diff --git a/ldap_NS.pl b/ldap_NS.pl
index 45ae2d3eb27e233f14221c376d2a37de50dd3f8e..6ecbdb14ffb3c045e82f2ad7ab6a82814425c0a9 100755
--- a/ldap_NS.pl
+++ b/ldap_NS.pl
@@ -80,7 +80,7 @@ INIT {
# turn on/off debug
# if isAdmin is set, will be automatically set to 2
- $debug = 2;
+ $debug = 4;
$mod_synchro = 1;
@@ -671,18 +671,20 @@ sub decode_sessionauth {
}
-sub connect_ldap_snmc($$;$) {
+sub connect_ldap_snmc($$$) {
- my ($user, $password, $debug) = @_;
+ my ($user, $password, $isAdmin) = @_;
# overwrite debug for admin
- $ldap_snmc->{'debug'} = int($debug) if (defined($debug));
+ $ldap_snmc->{'debug'} = $isAdmin;
return if ($connected);
$ldap_snmc->{'user'} = $user;
$ldap_snmc->{'password'} = $password;
+ print STDERR "ldap_NS.pl: creating connection to ".$ldap_snmc->{'server'}." ...\n" if ($debug >2);
+
my $pp = SNET::LdapNS::ldapns_bind(
$ldap_snmc->{'server'},
$ldap_snmc->{'user'},
@@ -693,6 +695,8 @@ sub connect_ldap_snmc($$;$) {
$ldap_snmc->{'debug'},
$ldap_snmc->{'verbose'}
);
+
+ print STDERR "ldap_NS.pl: connection established\n" if ($debug >2);
if (!defined($session)) {
$session = new CGI::Session (
@@ -713,6 +717,9 @@ sub connect_ldap_snmc($$;$) {
$session->clear(['error']);
if (defined($pp->{'error'})) {
+
+ print STDERR "ldap_NS.pl: ppolicy error!\n" if ($debug >2);
+
if ($pp->{'error'} == LDAP_PP_PASSWORD_EXPIRED) {
$session->param('error', 'Your password has expired');
$session->param('userMustChange', 1);
@@ -735,6 +742,8 @@ sub connect_ldap_snmc($$;$) {
else {
if (defined($pp->{'warning'})) {
+
+ print STDERR "ldap_NS.pl: ppolicy warning!\n" if ($debug >2);
if (defined($pp->{'warning'}->{'graceAuthNsRemaining'})) {
$session->param('error',
@@ -877,21 +886,33 @@ sub refresh_groupOfNames {
}
sub refresh_userInfos {
+
+ print STDERR "ldap_NS.pl: entering refresh_userInfos\n" if ($debug >2);
+
reconnect_ldap_snmc;
+
eval {
return if ($session->param('userMustChange') > 0);
+ print STDERR "ldap_NS.pl: fetching `".$session->param('user')."' posixAccount\n" if ($debug >2);
my $userInfos = SNET::LdapNS::getPosixAccount(
$ldap_snmc->{'label'},
$session->param('user')
);
$session->param('userInfos', $userInfos);
+
+ print STDERR "ldap_NS.pl: checking user privileges ...\n" if ($debug >2);
$isAdmin = SNET::LdapNS::isAdmin($ldap_snmc->{'label'});
$session->param('isAdmin', $isAdmin);
+ print STDERR "ldap_NS.pl: user ".(
+ $isAdmin ? "is admin" : "is not admin"
+ )."\n" if ($debug >2);
+
};
if ($@) {
$session->param('error', $@);
redirect_homepage;
}
+
}
sub print_ns_headers($) {
@@ -2970,6 +2991,8 @@ sub display_blank($) {
sub display_users {
+ print STDERR "ldap_NS.pl: entering display_users\n" if ($debug >2);
+
if (defined($params->{'action'})) {
if ($params->{'action'} eq 'reset') {
$session->param('action','reset');
@@ -3014,6 +3037,8 @@ sub display_users {
}
sub display_groups {
+
+ print STDERR "ldap_NS.pl: entering display_groups\n" if ($debug >2);
if (defined($params->{'action'})) {
if ($params->{'action'} eq 'modgroup') {
@@ -3574,6 +3599,8 @@ sub display_policyinfos {
}
sub display_policies {
+
+ print STDERR "ldap_NS.pl: entering display_policies\n" if ($debug >2);
if (defined($params->{'action'})) {
if ($params->{'action'} eq 'modpolicy') {
@@ -3613,6 +3640,8 @@ sub display_policies {
}
sub display_homepage {
+
+ print STDERR "ldap_NS.pl: entering display_homepage\n" if ($debug >2);
if (defined($params->{'action'})) {
if ($params->{'action'} eq 'passwd') {
@@ -3644,6 +3673,8 @@ sub display_homepage {
sub dispatch {
+ print STDERR "ldap_NS.pl: entering dispatch\n" if ($debug >2);
+
$session->expire('+1h');
$LOGIN = 0;
@@ -3737,7 +3768,7 @@ sub display_login {
die 'invalid or missing parameters' unless $form->validate();
- connect_ldap_snmc($ldap_snmc->{'user'}, $ldap_snmc->{'password'});
+ connect_ldap_snmc($ldap_snmc->{'user'}, $ldap_snmc->{'password'}, 0);
};
if ($@) {