos = SNET::LdapNS::pwdReset( $ldap_snmc->{'label'}, $uid ) or die "Unable to reset password for `$uid'";
+
+ synchronize_passwords( defined( $form->field( name => 'synchronize' ) ), $ldap_snmc->{'label'}, $pwdinfos->{'value'}, $uid );
+
+ $session->param( 'error', $pwdinfos->{'error'} ) if ( defined( $pwdinfos->{'error'} ) );
+ if ( defined( $pwdinfos->{'value'} ) ) {
+ $session->param( 'message', "new password for `$uid': " . $pwdinfos->{'value'} );
+ }
+
+ };
+ if ( $@ ) {
+ $session->param( 'error', $@ );
+ } else {
+ print STDERR "Password resetted for `$uid'\n";
+ }
+ $session->clear( ['reset'] );
+ display_blank( "LdapNS reset passwords" );
+ } elsif ( $form->submitted eq 'Cancel' ) {
+ $session->param( 'error', 'reset operation cancelled' );
+ $session->clear( ['reset'] );
+ display_blank( "LdapNS reset passwords" );
+ } else {
+ my $posixAccounts = $session->param( 'posixAccounts' );
+ foreach my $values ( values( %{$posixAccounts} ) ) {
+ my $uid = ${ $values->{'uid'} }[0];
+ next if ( $uid eq $session->param( 'user' ) );
+ my $gecos = ${ $values->{'gecos'} }[0];
+ $options->{$uid} = $uid . ' - ' . $gecos;
+ }
+ $reset->{'options'} = $options;
+ $session->param( 'reset', $reset );
+ $form->tmpl_param( 'submit1' => 'Reset' );
}
- else {
- refresh_groupOfNames;
+
+ if ( scalar( keys( %{$options} ) ) == 0 ) {
+ $session->param( 'error', 'Unable to fetch available posixAccounts' );
+ display_blank( "LdapNS reset passwords" );
}
- return 1;
+ $form->field(
+ name => 'uid',
+ options => $options,
+ sortopts => 'NAME',
+ linebreaks => 1,
+ type => $type,
+ multiple => 0,
+ );
- }
+ if ( $type eq 'select' ) {
+ $form->field( size => getsize_multipleselect( $options ), );
+ }
- print_ns_headers($title);
- print $form->render;
- print_ns_footers;
+ print_ns_headers( "LdapNS reset passwords" );
+ print $form->render();
+ print_ns_footers;
}
-sub display_groupinfos {
+sub select_group
+{
- $GROUPINFOS = 1;
+ my $modgroup = $session->param( 'modgroup' );
+ my $objectClass = $modgroup->{'objectClass'};
+ my $groups;
+ my $options;
- refresh_posixGroups;
- refresh_groupOfNames;
+ return 1 if ( defined( $modgroup->{'group'} ) );
- my $groupInfos;
- my $options = [];
+ if ( $objectClass eq 'posixGroup' ) {
+ $groups = $session->param( 'posixGroups' );
+ } else {
+ $groups = $session->param( 'groupOfNames' );
+ }
- my $validate = {
- group => 'GROUP',
- };
+ my $addoptions = {};
+ my $deloptions = {};
- my $form = CGI::FormBuilder->new(
- name => 'ldapns_groupinfos_form',
- header => 0,
- stylesheet => 1,
- styleclass => 'ldapns_fb',
- text => 'Display group',
- fields => [qw(group audit)],
- template => $templatedir.'/selectgroup.tmpl',
- method => 'post',
- javascript => 1,
- validate => $validate,
- required => 'group',
- submit => 'Display',
- );
+ my $validate = { group => 'GROUP', };
- $form->tmpl_param("audit" => 1);
+ my $jsfunc = <<'EOJS';
+ // skip on back
+ if (form._submitted_value.value == 'Previous') {
+ return true;
+ }
+EOJS
- my $groupClass = {};
+ my $form = CGI::FormBuilder->new(
+ name => 'ldapns_selectgroup_form',
+ header => 0,
+ stylesheet => 1,
+ styleclass => 'ldapns_fb',
+ text => "Select group",
+ fields => [qw(group)],
+ template => $templatedir . '/selectgroup.tmpl',
+ submit => [qw(Previous Next)],
+ method => 'post',
+ selectname => 0,
+ javascript => 1,
+ jsfunc => $jsfunc,
+ required => 'ALL',
+ validate => $validate,
+ );
- foreach my $values (values(%{$session->param('groupOfNames')})) {
- my $cn = ${$values->{'cn'}}[0];
- $groupClass->{$cn} = 'groupOfNames';
- }
+ if ( $form->submitted eq 'Previous' ) {
+ $session->clear( ['modgroup'] );
+ redirect( '?tab=groups&action=modgroup' );
+ }
- foreach my $k (sort(keys(%{$groupClass}))) {
- push (@{$options}, [$k, $k, $groupClass->{$k}]);
- }
+ foreach my $values ( values( %{$groups} ) ) {
+ my $cn = ${ $values->{'cn'} }[0];
+ $options->{$cn} = $cn;
+ }
- foreach my $values (values(%{$session->param('posixGroups')})) {
- my $cn = ${$values->{'cn'}}[0];
- $groupClass->{$cn} = 'posixGroup';
- }
+ if ( scalar( keys( %{$options} ) ) == 0 ) {
+ $session->clear( ['modgroup'] );
+ $session->param( 'error', 'Unable to fetch available groups' );
+ redirect( '?tab=groups&action=addgroup' );
+ }
- foreach my $k (sort(keys(%{$groupClass}))) {
- push (@{$options}, [$k, $k, $groupClass->{$k}]) unless (
- $groupClass->{$k} eq 'groupOfNames'
+ $form->field(
+ name => 'group',
+ options => $options,
+ sortopts => 'NAME',
+ type => 'select',
+ size => getsize_multipleselect( $options ),
+ multiple => 0,
);
- }
- if ($form->submitted eq 'Display') {
- eval {
- die "invalid parameters" unless $form->validate($validate);
- my @groups = $form->field(name => 'group');
- die 'You must select at least one group' unless (scalar(@groups) > 0);
-
- map { die "invalid group `$_'" unless defined($groupClass->{$_}) } @groups;
-
- reconnect_ldap_snmc;
-
- foreach my $group (@groups) {
- my $infos;
- my $class;
- if ($groupClass->{$group} eq 'posixGroup') {
- $infos = SNET::LdapNS::getPosixGroup(
- $ldap_snmc->{'label'},
- $group
- );
- $class = ['posixGroup'];
- }
- else {
- $infos = SNET::LdapNS::getGroupOfNames(
- $ldap_snmc->{'label'},
- $group
- );
- $class = ['groupOfNames'];
- }
- while (my ($k, $v) = each (%{$infos})) {
- $v->{'objectClass'} = $class;
- $groupInfos->{$k} = $v;
+ if ( $form->submitted eq 'Next' ) {
+
+ eval {
+
+ die 'invalid parameters' unless $form->validate( $validate );
+
+ my $posixAccounts = $session->param( 'posixAccounts' );
+ my $cn = $form->field( name => 'group' );
+ my $member_attr;
+ my $group;
+
+ reconnect_ldap_snmc;
+ if ( $objectClass eq 'posixGroup' ) {
+ $group = SNET::LdapNS::getPosixGroup( $ldap_snmc->{'label'}, $cn );
+ $member_attr = 'memberuid';
+ } else {
+ $group = SNET::LdapNS::getGroupOfNames( $ldap_snmc->{'label'}, $cn );
+ $member_attr = 'member';
+ }
+ die 'invalid group' unless ( keys( %{$group} ) == 1 );
+
+ my @keys = keys( %{$group} );
+ my $group_dn = shift( @keys );
+
+ while ( my ( $dn, $attrs ) = each( %{$posixAccounts} ) ) {
+ my $uid = ${ $attrs->{'uid'} }[0];
+ my $gecos = ${ $attrs->{'gecos'} }[0];
+ if ( $member_attr eq 'memberuid' ) {
+ $addoptions->{$uid} = $uid . ' - ' . $gecos;
+ } else {
+ $addoptions->{ lc( $dn ) } = $uid . ' - ' . $gecos;
+ }
+ }
+
+ foreach my $member ( @{ $group->{$group_dn}->{$member_attr} } ) {
+ $member = lc( $member ) if ( $member_attr eq 'member' );
+ my $userinfos = $addoptions->{$member};
+ if ( defined( $userinfos ) ) {
+ delete( $addoptions->{$member} );
+ $deloptions->{$member} = $userinfos;
+ } else {
+ $deloptions->{$member} = $member;
+ }
+ }
+
+ $modgroup->{'addoptions'} = $addoptions;
+ $modgroup->{'deloptions'} = $deloptions;
+ $modgroup->{'group'} = $cn;
+
+ };
+ if ( $@ ) {
+ $session->param( 'error', $@ );
+ display_blank( "LdapNS modify groups" );
}
- }
+ $session->param( 'modgroup', $modgroup );
+ return 1;
+
+ }
+
+ print_ns_headers( "LdapNS modify groups" );
+ print $form->render;
+ print_ns_footers;
+}
+
+sub select_group_objectclass($)
+{
+
+ my $title = shift;
+ my $sessionparam = $session->param( 'action' );
+
+ if ( ( $sessionparam ne 'addgroup' )
+ && ( $sessionparam ne 'delgroup' )
+ && ( $sessionparam ne 'modgroup' ) ) {
+ $session->param( 'error', "invalid action $sessionparam" );
+ redirect_homepage;
+ }
+
+ if ( defined( $session->param( $sessionparam ) ) ) {
+
+ my $objectClass = $session->param( $sessionparam )->{'objectClass'};
+ if ( $objectClass eq 'posixGroup' ) {
+ refresh_posixGroups;
+ } else {
+ refresh_groupOfNames;
+ }
+ return -1;
+ }
+
+ my $validate = {
+ IM => 'IM',
+ objectClass => 'GROUPCLASS',
};
- if ($@) {
- $session->param('error', $@);
- undef $groupInfos;
- }
- }
-
- $form->field(
- name => 'audit',
- type => 'checkbox',
- options => 'yes',
- comment => 'Display auditInformation?',
- selected => 0,
- );
-
- $form->field(
- name => 'group',
- options => $options,
- optgroups => 1,
- type => 'select',
- size => getsize_multipleselect($options),
- multiple => 1,
- );
-
- my $audit = (
- defined($form->field(name => 'audit'))
- );
-
- print_ns_headers("LdapNS display groups");
- print $form->render;
- render_groupinfos($groupInfos, $audit) if defined($groupInfos);
- print_ns_footers;
+
+ my $form = CGI::FormBuilder->new(
+ name => 'ldapns_selectgroupclass_form',
+ header => 0,
+ stylesheet => 1,
+ styleclass => 'ldapns_fb',
+ text => 'select group type',
+ fields => [qw(IM objectClass)],
+ template => $templatedir . '/selectgroupclass.tmpl',
+ method => 'post',
+ submit => 'Select',
+ javascript => 1,
+ required => 'ALL',
+ validate => $validate,
+ );
+ $form->field(
+ name => 'objectClass',
+ options => {
+ 'posixGroup' => 'posixGroups',
+ 'groupOfNames' => 'groupOfNames'
+ },
+ linebreaks => 1,
+ comment => 'posixGroups or groupOfNames',
+ multiple => 0,
+ );
+ $form->field( name => 'IM',
+ comment => 'SMT ticket number', );
+
+ if ( $form->submitted eq 'Select' ) {
+
+ my $IM = $form->field( name => 'IM' );
+ my $objectClass = ( $form->field( name => 'objectClass' ) eq 'posixGroup' ) ? 'posixGroup' : 'groupOfNames';
+
+ eval {
+ die 'invalid parameters' unless $form->validate( $validate );
+ $session->param(
+ $sessionparam,
+ {
+ IM => $IM,
+ objectClass => $objectClass,
+ }
+ );
+ };
+ if ( $@ ) {
+ $session->param( 'error', $@ );
+ display_blank( $title );
+ }
+
+ if ( $objectClass eq 'posixGroup' ) {
+ refresh_posixGroups;
+ } else {
+ refresh_groupOfNames;
+ }
+
+ return 1;
+
+ }
+
+ print_ns_headers( $title );
+ print $form->render;
+ print_ns_footers;
}
-sub display_addgroup {
+sub display_groupinfos
+{
- $ADDGROUP = 1;
- select_group_objectclass("LdapNS add groups");
+ $GROUPINFOS = 1;
- my $addgroup = $session->param('addgroup');
- my $objectClass = $addgroup->{'objectClass'};
- my $IM = $addgroup->{'IM'};
- my $groups;
- my $options = {};
+ refresh_posixGroups;
+ refresh_groupOfNames;
- if ($objectClass eq 'posixGroup') {
- $groups = $session->param('posixGroups');
- }
- else {
- $groups = $session->param('groupOfNames');
- refresh_posixAccounts;
- }
+ my $groupInfos;
+ my $options = [];
+
+ my $validate = { group => 'GROUP', };
+
+ my $form = CGI::FormBuilder->new(
+ name => 'ldapns_groupinfos_form',
+ header => 0,
+ stylesheet => 1,
+ styleclass => 'ldapns_fb',
+ text => 'Display group',
+ fields => [qw(group audit)],
+ template => $templatedir . '/selectgroup.tmpl',
+ method => 'post',
+ javascript => 1,
+ validate => $validate,
+ required => 'group',
+ submit => 'Display',
+ );
+
+ $form->tmpl_param( "audit" => 1 );
+
+ my $groupClass = {};
+
+ foreach my $values ( values( %{ $session->param( 'groupOfNames' ) } ) ) {
+ my $cn = ${ $values->{'cn'} }[0];
+ $groupClass->{$cn} = 'groupOfNames';
+ }
+
+ foreach my $k ( sort( keys( %{$groupClass} ) ) ) {
+ push( @{$options}, [ $k, $k, $groupClass->{$k} ] );
+ }
+
+ foreach my $values ( values( %{ $session->param( 'posixGroups' ) } ) ) {
+ my $cn = ${ $values->{'cn'} }[0];
+ $groupClass->{$cn} = 'posixGroup';
+ }
+
+ foreach my $k ( sort( keys( %{$groupClass} ) ) ) {
+ push( @{$options}, [ $k, $k, $groupClass->{$k} ] ) unless ( $groupClass->{$k} eq 'groupOfNames' );
+ }
+
+ if ( $form->submitted eq 'Display' ) {
+ eval {
+ die "invalid parameters" unless $form->validate( $validate );
+ my @groups = $form->field( name => 'group' );
+ die 'You must select at least one group' unless ( scalar( @groups ) > 0 );
+
+ map { die "invalid group `$_'" unless defined( $groupClass->{$_} ) } @groups;
+
+ reconnect_ldap_snmc;
+
+ foreach my $group ( @groups ) {
+ my $infos;
+ my $class;
+ if ( $groupClass->{$group} eq 'posixGroup' ) {
+ $infos = SNET::LdapNS::getPosixGroup( $ldap_snmc->{'label'}, $group );
+ $class = ['posixGroup'];
+ } else {
+ $infos = SNET::LdapNS::getGroupOfNames( $ldap_snmc->{'label'}, $group );
+ $class = ['groupOfNames'];
+ }
+ while ( my ( $k, $v ) = each( %{$infos} ) ) {
+ $v->{'objectClass'} = $class;
+ $groupInfos->{$k} = $v;
+ }
+ }
+
+ };
+ if ( $@ ) {
+ $session->param( 'error', $@ );
+ undef $groupInfos;
+ }
+ }
- my $jsfunc = <<'EOJS';
+ $form->field(
+ name => 'audit',
+ type => 'checkbox',
+ options => 'yes',
+ comment => 'Display auditInformation?',
+ selected => 0,
+ );
+
+ $form->field(
+ name => 'group',
+ options => $options,
+ optgroups => 1,
+ type => 'select',
+ size => getsize_multipleselect( $options ),
+ multiple => 1,
+ );
+
+ my $audit = ( defined( $form->field( name => 'audit' ) ) );
+
+ print_ns_headers( "LdapNS display groups" );
+ print $form->render;
+ render_groupinfos( $groupInfos, $audit ) if defined( $groupInfos );
+ print_ns_footers;
+
+}
+
+sub display_addgroup
+{
+
+ $ADDGROUP = 1;
+ select_group_objectclass( "LdapNS add groups" );
+
+ my $addgroup = $session->param( 'addgroup' );
+ my $objectClass = $addgroup->{'objectClass'};
+ my $IM = $addgroup->{'IM'};
+ my $groups;
+ my $options = {};
+
+ if ( $objectClass eq 'posixGroup' ) {
+ $groups = $session->param( 'posixGroups' );
+ } else {
+ $groups = $session->param( 'groupOfNames' );
+ refresh_posixAccounts;
+ }
+
+ my $jsfunc = <<'EOJS';
// skip on back
if (form._submitted_value.value == 'Back') {
return true;
}
EOJS
- my $fields = [qw(_submitted_value IM objectClass group)];
- my @required;
- push(@required, @{$fields});
-
- my $validate = {
- IM => 'IM',
- group => 'GROUP',
- };
- if ($objectClass eq 'posixGroup') {
- push(@{$fields}, 'gidNumber');
- $validate->{'gidNumber'} = 'GIDNUMBER';
- }
- else {
- push(@{$fields}, 'member');
- push(@required, 'member');
- $validate->{'member'} = 'USERDN';
- }
-
- my $form = CGI::FormBuilder->new(
- name => 'ldapns_addgroup_form',
- header => 0,
- stylesheet => 1,
- styleclass => 'ldapns_fb',
- text => "Add $objectClass",
- fields => $fields,
- template => $templatedir.'/addgroup.tmpl',
- method => 'post',
- javascript => 1,
- jsfunc => $jsfunc,
- required => \@required,
- validate => $validate,
- );
-
- if ($form->submitted eq 'Back') {
- $session->clear(['addgroup']);
- redirect('?tab=groups&action=addgroup');
- }
-
- $form->field(
- name => 'IM',
- value => $IM,
- label => 'IM',
- comment => 'SMT ticket number',
- disabled => 1,
- );
- $form->field(
- name => 'objectClass',
- value => $objectClass,
- label => 'objectClass',
- comment => 'posixGroups or groupOfNames',
- disabled => 1,
- );
- $form->field(
- name => '_submitted_value',
- type => 'hidden',
- );
- $form->field(
- name => 'gidNumber',
- comment => 'optional [2000..9999]',
- );
- $form->field(
- name => 'member',
- comment => 'required',
- );
-
- if ($objectClass ne 'posixGroup') {
- my $posixAccounts = $session->param('posixAccounts');
- while (my ($dn, $values) = each (%{$posixAccounts})) {
- my $uid = ${$values->{'uid'}}[0];
- my $gecos = ${$values->{'gecos'}}[0];
- $options->{$dn} = $uid.' - '.$gecos;
- }
- if (scalar(keys(%{$options})) == 0) {
- $session->param('error', 'Unable to fetch available posixAccounts');
- redirect('?tab=users&action=adduser');
+ my $fields = [qw(_submitted_value IM objectClass group)];
+ my @required;
+ push( @required, @{$fields} );
+
+ my $validate = {
+ IM => 'IM',
+ group => 'GROUP',
+ };
+ if ( $objectClass eq 'posixGroup' ) {
+ push( @{$fields}, 'gidNumber' );
+ $validate->{'gidNumber'} = 'GIDNUMBER';
+ } else {
+ push( @{$fields}, 'member' );
+ push( @required, 'member' );
+ $validate->{'member'} = 'USERDN';
+ }
+
+ my $form = CGI::FormBuilder->new(
+ name => 'ldapns_addgroup_form',
+ header => 0,
+ stylesheet => 1,
+ styleclass => 'ldapns_fb',
+ text => "Add $objectClass",
+ fields => $fields,
+ template => $templatedir . '/addgroup.tmpl',
+ method => 'post',
+ javascript => 1,
+ jsfunc => $jsfunc,
+ required => \@required,
+ validate => $validate,
+ );
+
+ if ( $form->submitted eq 'Back' ) {
+ $session->clear( ['addgroup'] );
+ redirect( '?tab=groups&action=addgroup' );
}
+
$form->field(
- name => 'member',
- options => $options,
- selectname => 0,
- sortopts => 'NAME',
- label => 'member',
- multiple => 1,
+ name => 'IM',
+ value => $IM,
+ label => 'IM',
+ comment => 'SMT ticket number',
+ disabled => 1,
);
- }
- else {
$form->field(
- name => 'gidNumber',
- options => $options,
- label => 'gidNumber',
+ name => 'objectClass',
+ value => $objectClass,
+ label => 'objectClass',
+ comment => 'posixGroups or groupOfNames',
+ disabled => 1,
);
- }
+ $form->field( name => '_submitted_value',
+ type => 'hidden', );
+ $form->field( name => 'gidNumber',
+ comment => 'optional [2000..9999]', );
+ $form->field( name => 'member',
+ comment => 'required', );
+
+ if ( $objectClass ne 'posixGroup' ) {
+ my $posixAccounts = $session->param( 'posixAccounts' );
+ while ( my ( $dn, $values ) = each( %{$posixAccounts} ) ) {
+ my $uid = ${ $values->{'uid'} }[0];
+ my $gecos = ${ $values->{'gecos'} }[0];
+ $options->{$dn} = $uid . ' - ' . $gecos;
+ }
+ if ( scalar( keys( %{$options} ) ) == 0 ) {
+ $session->param( 'error', 'Unable to fetch available posixAccounts' );
+ redirect( '?tab=users&action=adduser' );
+ }
+ $form->field(
+ name => 'member',
+ options => $options,
+ selectname => 0,
+ sortopts => 'NAME',
+ label => 'member',
+ multiple => 1,
+ );
+ } else {
+ $form->field(
+ name => 'gidNumber',
+ options => $options,
+ label => 'gidNumber',
+ );
+ }
- $form->tmpl_param("posix" => ($objectClass eq 'posixGroup'));
+ $form->tmpl_param( "posix" => ( $objectClass eq 'posixGroup' ) );
- if ($form->submitted eq 'Add') {
- my $entry;
- eval {
+ if ( $form->submitted eq 'Add' ) {
+ my $entry;
+ eval {
- die 'invalid parameters' unless $form->validate($validate);
- print STDERR "addgroup validation ok\n";
+ die 'invalid parameters' unless $form->validate( $validate );
+ print STDERR "addgroup validation ok\n";
- my $group = $form->field(name => 'group');
- foreach my $dn (keys(%{$groups})) {
- $dn =~ s/,.*//;
- $dn =~ s/^.*=//;
- die "group `$group' already exists" if ($group eq $dn);
- }
+ my $group = $form->field( name => 'group' );
+ foreach my $dn ( keys( %{$groups} ) ) {
+ $dn =~ s/,.*//;
+ $dn =~ s/^.*=//;
+ die "group `$group' already exists" if ( $group eq $dn );
+ }
- my $get_function;
- reconnect_ldap_snmc;
- if ($objectClass eq 'posixGroup') {
-
- $get_function = \&SNET::LdapNS::getPosixGroup;
- my $gidNumber;
- if (
- defined($form->field(name => 'gidNumber'))
- &&
- length($form->field(name => 'gidNumber'))
- ) {
- $gidNumber = $form->field(name => 'gidNumber');
- }
-
- SNET::LdapNS::addPosixGroup(
- $ldap_snmc->{'label'},
- $form->field(name => 'IM'),
- $group,
- $gidNumber,
- ) or die "Unable to create LDAP entry for `$group'";
- }
- else {
+ my $get_function;
+ reconnect_ldap_snmc;
+ if ( $objectClass eq 'posixGroup' ) {
- $get_function = \&SNET::LdapNS::getGroupOfNames;
+ $get_function = \&SNET::LdapNS::getPosixGroup;
+ my $gidNumber;
+ if ( defined( $form->field( name => 'gidNumber' ) )
+ && length( $form->field( name => 'gidNumber' ) ) ) {
+ $gidNumber = $form->field( name => 'gidNumber' );
+ }
- my @members = $form->field(name => 'member');
- die 'You must select at least one member' unless (scalar(@members));
+ SNET::LdapNS::addPosixGroup( $ldap_snmc->{'label'}, $form->field( name => 'IM' ), $group, $gidNumber, ) or die "Unable to create LDAP entry for `$group'";
+ } else {
- map { die "invalid member `$_'" unless defined($options->{$_}) } @members;
+ $get_function = \&SNET::LdapNS::getGroupOfNames;
- SNET::LdapNS::addGroupOfNames(
- $ldap_snmc->{'label'},
- $form->field(name => 'IM'),
- $group,
- \@members,
- ) or die "Unable to create LDAP entry for `$group'";
+ my @members = $form->field( name => 'member' );
+ die 'You must select at least one member' unless ( scalar( @members ) );
- }
- $session->param('message', "Group added");
- if ($objectClass eq 'posixGroup') {
- $session->clear([qw(addgroup posixGroups)]);
- }
- else {
- $session->clear([qw(addgroup groupOfNames)]);
- }
+ map { die "invalid member `$_'" unless defined( $options->{$_} ) } @members;
- $entry = &{$get_function}(
- $ldap_snmc->{'label'},
- $group,
- );
+ SNET::LdapNS::addGroupOfNames( $ldap_snmc->{'label'}, $form->field( name => 'IM' ), $group, \@members, ) or die "Unable to create LDAP entry for `$group'";
- };
- if ($@) {
- $session->param('error', $@);
- }
- reset_actions;
- if (defined($entry)) {
- print_ns_headers("LdapNS add group");
- render_groupinfos($entry);
- print_ns_footers;
- }
- else {
- display_blank("LdapNS add group");
+ }
+ $session->param( 'message', "Group added" );
+ if ( $objectClass eq 'posixGroup' ) {
+ $session->clear( [qw(addgroup posixGroups)] );
+ } else {
+ $session->clear( [qw(addgroup groupOfNames)] );
+ }
+
+ $entry = &{$get_function}( $ldap_snmc->{'label'}, $group, );
+
+ };
+ if ( $@ ) {
+ $session->param( 'error', $@ );
+ }
+ reset_actions;
+ if ( defined( $entry ) ) {
+ print_ns_headers( "LdapNS add group" );
+ render_groupinfos( $entry );
+ print_ns_footers;
+ } else {
+ display_blank( "LdapNS add group" );
+ }
}
- }
- print_ns_headers("LdapNS add group");
- print $form->render;
- print_ns_footers;
+ print_ns_headers( "LdapNS add group" );
+ print $form->render;
+ print_ns_footers;
}
-sub display_delgroup {
-
- $DELGROUP = 1;
- select_group_objectclass("LdapNS delete groups");
-
- my $delgroup = $session->param('delgroup');
- my $objectClass = $delgroup->{'objectClass'};
- my $IM = $delgroup->{'IM'};
- my $options = {};
- my $type = 'select';
- my $groups;
-
- if ($objectClass eq 'posixGroup') {
- $groups = $session->param('posixGroups');
- }
- else {
- $groups = $session->param('groupOfNames');
- }
-
- my $jsfunc = <<'EOJS';
+sub display_delgroup
+{
+
+ $DELGROUP = 1;
+ select_group_objectclass( "LdapNS delete groups" );
+
+ my $delgroup = $session->param( 'delgroup' );
+ my $objectClass = $delgroup->{'objectClass'};
+ my $IM = $delgroup->{'IM'};
+ my $options = {};
+ my $type = 'select';
+ my $groups;
+
+ if ( $objectClass eq 'posixGroup' ) {
+ $groups = $session->param( 'posixGroups' );
+ } else {
+ $groups = $session->param( 'groupOfNames' );
+ }
+
+ my $jsfunc = <<'EOJS';
// skip js validation if on refresh or on cancel
if (form._submitted_value.value == 'Refresh') {
return true;
@@ -2493,199 +2701,180 @@ sub display_delgroup {
}
EOJS
- my $validate = {
- IM => 'IM',
- objectClass => 'GROUPCLASS',
- group => 'GROUP',
- };
-
- my $form = CGI::FormBuilder->new(
- name => 'ldapns_delgroup_form',
- header => 0,
- stylesheet => 1,
- styleclass => 'ldapns_fb',
- text => 'Delete group',
- fields => [qw(_submitted_value IM group objectClass)],
- template => $templatedir.'/delgroup.tmpl',
- method => 'post',
- javascript => 1,
- jsfunc => $jsfunc,
- required => 'ALL',
- validate => $validate,
- );
-
- if ($form->submitted eq 'Back') {
- $session->clear(['delgroup']);
- redirect('?tab=groups&action=delgroup');
- }
- $form->field(
- name => '_submitted_value',
- type => 'hidden',
- );
- $form->field(
- name => 'IM',
- value => $IM,
- disabled => 1,
- );
- $form->field(
- name => 'objectClass',
- value => $objectClass,
- disabled => 1,
- );
-
- if ($form->submitted eq 'Delete') {
- eval {
+ my $validate = {
+ IM => 'IM',
+ objectClass => 'GROUPCLASS',
+ group => 'GROUP',
+ };
- die 'invalid parameters' unless $form->validate($validate);
+ my $form = CGI::FormBuilder->new(
+ name => 'ldapns_delgroup_form',
+ header => 0,
+ stylesheet => 1,
+ styleclass => 'ldapns_fb',
+ text => 'Delete group',
+ fields => [qw(_submitted_value IM group objectClass)],
+ template => $templatedir . '/delgroup.tmpl',
+ method => 'post',
+ javascript => 1,
+ jsfunc => $jsfunc,
+ required => 'ALL',
+ validate => $validate,
+ );
- my @groups = $form->field(name => 'group');
- die 'You must select at least one group' unless (scalar(@groups) > 0);
- foreach my $group (@groups) {
+ if ( $form->submitted eq 'Back' ) {
+ $session->clear( ['delgroup'] );
+ redirect( '?tab=groups&action=delgroup' );
+ }
+ $form->field( name => '_submitted_value',
+ type => 'hidden', );
+ $form->field(
+ name => 'IM',
+ value => $IM,
+ disabled => 1,
+ );
+ $form->field(
+ name => 'objectClass',
+ value => $objectClass,
+ disabled => 1,
+ );
+
+ if ( $form->submitted eq 'Delete' ) {
+ eval {
+
+ die 'invalid parameters' unless $form->validate( $validate );
- $group = lc($group);
+ my @groups = $form->field( name => 'group' );
+ die 'You must select at least one group' unless ( scalar( @groups ) > 0 );
+ foreach my $group ( @groups ) {
+ $group = lc( $group );
+
+ eval {
+ foreach my $dn ( keys( %{$groups} ) ) {
+ $dn =~ s/,.*//;
+ $dn =~ s/^.*=//;
+ die 'found' if ( lc( $group ) eq lc( $dn ) );
+ }
+ };
+ die "invalid group `$group'" unless ( $@ );
+ die "read-only group `$group'" if ( lc( $group ) eq 'admin' );
+
+ $options->{$group} = $group;
+ }
+ $delgroup->{'options'} = $options;
+ $session->param( 'delgroup', $delgroup );
+ };
+ if ( $@ ) {
+ $session->param( 'error', $@ );
+ display_blank( "LdapNS delete groups" );
+ }
+ $type = 'checkbox';
+ $form->field( name => 'group', disabled => 1 );
+ $form->tmpl_param( 'submit1' => 'Confirm' );
+ $form->tmpl_param( 'submit2' => 'Cancel' );
+ } elsif ( $form->submitted eq 'Confirm' ) {
+ my @groups = keys( %{ $delgroup->{'options'} } );
+ my @deleted_groups;
+ my $group;
eval {
- foreach my $dn (keys(%{$groups})) {
- $dn =~ s/,.*//;
- $dn =~ s/^.*=//;
- die 'found' if (lc($group) eq lc($dn));
- }
+ reconnect_ldap_snmc;
+ if ( $objectClass eq 'posixGroup' ) {
+ foreach $group ( @groups ) {
+ SNET::LdapNS::deletePosixGroup( $ldap_snmc->{'label'}, $IM, $group );
+ push( @deleted_groups, $group );
+ }
+ } elsif ( $objectClass eq 'groupOfNames' ) {
+ foreach $group ( @groups ) {
+ SNET::LdapNS::deleteGroupOfNames( $ldap_snmc->{'label'}, $IM, $group );
+ push( @deleted_groups, $group );
+ }
+ } else {
+ die "invalid objectClass `$objectClass'";
+ }
};
- die "invalid group `$group'" unless ($@);
- die "read-only group `$group'" if (lc($group) eq 'admin');
-
- $options->{$group} = $group;
- }
- $delgroup->{'options'} = $options;
- $session->param('delgroup', $delgroup);
- };
- if ($@) {
- $session->param('error', $@);
- display_blank("LdapNS delete groups");
- }
- $type = 'checkbox';
- $form->field(name => 'group', disabled => 1);
- $form->tmpl_param('submit1' => 'Confirm');
- $form->tmpl_param('submit2' => 'Cancel');
- }
- elsif ($form->submitted eq 'Confirm') {
- my @groups = keys(%{$delgroup->{'options'}});
- my @deleted_groups;
- my $group;
- eval {
- reconnect_ldap_snmc;
- if ($objectClass eq 'posixGroup') {
- foreach $group (@groups) {
- SNET::LdapNS::deletePosixGroup(
- $ldap_snmc->{'label'},
- $IM,
- $group
- );
- push(@deleted_groups, $group);
+ if ( $@ ) {
+ $session->param( 'error', $@ );
}
- }
- elsif ($objectClass eq 'groupOfNames') {
- foreach $group (@groups) {
- SNET::LdapNS::deleteGroupOfNames(
- $ldap_snmc->{'label'},
- $IM,
- $group
- );
- push(@deleted_groups, $group);
+ if ( scalar( @deleted_groups ) ) {
+ print STDERR 'Successful deletion of ' . join( ', ', @deleted_groups ) . "\n";
+ $session->param( 'message', 'Successful deletion of ' . join( ', ', @deleted_groups ) );
+ if ( $objectClass eq 'posixGroup' ) {
+ $session->clear( ['posixGroups'] );
+ } else {
+ $session->clear( ['groupOfNames'] );
+ }
}
- }
- else {
- die "invalid objectClass `$objectClass'";
- }
- };
- if ($@) {
- $session->param('error', $@);
- }
- if (scalar(@deleted_groups)) {
- print STDERR 'Successful deletion of '.join(', ', @deleted_groups)."\n";
- $session->param('message', 'Successful deletion of '.join(', ', @deleted_groups));
- if ($objectClass eq 'posixGroup') {
- $session->clear(['posixGroups']);
- }
- else {
- $session->clear(['groupOfNames']);
- }
+ $session->clear( ['delgroup'] );
+ display_blank( "LdapNS delete groups" );
+ } elsif ( $form->submitted eq 'Cancel' ) {
+ $session->param( 'error', 'delete operation cancelled' );
+ $session->clear( ['delgroup'] );
+ display_blank( "LdapNS delete groups" );
+ } else {
+ my $groups;
+ if ( $objectClass eq 'posixGroup' ) {
+ $groups = $session->param( 'posixGroups' );
+ } else {
+ $groups = $session->param( 'groupOfNames' );
+ }
+ foreach my $values ( values( %{$groups} ) ) {
+ my $cn = ${ $values->{'cn'} }[0];
+ $options->{$cn} = $cn;
+ }
+ $form->tmpl_param( 'submit1' => 'Delete' );
+ $form->tmpl_param( 'submit2' => 'Back' );
}
- $session->clear(['delgroup']);
- display_blank("LdapNS delete groups");
- }
- elsif ($form->submitted eq 'Cancel') {
- $session->param('error', 'delete operation cancelled');
- $session->clear(['delgroup']);
- display_blank("LdapNS delete groups");
- }
- else {
- my $groups;
- if ($objectClass eq 'posixGroup') {
- $groups = $session->param('posixGroups');
- }
- else {
- $groups = $session->param('groupOfNames');
- }
- foreach my $values (values(%{$groups})) {
- my $cn = ${$values->{'cn'}}[0];
- $options->{$cn} = $cn;
- }
- $form->tmpl_param('submit1' => 'Delete');
- $form->tmpl_param('submit2' => 'Back');
- }
-
- if (scalar(keys(%{$options})) == 0) {
- $session->param('error', 'Unable to fetch available groups');
- display_blank("LdapNS delete groups");
- }
-
- $form->field(
- name => 'group',
- options => $options,
- sortopts => 'NAME',
- linebreaks => 1,
- type => $type,
- selectname => 0,
- multiple => 0,
- );
-
- if ($type eq 'select') {
+
+ if ( scalar( keys( %{$options} ) ) == 0 ) {
+ $session->param( 'error', 'Unable to fetch available groups' );
+ display_blank( "LdapNS delete groups" );
+ }
+
$form->field(
- size => getsize_multipleselect($options),
+ name => 'group',
+ options => $options,
+ sortopts => 'NAME',
+ linebreaks => 1,
+ type => $type,
+ selectname => 0,
+ multiple => 0,
);
- }
- print_ns_headers("LdapNS delete groups");
- print $form->render();
- print_ns_footers;
+ if ( $type eq 'select' ) {
+ $form->field( size => getsize_multipleselect( $options ), );
+ }
+
+ print_ns_headers( "LdapNS delete groups" );
+ print $form->render();
+ print_ns_footers;
}
-sub display_modgroup {
+sub display_modgroup
+{
- $MODGROUP = 1;
+ $MODGROUP = 1;
- refresh_posixAccounts;
+ refresh_posixAccounts;
- my $next_step = select_group_objectclass("LdapNS modify groups");
+ my $next_step = select_group_objectclass( "LdapNS modify groups" );
- if ($next_step < 0) {
- select_group;
- }
- else {
- select_group if ($next_step > 0);
- }
+ if ( $next_step < 0 ) {
+ select_group;
+ } else {
+ select_group if ( $next_step > 0 );
+ }
- my $modgroup = $session->param('modgroup');
- my $IM = $modgroup->{'IM'};
- my $objectClass = $modgroup->{'objectClass'};
- my $group = $modgroup->{'group'};
- my $deloptions;
- my $addoptions;
- my $type = 'select';
+ my $modgroup = $session->param( 'modgroup' );
+ my $IM = $modgroup->{'IM'};
+ my $objectClass = $modgroup->{'objectClass'};
+ my $group = $modgroup->{'group'};
+ my $deloptions;
+ my $addoptions;
+ my $type = 'select';
- my $jsfunc = <<'EOJS';
+ my $jsfunc = <<'EOJS';
// skip on back
if (form._submitted_value.value == 'Back') {
return true;
@@ -2695,624 +2884,554 @@ sub display_modgroup {
}
EOJS
- my $user_validate = ($objectClass eq 'posixGroup') ? 'UID' : 'USERDN';
- my $validate = {
- IM => 'IM',
- group => 'GROUP',
- objectClass => 'GROUPCLASS',
- uid => $user_validate,
- };
-
- my $form = CGI::FormBuilder->new(
- name => 'ldapns_modgroup_form',
- header => 0,
- stylesheet => 1,
- styleclass => 'ldapns_fb',
- text => "Modify $objectClass",
- fields => [qw(_submitted_value IM objectClass group deluser adduser)],
- template => $templatedir.'/modgroup.tmpl',
- method => 'post',
- javascript => 1,
- jsfunc => $jsfunc,
- required => [qw(IM objectClass group)],
- validate => $validate,
- );
- $form->field(
- name => '_submitted_value',
- type => 'hidden',
- );
-
- if ($form->submitted eq 'Back') {
- delete($modgroup->{'group'});
- $session->param('modgroup', $modgroup);
- redirect('?tab=groups&action=modgroup');
- }
-
- if ($form->submitted eq 'Cancel') {
- $session->param('error', 'modify operation cancelled');
- $session->clear(['modgroup']);
- display_blank("LdapNS modify groups");
- }
-
- $form->field(
- name => 'IM',
- value => $IM,
- disabled => 1,
- );
- $form->field(
- name => 'objectClass',
- value => $objectClass,
- disabled => 1,
- );
- $form->field(
- name => 'group',
- value => $group,
- disabled => 1,
- );
-
- if ($form->submitted eq 'Modify') {
+ my $user_validate = ( $objectClass eq 'posixGroup' ) ? 'UID' : 'USERDN';
+ my $validate = {
+ IM => 'IM',
+ group => 'GROUP',
+ objectClass => 'GROUPCLASS',
+ uid => $user_validate,
+ };
+
+ my $form = CGI::FormBuilder->new(
+ name => 'ldapns_modgroup_form',
+ header => 0,
+ stylesheet => 1,
+ styleclass => 'ldapns_fb',
+ text => "Modify $objectClass",
+ fields => [qw(_submitted_value IM objectClass group deluser adduser)],
+ template => $templatedir . '/modgroup.tmpl',
+ method => 'post',
+ javascript => 1,
+ jsfunc => $jsfunc,
+ required => [qw(IM objectClass group)],
+ validate => $validate,
+ );
+ $form->field( name => '_submitted_value',
+ type => 'hidden', );
+
+ if ( $form->submitted eq 'Back' ) {
+ delete( $modgroup->{'group'} );
+ $session->param( 'modgroup', $modgroup );
+ redirect( '?tab=groups&action=modgroup' );
+ }
+
+ if ( $form->submitted eq 'Cancel' ) {
+ $session->param( 'error', 'modify operation cancelled' );
+ $session->clear( ['modgroup'] );
+ display_blank( "LdapNS modify groups" );
+ }
+
+ $form->field(
+ name => 'IM',
+ value => $IM,
+ disabled => 1,
+ );
+ $form->field(
+ name => 'objectClass',
+ value => $objectClass,
+ disabled => 1,
+ );
+ $form->field(
+ name => 'group',
+ value => $group,
+ disabled => 1,
+ );
+
+ if ( $form->submitted eq 'Modify' ) {
+
+ eval {
+
+ my $deluser = [];
+ my $adduser = [];
+ $deloptions = {};
+ $addoptions = {};
+
+ push( @{$deluser}, $form->field( name => 'deluser' ) ) if ( defined( $form->field( name => 'deluser' ) ) );
+ push( @{$adduser}, $form->field( name => 'adduser' ) ) if ( defined( $form->field( name => 'adduser' ) ) );
+
+ die 'You must select at least one user' unless ( scalar( @{$deluser} ) || scalar( @{$adduser} ) );
+
+ foreach my $user ( @{$deluser} ) {
+ $deloptions->{$user} = $modgroup->{'deloptions'}->{$user}
+ or die "invalid user `$user'";
+ }
+ foreach my $user ( @{$adduser} ) {
+ $addoptions->{$user} = $modgroup->{'addoptions'}->{$user}
+ or die "invalid user `$user'";
+ }
+
+ if ( $objectClass eq 'groupOfNames' ) {
+ my $members = scalar( keys( %{ $modgroup->{'deloptions'} } ) );
+ $members += scalar( keys( %{$addoptions} ) );
+ $members -= scalar( keys( %{$deloptions} ) );
+ die "groupOfNames must contain at least one member" unless ( $members );
+ }
- eval {
+ $modgroup->{'deloptions'} = $deloptions;
+ $modgroup->{'addoptions'} = $addoptions;
+ $session->param( 'modgroup', $modgroup );
- my $deluser = [];
- my $adduser = [];
- $deloptions = {};
- $addoptions = {};
-
- push(@{$deluser}, $form->field(name => 'deluser')) if (
- defined($form->field(name => 'deluser'))
- );
- push(@{$adduser}, $form->field(name => 'adduser')) if (
- defined($form->field(name => 'adduser'))
- );
-
- die 'You must select at least one user' unless (
- scalar(@{$deluser}) || scalar(@{$adduser})
- );
-
- foreach my $user (@{$deluser}) {
- $deloptions->{$user} = $modgroup->{'deloptions'}->{$user}
- or die "invalid user `$user'";
- }
- foreach my $user (@{$adduser}) {
- $addoptions->{$user} = $modgroup->{'addoptions'}->{$user}
- or die "invalid user `$user'";
- }
+ };
+ if ( $@ ) {
+ $session->param( 'error', $@ );
+ display_blank( "LdapNS modify groups" );
+ }
+ $type = 'checkbox';
+ $form->field( name => 'adduser', disabled => 1 );
+ $form->field( name => 'deluser', disabled => 1 );
+ $form->tmpl_param( 'submit1' => 'Cancel' );
+ $form->tmpl_param( 'submit2' => 'Confirm' );
+ } elsif ( $form->submitted eq 'Confirm' ) {
- if ($objectClass eq 'groupOfNames') {
- my $members = scalar(keys(%{$modgroup->{'deloptions'}}));
- $members += scalar(keys(%{$addoptions}));
- $members -= scalar(keys(%{$deloptions}));
- die "groupOfNames must contain at least one member" unless ($members);
- }
+ my $entry;
- $modgroup->{'deloptions'} = $deloptions;
- $modgroup->{'addoptions'} = $addoptions;
- $session->param('modgroup', $modgroup);
+ eval {
- };
- if ($@) {
- $session->param('error', $@);
- display_blank("LdapNS modify groups");
- }
- $type = 'checkbox';
- $form->field(name => 'adduser', disabled => 1);
- $form->field(name => 'deluser', disabled => 1);
- $form->tmpl_param('submit1' => 'Cancel');
- $form->tmpl_param('submit2' => 'Confirm');
- }
- elsif ($form->submitted eq 'Confirm') {
+ $deloptions = $modgroup->{'deloptions'};
+ $addoptions = $modgroup->{'addoptions'};
+ my @to_delete = keys( %{$deloptions} );
+ my @to_add = keys( %{$addoptions} );
+
+ my $add_function;
+ my $del_function;
+ my $get_function;
+
+ if ( $objectClass eq 'posixGroup' ) {
+ $add_function = \&SNET::LdapNS::addToPosixGroup;
+ $del_function = \&SNET::LdapNS::removeFromPosixGroup;
+ $get_function = \&SNET::LdapNS::getPosixGroup;
+ } else {
+ $add_function = \&SNET::LdapNS::addToGroupOfNames;
+ $del_function = \&SNET::LdapNS::removeFromGroupOfNames;
+ $get_function = \&SNET::LdapNS::getGroupOfNames;
+ }
- my $entry;
+ reconnect_ldap_snmc;
- eval {
+ if ( scalar( @to_add ) ) {
+ &{$add_function}( $ldap_snmc->{'label'}, $IM, $group, \@to_add ) or die SNET::LdapNS::error( $ldap_snmc->{'label'} );
+ }
- $deloptions = $modgroup->{'deloptions'};
- $addoptions = $modgroup->{'addoptions'};
- my @to_delete = keys(%{$deloptions});
- my @to_add = keys(%{$addoptions});
-
- my $add_function;
- my $del_function;
- my $get_function;
-
- if ($objectClass eq 'posixGroup') {
- $add_function = \&SNET::LdapNS::addToPosixGroup;
- $del_function = \&SNET::LdapNS::removeFromPosixGroup;
- $get_function = \&SNET::LdapNS::getPosixGroup;
- }
- else {
- $add_function = \&SNET::LdapNS::addToGroupOfNames;
- $del_function = \&SNET::LdapNS::removeFromGroupOfNames;
- $get_function = \&SNET::LdapNS::getGroupOfNames;
- }
+ if ( scalar( @to_delete ) ) {
+ &{$del_function}( $ldap_snmc->{'label'}, $IM, $group, \@to_delete ) or die SNET::LdapNS::error( $ldap_snmc->{'label'} );
+ }
- reconnect_ldap_snmc;
-
- if (scalar(@to_add)) {
- &{$add_function} (
- $ldap_snmc->{'label'},
- $IM,
- $group,
- \@to_add
- ) or die SNET::LdapNS::error($ldap_snmc->{'label'});
- };
-
- if (scalar(@to_delete)) {
- &{$del_function} (
- $ldap_snmc->{'label'},
- $IM,
- $group,
- \@to_delete
- ) or die SNET::LdapNS::error($ldap_snmc->{'label'});
- };
-
- $session->param('message', 'group modification successful');
- if ($objectClass eq 'posixGroup') {
- $session->clear([qw(modgroup posixGroups)]);
- }
- else {
- $session->clear([qw(modgroup groupOfNames)]);
- }
+ $session->param( 'message', 'group modification successful' );
+ if ( $objectClass eq 'posixGroup' ) {
+ $session->clear( [qw(modgroup posixGroups)] );
+ } else {
+ $session->clear( [qw(modgroup groupOfNames)] );
+ }
- $entry = &{$get_function} (
- $ldap_snmc->{'label'},
- $group,
- );
+ $entry = &{$get_function}( $ldap_snmc->{'label'}, $group, );
- };
- if ($@) {
- $session->param('error', $@);
- }
- reset_actions;
- if (defined($entry)) {
- print_ns_headers("LdapNS modify group");
- render_groupinfos($entry);
- print_ns_footers;
- }
- else {
- display_blank("LdapNS modify groups");
+ };
+ if ( $@ ) {
+ $session->param( 'error', $@ );
+ }
+ reset_actions;
+ if ( defined( $entry ) ) {
+ print_ns_headers( "LdapNS modify group" );
+ render_groupinfos( $entry );
+ print_ns_footers;
+ } else {
+ display_blank( "LdapNS modify groups" );
+ }
+
+ } else {
+ $deloptions = $modgroup->{'deloptions'};
+ $addoptions = $modgroup->{'addoptions'};
+ $form->tmpl_param( 'submit1' => 'Back' );
+ $form->tmpl_param( 'submit2' => 'Modify' );
}
- }
- else {
- $deloptions = $modgroup->{'deloptions'};
- $addoptions = $modgroup->{'addoptions'};
- $form->tmpl_param('submit1' => 'Back');
- $form->tmpl_param('submit2' => 'Modify');
- }
+ if ( keys %{$deloptions} ) {
+ $form->field(
+ name => 'deluser',
+ options => $deloptions,
+ sortopts => 'NAME',
+ linebreaks => 1,
+ type => $type,
+ multiple => 1,
+ disable => ( scalar( keys( %{$deloptions} ) ) == 0 ),
+ );
- if (keys%{$deloptions}) {
- $form->field(
- name => 'deluser',
- options => $deloptions,
- sortopts => 'NAME',
- linebreaks => 1,
- type => $type,
- multiple => 1,
- disable => (scalar(keys(%{$deloptions})) == 0),
- );
+ if ( $type eq 'select' ) {
+ $form->field( size => getsize_multipleselect( $deloptions ), );
+ }
- if ($type eq 'select') {
- $form->field(
- size => getsize_multipleselect($deloptions),
- );
+ } else {
+ $form->tmpl_param( 'disable_deluser' => 1 );
}
- }
- else {
- $form->tmpl_param('disable_deluser' => 1);
- }
+ if ( keys( %{$addoptions} ) ) {
+ $form->field(
+ name => 'adduser',
+ options => $addoptions,
+ sortopts => 'NAME',
+ linebreaks => 1,
+ type => $type,
+ multiple => 1,
+ disable => ( scalar( keys( %{$addoptions} ) ) == 0 ),
+ );
- if (keys(%{$addoptions})) {
- $form->field(
- name => 'adduser',
- options => $addoptions,
- sortopts => 'NAME',
- linebreaks => 1,
- type => $type,
- multiple => 1,
- disable => (scalar(keys(%{$addoptions})) == 0),
- );
+ if ( $type eq 'select' ) {
+ $form->field( size => getsize_multipleselect( $addoptions ), );
+ }
- if ($type eq 'select') {
- $form->field(
- size => getsize_multipleselect($addoptions),
- );
+ } else {
+ $form->tmpl_param( 'disable_adduser' => 1 );
}
- }
- else {
- $form->tmpl_param('disable_adduser' => 1);
- }
-
- print_ns_headers("LdapNS modify groups");
- print $form->render();
- print_ns_footers;
+ print_ns_headers( "LdapNS modify groups" );
+ print $form->render();
+ print_ns_footers;
}
+sub display_passwd
+{
+
+ $PASSWD = 1;
+
+ my $form_fields = [qw(old new repeat)];
+ push( @{$form_fields}, 'synchronize' ) if ( $mod_synchro );
+
+ my $form = CGI::FormBuilder->new(
+ name => 'ldapns_passwd_form',
+ header => 0,
+ stylesheet => 1,
+ styleclass => 'ldapns_fb',
+ text => 'Password change',
+ fields => $form_fields,
+ template => $templatedir . '/passwd.tmpl',
+ method => 'post',
+ required => [qw(old new repeat)],
+ submit => 'Change password',
+ );
-sub display_passwd {
+ if ( $mod_synchro ) {
+ $form->field(
+ name => 'synchronize',
+ type => 'checkbox',
+ comment => 'Synchronize with old LDAP database?',
+ options => 'yes',
+ );
+ $form->field(
+ name => 'synchronize',
+ value => 'yes'
+ ) unless ( $form->submitted );
+ }
+ $form->tmpl_param( 'mod_synchro' => $mod_synchro );
- $PASSWD = 1;
+ $form->field( name => 'new',
+ type => 'password', );
+ $form->field( name => 'old',
+ type => 'password', );
+ $form->field( name => 'repeat',
+ type => 'password', );
- my $form_fields = [qw(old new repeat)];
- push (@{$form_fields}, 'synchronize') if ($mod_synchro);
+ $session->param( 'message', "password must be [10..16] characters long, and must contains 3 different character classes" );
- my $form = CGI::FormBuilder->new(
- name => 'ldapns_passwd_form',
- header => 0,
- stylesheet => 1,
- styleclass => 'ldapns_fb',
- text => 'Password change',
- fields => $form_fields,
- template => $templatedir.'/passwd.tmpl',
- method => 'post',
- required => [qw(old new repeat)],
- submit => 'Change password',
- );
+ if ( $form->submitted ) {
- if ($mod_synchro) {
- $form->field(
- name => 'synchronize',
- type => 'checkbox',
- comment => 'Synchronize with old LDAP database?',
- options => 'yes',
- );
- $form->field(
- name => 'synchronize',
- value => 'yes'
- ) unless ($form->submitted);
- }
- $form->tmpl_param('mod_synchro' => $mod_synchro);
-
- $form->field(
- name => 'new',
- type => 'password',
- );
- $form->field(
- name => 'old',
- type => 'password',
- );
- $form->field(
- name => 'repeat',
- type => 'password',
- );
-
- $session->param('message',
- "password must be [10..16] characters long, and must contains 3 different character classes"
- );
-
- if ($form->submitted) {
+ eval {
+ die 'missing parameters' unless $form->validate();
+ die 'password mismatch' unless ( $form->field( name => 'new' ) eq $form->field( name => 'repeat' ) );
- eval {
- die 'missing parameters' unless $form->validate();
- die 'password mismatch' unless (
- $form->field(name => 'new')
- eq
- $form->field(name => 'repeat')
- );
-
- reconnect_ldap_snmc();
- SNET::LdapNS::passwd(
- $ldap_snmc->{'label'},
- $form->field(name => 'old'),
- $form->field(name => 'new')
- );
- $session->param('message', 'password changed successfully');
- $session->clear(['action', 'error']);
-
- synchronize_passwords(
- defined($form->field(name => 'synchronize')),
- $ldap_snmc->{'label'},
- $form->field(name => 'new'),
- undef,
- $form->field(name => 'old')
- );
-
- encode_sessionauth($form->field(name => 'new'));
- $session->param('userMustChange', 0);
- $userMustChange = 0;
- refresh_userInfos;
- redirect_homepage;
+ reconnect_ldap_snmc();
+ SNET::LdapNS::passwd( $ldap_snmc->{'label'}, $form->field( name => 'old' ), $form->field( name => 'new' ) );
+ $session->param( 'message', 'password changed successfully' );
+ $session->clear( [ 'action', 'error' ] );
- };
- if ($@) {
- $session->param('error', $@);
- }
- else {
- display_blank("LdapNS homepage");
+ # synchronize_samba_password(
+ # $ldap_snmc->{'label'},
+ # $form->field(name => 'new')
+ # );
+
+ synchronize_passwords( defined( $form->field( name => 'synchronize' ) ), $ldap_snmc->{'label'}, $form->field( name => 'new' ), undef, $form->field( name => 'old' ) );
+
+ encode_sessionauth( $form->field( name => 'new' ) );
+ $session->param( 'userMustChange', 0 );
+ $userMustChange = 0;
+ refresh_userInfos;
+ redirect_homepage;
+
+ };
+ if ( $@ ) {
+ $session->param( 'error', $@ );
+ } else {
+ display_blank( "LdapNS homepage" );
+ }
}
- }
- print_ns_headers("LdapNS homepage");
- print $form->render;
- print_ns_footers;
+ print_ns_headers( "LdapNS homepage" );
+ print $form->render;
+ print_ns_footers;
}
-sub display_blank($) {
+sub display_blank($)
+{
- my $title = shift;
- my $template_blank = HTML::Template->new(filename => $templatedir.'/blank.tmpl');
+ my $title = shift;
+ my $template_blank = HTML::Template->new( filename => $templatedir . '/blank.tmpl' );
- parse_messages;
+ parse_messages;
- $template_blank->param(
- 'br' => (!(defined($error) || defined($message)))
- );
+ $template_blank->param( 'br' => ( !( defined( $error ) || defined( $message ) ) ) );
- reset_actions;
+ reset_actions;
- print_ns_headers($title);
- print $template_blank->output;
- print_ns_footers;
+ print_ns_headers( $title );
+ print $template_blank->output;
+ print_ns_footers;
}
-sub display_users {
-
- print STDERR "ldap_NS.pl: entering display_users\n" if ($debug >2);
-
- if (defined($params->{'action'})) {
- if ($params->{'action'} eq 'reset') {
- $session->param('action','reset');
- }
- elsif ($params->{'action'} eq 'deluser') {
- $session->param('action','deluser');
- }
- elsif ($params->{'action'} eq 'adduser') {
- $session->param('action','adduser');
- }
- elsif ($params->{'action'} eq 'moduser') {
- $session->param('action','moduser');
- }
- elsif ($params->{'action'} eq 'userinfos') {
- $session->param('action','userinfos');
+sub display_users
+{
+
+ print STDERR "ldap_NS.pl: entering display_users\n" if ( $debug > 2 );
+
+ if ( defined( $params->{'action'} ) ) {
+ if ( $params->{'action'} eq 'reset' ) {
+ $session->param( 'action', 'reset' );
+ } elsif ( $params->{'action'} eq 'deluser' ) {
+ $session->param( 'action', 'deluser' );
+ } elsif ( $params->{'action'} eq 'adduser' ) {
+ $session->param( 'action', 'adduser' );
+ } elsif ( $params->{'action'} eq 'adduserprofile' ) {
+ $session->param( 'action', 'adduserprofile' );
+ } elsif ( $params->{'action'} eq 'moduser' ) {
+ $session->param( 'action', 'moduser' );
+ } elsif ( $params->{'action'} eq 'userinfos' ) {
+ $session->param( 'action', 'userinfos' );
+ }
}
- }
- if (defined($session->param('action'))) {
- if ($session->param('action') eq 'adduser') {
- display_adduser;
- }
- elsif ($session->param('action') eq 'moduser') {
- display_moduser;
- }
- elsif ($session->param('action') eq 'deluser') {
- display_deluser;
- }
- elsif ($session->param('action') eq 'reset') {
- display_reset;
- }
- elsif ($session->param('action') eq 'userinfos') {
- display_userinfos;
- }
- else {
- $session->clear(['action']);
+ if ( defined( $session->param( 'action' ) ) ) {
+ if ( $session->param( 'action' ) eq 'adduser' ) {
+ display_adduser;
+ } elsif ( $session->param( 'action' ) eq 'adduserprofile' ) {
+ display_adduserprofile;
+ } elsif ( $session->param( 'action' ) eq 'moduser' ) {
+ display_moduser;
+ } elsif ( $session->param( 'action' ) eq 'deluser' ) {
+ display_deluser;
+ } elsif ( $session->param( 'action' ) eq 'reset' ) {
+ display_reset;
+ } elsif ( $session->param( 'action' ) eq 'userinfos' ) {
+ display_userinfos;
+ } else {
+ $session->clear( ['action'] );
+ }
}
- }
- display_blank("LdapNS users management");
+ display_blank( "LdapNS users management" );
}
-sub display_groups {
-
- print STDERR "ldap_NS.pl: entering display_groups\n" if ($debug >2);
+sub display_groups
+{
- if (defined($params->{'action'})) {
- if ($params->{'action'} eq 'modgroup') {
- $session->param('action','modgroup');
- }
- elsif ($params->{'action'} eq 'delgroup') {
- $session->param('action','delgroup');
- }
- elsif ($params->{'action'} eq 'addgroup') {
- $session->param('action','addgroup');
- }
- elsif ($params->{'action'} eq 'groupinfos') {
- $session->param('action','groupinfos');
- }
- }
-
- if (defined($session->param('action'))) {
- if ($session->param('action') eq 'addgroup') {
- display_addgroup;
- }
- elsif ($session->param('action') eq 'delgroup') {
- display_delgroup;
- }
- elsif ($session->param('action') eq 'modgroup') {
- display_modgroup;
- }
- elsif ($session->param('action') eq 'groupinfos') {
- display_groupinfos;
+ print STDERR "ldap_NS.pl: entering display_groups\n" if ( $debug > 2 );
+
+ if ( defined( $params->{'action'} ) ) {
+ if ( $params->{'action'} eq 'modgroup' ) {
+ $session->param( 'action', 'modgroup' );
+ } elsif ( $params->{'action'} eq 'delgroup' ) {
+ $session->param( 'action', 'delgroup' );
+ } elsif ( $params->{'action'} eq 'addgroup' ) {
+ $session->param( 'action', 'addgroup' );
+ } elsif ( $params->{'action'} eq 'groupinfos' ) {
+ $session->param( 'action', 'groupinfos' );
+ }
}
- else {
- $session->clear(['action']);
+
+ if ( defined( $session->param( 'action' ) ) ) {
+ if ( $session->param( 'action' ) eq 'addgroup' ) {
+ display_addgroup;
+ } elsif ( $session->param( 'action' ) eq 'delgroup' ) {
+ display_delgroup;
+ } elsif ( $session->param( 'action' ) eq 'modgroup' ) {
+ display_modgroup;
+ } elsif ( $session->param( 'action' ) eq 'groupinfos' ) {
+ display_groupinfos;
+ } else {
+ $session->clear( ['action'] );
+ }
}
- }
- display_blank("LdapNS groups management");
+ display_blank( "LdapNS groups management" );
}
-sub select_policy {
+sub select_policy
+{
- my $title = shift;
- my $sessionparam = $session->param('action');
+ my $title = shift;
+ my $sessionparam = $session->param( 'action' );
- if (
- ($sessionparam ne 'modpolicy')
- &&
- ($sessionparam ne 'delpolicy')
- ) {
- $session->param('error', "invalid action $sessionparam");
- redirect_homepage;
- }
+ if ( ( $sessionparam ne 'modpolicy' )
+ && ( $sessionparam ne 'delpolicy' ) ) {
+ $session->param( 'error', "invalid action $sessionparam" );
+ redirect_homepage;
+ }
- refresh_ppolicy;
+ refresh_ppolicy;
- if (defined($session->param($sessionparam))) {
- return 1 if (defined($session->param($sessionparam)->{'policy'}));
- }
+ if ( defined( $session->param( $sessionparam ) ) ) {
+ return 1 if ( defined( $session->param( $sessionparam )->{'policy'} ) );
+ }
- my $policies;
- my $options;
+ my $policies;
+ my $options;
- my $validate = {
- IM => 'IM',
- policy => 'PPOLICYDN',
- };
+ my $validate = {
+ IM => 'IM',
+ policy => 'PPOLICYDN',
+ };
- my $jsfunc = <<'EOJS';
+ my $jsfunc = <<'EOJS';
// skip on back
if (form._submitted_value.value == 'Cancel') {
return true;
}
EOJS
- my $form = CGI::FormBuilder->new(
- name => 'ldapns_selectpolicy_form',
- header => 0,
- stylesheet => 1,
- styleclass => 'ldapns_fb',
- text => "Select policy",
- fields => [qw(IM policy)],
- template => $templatedir.'/selectpolicy.tmpl',
- submit => [qw(Cancel Select)],
- method => 'post',
- selectname => 0,
- javascript => 1,
- jsfunc => $jsfunc,
- required => 'ALL',
- validate => $validate,
- );
-
- if ($form->submitted eq 'Cancel') {
- $session->clear(["$sessionparam"]);
- $session->clear(['action']);
- redirect('?tab=ppolicies');
- }
-
- my $pwdPolicies = $session->param('pwdPolicies');
- while (my ($dn, $values) = each (%{$pwdPolicies})) {
- my $did = ${$values->{'documentidentifier'}}[0];
- if (
- defined($values->{'description'})
- &&
- scalar(@{$values->{'description'}})
- ) {
- $options->{$dn} = $did.' - '.${$values->{'description'}}[0];
- }
- else {
- $options->{$dn} = $did;
- }
- }
-
- if (scalar(keys(%{$options})) == 0) {
- $session->clear(["$sessionparam"]);
- $session->param('error', 'Unable to fetch available policies');
- redirect('?tab=ppolicies&action=addpolicy');
- }
-
- $form->field(
- name => 'IM',
- comment => 'SMT ticket number',
- );
-
- $form->field(
- name => 'policy',
- options => $options,
- sortopts => 'NAME',
- type => 'select',
- size => getsize_multipleselect($options),
- multiple => 0,
- );
-
- if ($form->submitted eq 'Select') {
-
- my $IM = $form->field(name => 'IM');
- my $policy = $form->field(name => 'policy');
-
- eval {
-
- die 'invalid parameters' unless $form->validate(
- $validate
- );
+ my $form = CGI::FormBuilder->new(
+ name => 'ldapns_selectpolicy_form',
+ header => 0,
+ stylesheet => 1,
+ styleclass => 'ldapns_fb',
+ text => "Select policy",
+ fields => [qw(IM policy)],
+ template => $templatedir . '/selectpolicy.tmpl',
+ submit => [qw(Cancel Select)],
+ method => 'post',
+ selectname => 0,
+ javascript => 1,
+ jsfunc => $jsfunc,
+ required => 'ALL',
+ validate => $validate,
+ );
- reconnect_ldap_snmc;
- my $infos = SNET::LdapNS::getPwdPolicy(
- $ldap_snmc->{'label'},
- $policy
- );
+ if ( $form->submitted eq 'Cancel' ) {
+ $session->clear( ["$sessionparam"] );
+ $session->clear( ['action'] );
+ redirect( '?tab=ppolicies' );
+ }
- $session->param($sessionparam,
- {
- 'IM' => $IM,
- 'policy' => $policy,
- 'infos' => $infos->{$policy},
+ my $pwdPolicies = $session->param( 'pwdPolicies' );
+ while ( my ( $dn, $values ) = each( %{$pwdPolicies} ) ) {
+ my $did = ${ $values->{'documentidentifier'} }[0];
+ if ( defined( $values->{'description'} )
+ && scalar( @{ $values->{'description'} } ) ) {
+ $options->{$dn} = $did . ' - ' . ${ $values->{'description'} }[0];
+ } else {
+ $options->{$dn} = $did;
}
- );
+ }
- };
- if ($@) {
- $session->param('error', $@);
- display_blank($title);
+ if ( scalar( keys( %{$options} ) ) == 0 ) {
+ $session->clear( ["$sessionparam"] );
+ $session->param( 'error', 'Unable to fetch available policies' );
+ redirect( '?tab=ppolicies&action=addpolicy' );
}
- return 1;
+ $form->field( name => 'IM',
+ comment => 'SMT ticket number', );
+
+ $form->field(
+ name => 'policy',
+ options => $options,
+ sortopts => 'NAME',
+ type => 'select',
+ size => getsize_multipleselect( $options ),
+ multiple => 0,
+ );
+
+ if ( $form->submitted eq 'Select' ) {
+
+ my $IM = $form->field( name => 'IM' );
+ my $policy = $form->field( name => 'policy' );
+
+ eval {
+
+ die 'invalid parameters' unless $form->validate( $validate );
+
+ reconnect_ldap_snmc;
+ my $infos = SNET::LdapNS::getPwdPolicy( $ldap_snmc->{'label'}, $policy );
+
+ $session->param(
+ $sessionparam,
+ {
+ 'IM' => $IM,
+ 'policy' => $policy,
+ 'infos' => $infos->{$policy},
+ }
+ );
+
+ };
+ if ( $@ ) {
+ $session->param( 'error', $@ );
+ display_blank( $title );
+ }
+
+ return 1;
- }
+ }
- print_ns_headers($title);
- print $form->render;
- print_ns_footers;
+ print_ns_headers( $title );
+ print $form->render;
+ print_ns_footers;
}
-sub display_addpolicy {
+sub display_addpolicy
+{
- $ADDPOLICY = 1;
- refresh_ppolicy;
+ $ADDPOLICY = 1;
+ refresh_ppolicy;
- $session->param('error', 'Not yet implemented');
+ $session->param( 'error', 'Not yet implemented' );
- display_blank("LdapNS passwords policies management");
+ display_blank( "LdapNS passwords policies management" );
}
-sub display_delpolicy {
+sub display_delpolicy
+{
- $DELPOLICY = 1;
- refresh_ppolicy;
+ $DELPOLICY = 1;
+ refresh_ppolicy;
- $session->param('error', 'Not yet implemented');
+ $session->param( 'error', 'Not yet implemented' );
- display_blank("LdapNS passwords policies management");
+ display_blank( "LdapNS passwords policies management" );
}
-sub display_modpolicy {
+sub display_modpolicy
+{
- $MODPOLICY = 1;
+ $MODPOLICY = 1;
- select_policy("LdapNS modify policy");
+ select_policy( "LdapNS modify policy" );
- my $modpolicy = $session->param('modpolicy');
- my $IM = $modpolicy->{'IM'};
- my $policy = $modpolicy->{'policy'};
- my $infos = $modpolicy->{'infos'};
- my $deloptions;
- my $addoptions;
- my $type = 'select';
+ my $modpolicy = $session->param( 'modpolicy' );
+ my $IM = $modpolicy->{'IM'};
+ my $policy = $modpolicy->{'policy'};
+ my $infos = $modpolicy->{'infos'};
+ my $deloptions;
+ my $addoptions;
+ my $type = 'select';
- my $add = {};
- my $del = {};
+ my $add = {};
+ my $del = {};
- my $jsfunc = <<'EOJS';
+ my $jsfunc = <<'EOJS';
// skip on back
if (form._submitted_value.value == 'Back') {
return true;
@@ -3322,681 +3441,617 @@ sub display_modpolicy {
}
EOJS
- my $validate = {
- 'IM' => 'IM',
- 'policy' => 'PPOLICYDN',
- description => 'DESCRIPTION',
- };
-
- my $fields = [qw(_submitted_value IM description)];
- my $pwdconstraint_fields = [];
- my @keys = keys(%{$SNET::LdapNS::pwdPolicyAttributes});
- foreach my $k (sort { $a cmp $b } @keys) {
- next if ($k =~ m/checkmodule|constraint.*length|constraintcheckquality/i);
- if ($k =~ m/pwdconstraint/i) {
- if ($k =~ m/quality/i) {
- unshift(@{$pwdconstraint_fields}, $k);
- }
- else {
- push(@{$pwdconstraint_fields}, $k);
- }
- }
- else {
- push(@{$fields}, $k);
- }
- $validate->{$k} = $CGI::FormBuilder::Field::VALIDATE{$k};
- }
- push(@{$fields}, @{$pwdconstraint_fields});
-
- my $form = CGI::FormBuilder->new(
- name => 'ldapns_modpolicy_form',
- header => 0,
- stylesheet => 1,
- styleclass => 'ldapns_fb',
- text => "Modify policy",
- fields => $fields,
- template => $templatedir.'/modpolicy.tmpl',
- method => 'post',
- javascript => 1,
- sticky => 1,
- jsfunc => $jsfunc,
- required => [qw(IM policy)],
- validate => $validate,
- );
-
- $form->field(
- name => '_submitted_value',
- type => 'hidden',
- );
-
- if ($form->submitted eq 'Back') {
- delete($modpolicy->{'policy'});
- $session->param('modpolicy', $modpolicy);
- redirect('?tab=ppolicies&action=modpolicy');
- }
-
- if ($form->submitted eq 'Cancel') {
- $session->param('error', 'modify operation cancelled');
- $session->clear(['modpolicy']);
- display_blank("LdapNS modify policies");
- }
-
- $form->field(
- name => 'IM',
- value => $IM,
- disabled => 1,
- );
- $form->field(
- name => 'policy',
- value => $policy,
- disabled => 1,
- );
-
- $form->field(
- name => 'description',
- comment => 'optional',
- );
- $form->field(name => 'description', value => $infos->{'description'})
- if defined($infos->{'description'});
-
- foreach my $k (@{$fields}) {
-
- next unless (defined($SNET::LdapNS::pwdPolicyAttributes->{$k}));
- my $type = ${$SNET::LdapNS::pwdPolicyAttributes->{$k}}[0];
-
- my $val = (defined($infos->{$k}) ? ${$infos->{$k}}[0] : 0);
- $form->tmpl_param('if_'.$k, 1);
-
- if ($type eq 'bool') {
- $form->field(
- name => $k,
- comment => ${$SNET::LdapNS::pwdPolicyAttributes->{$k}}[1],
- type => 'checkbox',
- options => 'true',
- );
- if ($form->submitted ne 'Modify') {
- $form->field(name => $k, value => 'true') if ("$val" =~ m/true/i);
- }
- }
- elsif ($type eq 'extbool') {
- $form->field(
- name => $k,
- comment => ${$SNET::LdapNS::pwdPolicyAttributes->{$k}}[1],
- type => 'checkbox',
- options => 'strict',
- );
- if ($form->submitted ne 'Modify') {
- $form->field(name => $k, value => 'strict') if ($val > 0);
- }
- }
- elsif ($type eq 'nbool') {
- $form->field(
- name => $k,
- comment => ${$SNET::LdapNS::pwdPolicyAttributes->{$k}}[1],
- type => 'checkbox',
- options => 'counted',
- );
- if ($form->submitted ne 'Modify') {
- $form->field(name => $k, value => 'counted') if ($val > 0);
- }
+ my $validate = {
+ 'IM' => 'IM',
+ 'policy' => 'PPOLICYDN',
+ description => 'DESCRIPTION',
+ };
+
+ my $fields = [qw(_submitted_value IM description)];
+ my $pwdconstraint_fields = [];
+ my @keys = keys( %{$SNET::LdapNS::pwdPolicyAttributes} );
+ foreach my $k ( sort { $a cmp $b } @keys ) {
+ next if ( $k =~ m/checkmodule|constraint.*length|constraintcheckquality/i );
+ if ( $k =~ m/pwdconstraint/i ) {
+ if ( $k =~ m/quality/i ) {
+ unshift( @{$pwdconstraint_fields}, $k );
+ } else {
+ push( @{$pwdconstraint_fields}, $k );
+ }
+ } else {
+ push( @{$fields}, $k );
+ }
+ $validate->{$k} = $CGI::FormBuilder::Field::VALIDATE{$k};
+ }
+ push( @{$fields}, @{$pwdconstraint_fields} );
+
+ my $form = CGI::FormBuilder->new(
+ name => 'ldapns_modpolicy_form',
+ header => 0,
+ stylesheet => 1,
+ styleclass => 'ldapns_fb',
+ text => "Modify policy",
+ fields => $fields,
+ template => $templatedir . '/modpolicy.tmpl',
+ method => 'post',
+ javascript => 1,
+ sticky => 1,
+ jsfunc => $jsfunc,
+ required => [qw(IM policy)],
+ validate => $validate,
+ );
+
+ $form->field( name => '_submitted_value',
+ type => 'hidden', );
+
+ if ( $form->submitted eq 'Back' ) {
+ delete( $modpolicy->{'policy'} );
+ $session->param( 'modpolicy', $modpolicy );
+ redirect( '?tab=ppolicies&action=modpolicy' );
}
- else {
- $form->field(
- name => $k,
- comment => ${$SNET::LdapNS::pwdPolicyAttributes->{$k}}[1],
- );
- if ($form->submitted ne 'Modify') {
- $form->field(name => $k, value => $val);
- }
+
+ if ( $form->submitted eq 'Cancel' ) {
+ $session->param( 'error', 'modify operation cancelled' );
+ $session->clear( ['modpolicy'] );
+ display_blank( "LdapNS modify policies" );
}
- $form->field(name => $k, disabled => ($form->submitted eq 'Modify'));
- }
- if ($form->submitted eq 'Modify') {
+ $form->field(
+ name => 'IM',
+ value => $IM,
+ disabled => 1,
+ );
+ $form->field(
+ name => 'policy',
+ value => $policy,
+ disabled => 1,
+ );
+
+ $form->field( name => 'description',
+ comment => 'optional', );
+ $form->field( name => 'description', value => $infos->{'description'} )
+ if defined( $infos->{'description'} );
+
+ foreach my $k ( @{$fields} ) {
- foreach my $k (@{$fields}) {
+ next unless ( defined( $SNET::LdapNS::pwdPolicyAttributes->{$k} ) );
+ my $type = ${ $SNET::LdapNS::pwdPolicyAttributes->{$k} }[0];
- next if ($k eq '_submitted_value');
- next if ($k eq 'IM');
- next if ($k eq 'policy');
+ my $val = ( defined( $infos->{$k} ) ? ${ $infos->{$k} }[0] : 0 );
+ $form->tmpl_param( 'if_' . $k, 1 );
- if ($k eq 'description') {
- my $v = $form->field(name => $k) || undef;
- if (defined($v)) {
- $add->{$k} = $v;
+ if ( $type eq 'bool' ) {
+ $form->field(
+ name => $k,
+ comment => ${ $SNET::LdapNS::pwdPolicyAttributes->{$k} }[1],
+ type => 'checkbox',
+ options => 'true',
+ );
+ if ( $form->submitted ne 'Modify' ) {
+ $form->field( name => $k, value => 'true' ) if ( "$val" =~ m/true/i );
+ }
+ } elsif ( $type eq 'extbool' ) {
+ $form->field(
+ name => $k,
+ comment => ${ $SNET::LdapNS::pwdPolicyAttributes->{$k} }[1],
+ type => 'checkbox',
+ options => 'strict',
+ );
+ if ( $form->submitted ne 'Modify' ) {
+ $form->field( name => $k, value => 'strict' ) if ( $val > 0 );
+ }
+ } elsif ( $type eq 'nbool' ) {
+ $form->field(
+ name => $k,
+ comment => ${ $SNET::LdapNS::pwdPolicyAttributes->{$k} }[1],
+ type => 'checkbox',
+ options => 'counted',
+ );
+ if ( $form->submitted ne 'Modify' ) {
+ $form->field( name => $k, value => 'counted' ) if ( $val > 0 );
+ }
+ } else {
+ $form->field( name => $k,
+ comment => ${ $SNET::LdapNS::pwdPolicyAttributes->{$k} }[1], );
+ if ( $form->submitted ne 'Modify' ) {
+ $form->field( name => $k, value => $val );
+ }
}
- else {
- $del->{$k}++;
+ $form->field( name => $k, disabled => ( $form->submitted eq 'Modify' ) );
+ }
+
+ if ( $form->submitted eq 'Modify' ) {
+
+ foreach my $k ( @{$fields} ) {
+
+ next if ( $k eq '_submitted_value' );
+ next if ( $k eq 'IM' );
+ next if ( $k eq 'policy' );
+
+ if ( $k eq 'description' ) {
+ my $v = $form->field( name => $k ) || undef;
+ if ( defined( $v ) ) {
+ $add->{$k} = $v;
+ } else {
+ $del->{$k}++;
+ }
+ next;
+ } elsif ( $k =~ m/pwdCheckQuality/i ) {
+ my $checkquality = $form->field( name => $k ) || undef;
+ if ( defined( $checkquality ) ) {
+ $add->{'pwdConstraintCheckQuality'} = 2;
+ } else {
+ $del->{'pwdConstraintCheckQuality'}++;
+ }
+ }
+
+ next unless ( defined( $SNET::LdapNS::pwdPolicyAttributes->{$k} ) );
+
+ my $v = $form->field( name => $k ) || undef;
+ if ( !defined( $v ) ) {
+ $del->{$k}++;
+ $form->tmpl_param( 'if_' . $k, 0 );
+ next;
+ }
+
+ $form->tmpl_param( 'if_' . $k, 1 );
+ my $type = ${ $SNET::LdapNS::pwdPolicyAttributes->{$k} }[0];
+
+ if ( $type eq 'bool' ) {
+ $add->{$k} = ( ( $v =~ m/true/i ) ? 'TRUE' : 'FALSE' );
+ } elsif ( $type eq 'extbool' ) {
+ $add->{$k} = 2;
+ } elsif ( $type eq 'nbool' ) {
+ $add->{$k} = 1;
+ } else {
+ $add->{$k} = $v;
+ }
+
}
- next;
- }
- elsif ($k =~ m/pwdCheckQuality/i) {
- my $checkquality = $form->field(name => $k) || undef;
- if (defined($checkquality)) {
- $add->{'pwdConstraintCheckQuality'} = 2;
+
+ $modpolicy->{'add'} = $add;
+ $modpolicy->{'del'} = $del;
+
+ $form->tmpl_param( 'submit1' => 'Cancel' );
+ $form->tmpl_param( 'submit2' => 'Confirm' );
+
+ } elsif ( $form->submitted eq 'Confirm' ) {
+
+ my $entry;
+
+ eval {
+
+ reconnect_ldap_snmc;
+
+ SNET::LdapNS::updatePwdPolicy( $ldap_snmc->{'label'}, $IM, $policy, $modpolicy->{'add'}, $modpolicy->{'del'}, ) or die SNET::LdapNS::error( $ldap_snmc->{'label'} );
+
+ $session->param( 'message', 'policy modification successful' );
+ $session->clear( [qw(modpolicy pwdPolicies)] );
+
+ $entry = SNET::LdapNS::getPwdPolicy( $ldap_snmc->{'label'}, $policy, );
+
+ };
+ if ( $@ ) {
+ $session->param( 'error', $@ );
}
- else {
- $del->{'pwdConstraintCheckQuality'}++;
+ reset_actions;
+ if ( defined( $entry ) ) {
+ print_ns_headers( "LdapNS modify policies" );
+ render_ppolicyinfos( $entry, 1 );
+ print_ns_footers;
+ } else {
+ display_blank( "LdapNS modify policies" );
}
- }
- next unless (defined($SNET::LdapNS::pwdPolicyAttributes->{$k}));
+ } else {
+ $form->tmpl_param( 'submit1' => 'Back' );
+ $form->tmpl_param( 'submit2' => 'Modify' );
+ }
- my $v = $form->field(name => $k) || undef;
- if (!defined($v)) {
- $del->{$k}++;
- $form->tmpl_param('if_'.$k, 0);
- next;
- }
+ print_ns_headers( "LdapNS modify policies" );
+ print $form->render();
+ print_ns_footers;
- $form->tmpl_param('if_'.$k, 1);
- my $type = ${$SNET::LdapNS::pwdPolicyAttributes->{$k}}[0];
+}
- if ($type eq 'bool') {
- $add->{$k} = (($v =~ m/true/i) ? 'TRUE' : 'FALSE');
- }
- elsif ($type eq 'extbool') {
- $add->{$k} = 2;
- }
- elsif ($type eq 'nbool') {
- $add->{$k} = 1;
- }
- else {
- $add->{$k} = $v;
- }
+sub display_policyinfos
+{
- }
+ $POLICYINFOS = 1;
- $modpolicy->{'add'} = $add;
- $modpolicy->{'del'} = $del;
+ refresh_ppolicy;
- $form->tmpl_param('submit1' => 'Cancel');
- $form->tmpl_param('submit2' => 'Confirm');
+ my $policyInfos;
+ my $options = {};
- }
- elsif ($form->submitted eq 'Confirm') {
+ my $validate = { policy => 'PPOLICYDN', };
- my $entry;
+ my $form = CGI::FormBuilder->new(
+ name => 'ldapns_policyinfos_form',
+ header => 0,
+ stylesheet => 1,
+ styleclass => 'ldapns_fb',
+ text => 'Display ppolicy',
+ fields => [qw(policy audit)],
+ template => $templatedir . '/selectppolicy.tmpl',
+ method => 'post',
+ javascript => 1,
+ validate => $validate,
+ required => 'policy',
+ submit => 'Display',
+ );
- eval {
+ my $pwdPolicies = $session->param( 'pwdPolicies' );
+ while ( my ( $dn, $values ) = each( %{$pwdPolicies} ) ) {
+ my $did = ${ $values->{'documentidentifier'} }[0];
+ if ( defined( $values->{'description'} )
+ && scalar( @{ $values->{'description'} } ) ) {
+ $options->{$dn} = $did . ' - ' . ${ $values->{'description'} }[0];
+ } else {
+ $options->{$dn} = $did;
+ }
+ }
- reconnect_ldap_snmc;
+ if ( $form->submitted eq 'Display' ) {
+ eval {
+ die 'invalid parameters' unless $form->validate;
+ my @dids = $form->field( name => 'policy' );
+ die 'You must select at least one policy' unless ( scalar( @dids ) > 0 );
- SNET::LdapNS::updatePwdPolicy(
- $ldap_snmc->{'label'},
- $IM,
- $policy,
- $modpolicy->{'add'},
- $modpolicy->{'del'},
- ) or die SNET::LdapNS::error($ldap_snmc->{'label'});
+ map { die "invalid policy `$_'" unless defined( $options->{$_} ) } @dids;
- $session->param('message', 'policy modification successful');
- $session->clear([qw(modpolicy pwdPolicies)]);
+ reconnect_ldap_snmc;
- $entry = SNET::LdapNS::getPwdPolicy(
- $ldap_snmc->{'label'},
- $policy,
- );
+ foreach my $did ( @dids ) {
+ my $infos = SNET::LdapNS::getPwdPolicy( $ldap_snmc->{'label'}, $did );
+ while ( my ( $k, $v ) = each( %{$infos} ) ) {
+ $policyInfos->{$k} = $v;
+ }
+ }
- };
- if ($@) {
- $session->param('error', $@);
- }
- reset_actions;
- if (defined($entry)) {
- print_ns_headers("LdapNS modify policies");
- render_ppolicyinfos($entry, 1);
- print_ns_footers;
- }
- else {
- display_blank("LdapNS modify policies");
+ };
+ if ( $@ ) {
+ $session->param( 'error', $@ );
+ undef $policyInfos;
+ }
}
- }
- else {
- $form->tmpl_param('submit1' => 'Back');
- $form->tmpl_param('submit2' => 'Modify');
- }
+ $form->field(
+ name => 'audit',
+ type => 'checkbox',
+ comment => 'Display auditInformation?',
+ options => 'yes',
+ selected => 0,
+ );
+
+ $form->field(
+ name => 'policy',
+ options => $options,
+ sortopts => 'NAME',
+ type => 'select',
+ size => getsize_multipleselect( $options ),
+ multiple => 1,
+ );
- print_ns_headers("LdapNS modify policies");
- print $form->render();
- print_ns_footers;
+ my $audit = ( defined( $form->field( name => 'audit' ) ) );
+
+ print_ns_headers( "LdapNS display password policies" );
+ print $form->render;
+ render_ppolicyinfos( $policyInfos, $audit ) if defined( $policyInfos );
+ print_ns_footers;
}
-sub display_policyinfos {
-
- $POLICYINFOS = 1;
-
- refresh_ppolicy;
-
- my $policyInfos;
- my $options = {};
-
- my $validate = {
- policy => 'PPOLICYDN',
- };
-
- my $form = CGI::FormBuilder->new(
- name => 'ldapns_policyinfos_form',
- header => 0,
- stylesheet => 1,
- styleclass => 'ldapns_fb',
- text => 'Display ppolicy',
- fields => [qw(policy audit)],
- template => $templatedir.'/selectppolicy.tmpl',
- method => 'post',
- javascript => 1,
- validate => $validate,
- required => 'policy',
- submit => 'Display',
- );
-
- my $pwdPolicies = $session->param('pwdPolicies');
- while (my ($dn, $values) = each (%{$pwdPolicies})) {
- my $did = ${$values->{'documentidentifier'}}[0];
- if (
- defined($values->{'description'})
- &&
- scalar(@{$values->{'description'}})
- ) {
- $options->{$dn} = $did.' - '.${$values->{'description'}}[0];
- }
- else {
- $options->{$dn} = $did;
- }
- }
-
- if ($form->submitted eq 'Display') {
- eval {
- die 'invalid parameters' unless $form->validate;
- my @dids = $form->field(name => 'policy');
- die 'You must select at least one policy' unless (scalar(@dids) > 0);
+sub display_policies
+{
- map { die "invalid policy `$_'" unless defined($options->{$_}) } @dids;
+ print STDERR "ldap_NS.pl: entering display_policies\n" if ( $debug > 2 );
- reconnect_ldap_snmc;
+ if ( defined( $params->{'action'} ) ) {
+ if ( $params->{'action'} eq 'modpolicy' ) {
+ $session->param( 'action', 'modpolicy' );
+ } elsif ( $params->{'action'} eq 'delpolicy' ) {
+ $session->param( 'action', 'delpolicy' );
+ } elsif ( $params->{'action'} eq 'addpolicy' ) {
+ $session->param( 'action', 'addpolicy' );
+ } elsif ( $params->{'action'} eq 'policyinfos' ) {
+ $session->param( 'action', 'policyinfos' );
+ }
+ }
- foreach my $did (@dids) {
- my $infos = SNET::LdapNS::getPwdPolicy(
- $ldap_snmc->{'label'},
- $did
- );
- while (my ($k, $v) = each (%{$infos})) {
- $policyInfos->{$k} = $v;
+ if ( defined( $session->param( 'action' ) ) ) {
+ if ( $session->param( 'action' ) eq 'addpolicy' ) {
+ display_addpolicy;
+ } elsif ( $session->param( 'action' ) eq 'delpolicy' ) {
+ display_delpolicy;
+ } elsif ( $session->param( 'action' ) eq 'modpolicy' ) {
+ display_modpolicy;
+ } elsif ( $session->param( 'action' ) eq 'policyinfos' ) {
+ display_policyinfos;
+ } else {
+ $session->clear( ['action'] );
}
- }
+ }
- };
- if ($@) {
- $session->param('error', $@);
- undef $policyInfos;
- }
- }
-
- $form->field(
- name => 'audit',
- type => 'checkbox',
- comment => 'Display auditInformation?',
- options => 'yes',
- selected => 0,
- );
-
- $form->field(
- name => 'policy',
- options => $options,
- sortopts => 'NAME',
- type => 'select',
- size => getsize_multipleselect($options),
- multiple => 1,
- );
-
- my $audit = (
- defined($form->field(name => 'audit'))
- );
-
- print_ns_headers("LdapNS display password policies");
- print $form->render;
- render_ppolicyinfos($policyInfos, $audit) if defined($policyInfos);
- print_ns_footers;
+ display_blank( "LdapNS passwords policies management" );
}
-sub display_policies {
-
- print STDERR "ldap_NS.pl: entering display_policies\n" if ($debug >2);
+sub display_homepage
+{
- if (defined($params->{'action'})) {
- if ($params->{'action'} eq 'modpolicy') {
- $session->param('action','modpolicy');
- }
- elsif ($params->{'action'} eq 'delpolicy') {
- $session->param('action','delpolicy');
- }
- elsif ($params->{'action'} eq 'addpolicy') {
- $session->param('action','addpolicy');
- }
- elsif ($params->{'action'} eq 'policyinfos') {
- $session->param('action','policyinfos');
- }
- }
-
- if (defined($session->param('action'))) {
- if ($session->param('action') eq 'addpolicy') {
- display_addpolicy;
- }
- elsif ($session->param('action') eq 'delpolicy') {
- display_delpolicy;
- }
- elsif ($session->param('action') eq 'modpolicy') {
- display_modpolicy;
- }
- elsif ($session->param('action') eq 'policyinfos') {
- display_policyinfos;
+ print STDERR "ldap_NS.pl: entering display_homepage\n" if ( $debug > 2 );
+
+ if ( defined( $params->{'action'} ) ) {
+ if ( $params->{'action'} eq 'passwd' ) {
+ $session->param( 'action', 'passwd' );
+ } elsif ( $params->{'action'} eq 'info' ) {
+ $session->param( 'action', 'info' );
+ }
}
- else {
- $session->clear(['action']);
+
+ if ( defined( $session->param( 'action' ) ) ) {
+ if ( $session->param( 'action' ) eq 'passwd' ) {
+ display_passwd;
+ } elsif ( $session->param( 'action' ) eq 'info' ) {
+ $INFO = 1;
+ print_ns_headers( "LdapNS homepage" );
+ render_userinfos( $session->param( 'userInfos' ) );
+ print_ns_footers;
+ } else {
+ $session->clear( ['action'] );
+ }
}
- }
- display_blank("LdapNS passwords policies management");
+ display_blank( "LdapNS homepage" );
}
-sub display_homepage {
-
- print STDERR "ldap_NS.pl: entering display_homepage\n" if ($debug >2);
+sub dispatch
+{
- if (defined($params->{'action'})) {
- if ($params->{'action'} eq 'passwd') {
- $session->param('action','passwd');
- }
- elsif ($params->{'action'} eq 'info') {
- $session->param('action','info');
- }
- }
+ print STDERR "ldap_NS.pl: entering dispatch\n" if ( $debug > 2 );
- if (defined($session->param('action'))) {
- if ($session->param('action') eq 'passwd') {
- display_passwd;
- }
- elsif ($session->param('action') eq 'info') {
- $INFO=1;
- print_ns_headers("LdapNS homepage");
- render_userinfos($session->param('userInfos'));
- print_ns_footers;
+ $session->expire( '+1h' );
+ $LOGIN = 0;
+
+ $isAdmin = $session->param( 'isAdmin' );
+ $debug = 2 if ( ( $isAdmin ) && ( $debug < 2 ) );
+
+ if ( defined( $params->{'tab'} ) ) {
+ $session->param( 'tab', $params->{'tab'} );
}
- else {
- $session->clear(['action']);
+
+ if ( defined( $session->param( 'tab' ) ) ) {
+
+ if ( $session->param( 'tab' ) eq 'users' ) {
+ $TAB_USERS = 1;
+ display_users;
+ } elsif ( $session->param( 'tab' ) eq 'groups' ) {
+ $TAB_GROUPS = 1;
+ display_groups;
+ } elsif ( $session->param( 'tab' ) eq 'ppolicies' ) {
+ $TAB_POLICY = 1;
+ display_policies;
+ } elsif ( $session->param( 'tab' ) eq 'home' ) {
+ $TAB_HOME = 1;
+ display_homepage;
+ }
+
}
- }
- display_blank("LdapNS homepage");
+ display_blank( "LdapNS homage" );
}
-sub dispatch {
+sub display_login
+{
+
+ $LOGIN = 1;
+
+ my $form = CGI::FormBuilder->new(
+ name => 'ldapns_login_form',
+ header => 0,
+ stylesheet => 1,
+ styleclass => 'ldapns_fb',
+ text => 'Sign in',
+ fields => [qw(uid password action)],
+ template => $templatedir . '/login.tmpl',
+ method => 'post',
+ required => 'ALL',
+ sticky => 1,
+ submit => 'Sign-up',
+ );
+ $form->field(
+ name => 'password',
+ type => 'password',
+ label => 'password',
+ );
+ $form->field(
+ name => 'uid',
+ label => 'login',
+ comment => 'uid of full dn',
+ );
+ $form->field(
+ name => 'action',
+ type => 'hidden',
+ value => 'login'
+ );
+
+ if ( defined( $session ) ) {
+ if ( defined( $session->param( 'user' ) ) ) {
+ $form->field( name => 'uid',
+ value => $session->param( 'user' ), );
+ }
+ }
+
+ if ( $form->submitted ) {
- print STDERR "ldap_NS.pl: entering dispatch\n" if ($debug >2);
+ eval {
- $session->expire('+1h');
- $LOGIN = 0;
+ die "missing required field `login'" unless ( defined( $form->field( name => 'uid' ) ) && ( length( $form->field( name => 'uid' ) ) > 0 ) );
+ $ldap_snmc->{'user'} = $form->field( name => 'uid' );
- $isAdmin = $session->param('isAdmin');
- $debug = 2 if (($isAdmin) && ($debug < 2));
+ die "missing required field `password'" unless ( defined( $form->field( name => 'password' ) ) && ( length( $form->field( name => 'password' ) ) > 0 ) );
+ $ldap_snmc->{'password'} = $form->field( name => 'password' );
- if (defined($params->{'tab'})) {
- $session->param('tab', $params->{'tab'});
- }
+ die 'invalid or missing parameters' unless $form->validate();
- if (defined($session->param('tab'))) {
+ connect_ldap_snmc( $ldap_snmc->{'user'}, $ldap_snmc->{'password'}, 0 );
- if ($session->param('tab') eq 'users') {
- $TAB_USERS = 1;
- display_users;
- }
- elsif ($session->param('tab') eq 'groups') {
- $TAB_GROUPS = 1;
- display_groups;
- }
- elsif ($session->param('tab') eq 'ppolicies') {
- $TAB_POLICY = 1;
- display_policies;
- }
- elsif ($session->param('tab') eq 'home') {
- $TAB_HOME = 1;
- display_homepage;
+ };
+ if ( $@ ) {
+ $error = $@;
+ } else {
+ dispatch();
+ }
}
- }
+ $key = CGI::Session::ID::md5::generate_id();
- display_blank("LdapNS homage");
+ print_ns_headers( "LdapNS authentication" );
+ parse_messages;
+ $form->tmpl_param( 'error' => defined( $error ) );
+ $form->tmpl_param( 'error_msg' => $error );
+ print $form->render( sticky => ( $form->submitted ? 1 : 0 ) );
+ print_ns_footers;
}
-sub display_login {
-
- $LOGIN = 1;
-
- my $form = CGI::FormBuilder->new(
- name => 'ldapns_login_form',
- header => 0,
- stylesheet => 1,
- styleclass => 'ldapns_fb',
- text => 'Sign in',
- fields => [qw(uid password action)],
- template => $templatedir.'/login.tmpl',
- method => 'post',
- required => 'ALL',
- sticky => 1,
- submit => 'Sign-up',
- );
- $form->field(
- name => 'password',
- type => 'password',
- label => 'password',
- );
- $form->field(
- name => 'uid',
- label => 'login',
- comment => 'uid of full dn',
- );
- $form->field(
- name => 'action',
- type => 'hidden',
- value => 'login'
- );
-
- if (defined($session)) {
- if (defined($session->param('user'))) {
- $form->field(
- name => 'uid',
- value => $session->param('user'),
- );
- }
- }
-
- if ($form->submitted) {
+sub check_remote_infos
+{
eval {
- die "missing required field `login'" unless (
- defined($form->field(name => 'uid')) && (length($form->field(name => 'uid')) > 0)
- );
- $ldap_snmc->{'user'} = $form->field(name => 'uid');
+ die 'Unauthorized access from unknown source' unless ( defined( $ENV{'REMOTE_ADDR'} ) && defined( $ENV{"HTTP_AUTHUSER"} ) );
+
+ my $remote_addr = $ENV{'REMOTE_ADDR'};
+ $audit_user = $ENV{"HTTP_AUTHUSER"};
- die "missing required field `password'" unless (
- defined($form->field(name => 'password')) && (length($form->field(name => 'password')) > 0)
- );
- $ldap_snmc->{'password'} = $form->field(name => 'password');
+ my $auth_ok = 0;
- die 'invalid or missing parameters' unless $form->validate();
+ foreach my $auth_ip ( @{$authorized_ip} ) {
+ $auth_ok = 1, last if ( $auth_ip eq $remote_addr );
+ }
- connect_ldap_snmc($ldap_snmc->{'user'}, $ldap_snmc->{'password'}, 0);
+ die "Unauthorized access from `$remote_addr'" unless $auth_ok;
- };
- if ($@) {
- $error = $@;
- }
- else {
- dispatch();
- }
- }
+ my $client_ip = $ENV{'HTTP_CLIENT_IP'};
+ $ENV{'REMOTE_ADDR'} = $client_ip, return if ( defined( $client_ip ) );
- $key = CGI::Session::ID::md5::generate_id();
+ my $x_forwarded_for = $ENV{'HTTP_X_FORWARDED_FOR'};
+ $ENV{'REMOTE_ADDR'} = $x_forwarded_for, return if ( defined( $x_forwarded_for ) );
- print_ns_headers("LdapNS authentication");
- parse_messages;
- $form->tmpl_param('error' => defined($error));
- $form->tmpl_param('error_msg' => $error);
- print $form->render(sticky => ($form->submitted ? 1 : 0));
- print_ns_footers;
+ };
+ if ( $@ ) {
+ $error = $@;
+ display_login;
+ }
}
-sub check_remote_infos {
-
- eval {
+eval {
- die 'Unauthorized access from unknown source' unless (
- defined($ENV{'REMOTE_ADDR'}) && defined($ENV{"HTTP_AUTHUSER"})
- );
+ $cgi = CGI->new;
+ $params = $cgi->Vars;
- my $remote_addr = $ENV{'REMOTE_ADDR'};
- $audit_user = $ENV{"HTTP_AUTHUSER"};
+ if ( $debug > 2 ) {
- my $auth_ok = 0;
+ foreach my $hash ( \%ENV, $params ) {
+ while ( my ( $k, $v ) = each( %{$hash} ) ) {
+ $v =~ s/./*/g if ( $k =~ m/password|old|new|repeat/ );
+ print STDERR 'ldap_NS.pl: ' . $k . ', ' . $v . "\n";
+ }
+ }
- foreach my $auth_ip (@{$authorized_ip}) {
- $auth_ok = 1, last if ($auth_ip eq $remote_addr);
}
- die "Unauthorized access from `$remote_addr'" unless $auth_ok;
-
- my $client_ip = $ENV{'HTTP_CLIENT_IP'};
- $ENV{'REMOTE_ADDR'} = $client_ip, return if (defined($client_ip));
+ check_remote_infos;
- my $x_forwarded_for = $ENV{'HTTP_X_FORWARDED_FOR'};
- $ENV{'REMOTE_ADDR'} = $x_forwarded_for, return if (defined($x_forwarded_for));
+ my $hash = {};
+ if ( defined( $cgi->cookie( "SESSION_ID" ) ) ) {
+ $hash->{'sid'} = $cgi->cookie( "SESSION_ID" );
+ }
+ if ( defined( $cgi->cookie( "SESSION_KEY" ) ) ) {
+ $hash->{'key'} = $cgi->cookie( "SESSION_KEY" );
+ }
+ my $handler = CGI::Untaint->new( $hash );
- };
- if ($@) {
- $error = $@;
- display_login;
- }
+ # no key = no session at all
+ $key = $handler->extract( -as_printable => 'key' );
+ display_login unless defined( $key );
-}
+ # sid is created after successful connection to ldap
+ $sid = $handler->extract( -as_printable => 'sid' );
+ display_login unless defined( $sid );
-eval {
+ # we must load the session before checking logout
+ # for cleaning purpose
+ $session = CGI::Session->load( 'driver:File', $sid, { 'Directory' => $sessiondir } ) or die CGI::Session->errstr;
- $cgi = CGI->new;
- $params = $cgi->Vars;
+ if ( defined( $params->{'logout'} ) ) {
+ $error = 'You have been logged out' unless ( $session->is_empty );
+ $session->delete();
+ undef $session;
+ display_login;
+ }
- if ($debug > 2) {
+ if ( $session->is_expired ) {
+ $session->delete();
+ undef $session;
+ $error = 'Your session is no longer valid';
+ display_login;
+ }
- foreach my $hash (\%ENV, $params) {
- while (my ($k, $v) = each (%{$hash})) {
- $v =~ s/./*/g if ($k =~ m/password|old|new|repeat/);
- print STDERR 'ldap_NS.pl: '.$k.', '.$v."\n";
- }
+ # session is empty in 2 cases:
+ # - cookies sent by ua are plain wrong
+ # - user is relogin after logout, thus is sending
+ # expired cookies
+ if ( $session->is_empty ) {
+ $error = 'Invalid empty session';
+ $session->delete();
+ undef $session;
+ display_login;
}
-
- }
-
- check_remote_infos;
-
- my $hash = {};
- if (defined($cgi->cookie("SESSION_ID"))) {
- $hash->{'sid'} = $cgi->cookie("SESSION_ID");
- }
- if (defined($cgi->cookie("SESSION_KEY"))) {
- $hash->{'key'} = $cgi->cookie("SESSION_KEY");
- }
- my $handler = CGI::Untaint->new($hash);
-
- # no key = no session at all
- $key = $handler->extract(-as_printable => 'key');
- display_login unless defined($key);
-
- # sid is created after successful connection to ldap
- $sid = $handler->extract(-as_printable => 'sid');
- display_login unless defined($sid);
-
- # we must load the session before checking logout
- # for cleaning purpose
- $session = CGI::Session->load(
- 'driver:File',
- $sid,
- {'Directory' => $sessiondir}
- ) or die CGI::Session->errstr;
-
- if (defined($params->{'logout'})) {
- $error = 'You have been logged out' unless ($session->is_empty);
- $session->delete();
- undef $session;
- display_login;
- }
- if ($session->is_expired) {
- $session->delete();
- undef $session;
- $error = 'Your session is no longer valid';
- display_login;
- }
-
- # session is empty in 2 cases:
- # - cookies sent by ua are plain wrong
- # - user is relogin after logout, thus is sending
- # expired cookies
- if ($session->is_empty) {
- $error = 'Invalid empty session';
- $session->delete();
- undef $session;
- display_login;
- }
-
- # from here we should have a valid session object
- $userMustChange = $session->param('userMustChange');
-
- if (defined($session->param('userInfos'))) {
- $session->expires('userInfos', '+15m');
- }
- elsif ($userMustChange) {
- display_passwd;
- }
- else {
- $session->param('error', 'Your session has expired') if (
- defined($session->param('isAdmin'))
- );
- display_login;
- }
+ # from here we should have a valid session object
+ $userMustChange = $session->param( 'userMustChange' );
+
+ if ( defined( $session->param( 'userInfos' ) ) ) {
+ $session->expires( 'userInfos', '+15m' );
+ } elsif ( $userMustChange ) {
+ display_passwd;
+ } else {
+ $session->param( 'error', 'Your session has expired' ) if ( defined( $session->param( 'isAdmin' ) ) );
+ display_login;
+ }
- dispatch();
+ dispatch();
};
-if ($@) {
- print STDERR 'ldap_NS.pl: '.$@."\n";
+if ( $@ ) {
+ print STDERR 'ldap_NS.pl: ' . $@ . "\n";
}
exit 0;
END {
- if (defined($session)) {
- $session->flush();
- }
- CGI::Session->find(
- 'driver:File',
- sub {
- my ($session) = @_;
- my $id = $session->id();
- if ($session->is_expired) {
- print STDERR "cleaning expired session `$id'\n" if (defined($id));
- $session->delete();
- }
- },
- {'Directory' => $sessiondir}
- );
+ if ( defined( $session ) ) {
+ $session->flush();
+ }
+ CGI::Session->find(
+ 'driver:File',
+ sub {
+ my ( $session ) = @_;
+ my $id = $session->id();
+ if ( $session->is_expired ) {
+ print STDERR "cleaning expired session `$id'\n" if ( defined( $id ) );
+ $session->delete();
+ }
+ },
+ { 'Directory' => $sessiondir }
+ );
}