Revision 4771
Added by walbridge about 15 years ago
| ldapweb.cgi | ||
|---|---|---|
| 124 | 124 |
|
| 125 | 125 |
# Java uses miliseconds, Perl expects whole seconds |
| 126 | 126 |
my $timeout = $properties->getProperty('ldap.connectTimeLimit') / 1000;
|
| 127 |
my $ldapdownmessage = "The main ldap server $ldapurl is down!"; |
|
| 128 | 127 |
|
| 129 | 128 |
# Get the CGI input variables |
| 130 | 129 |
my $query = new CGI; |
| ... | ... | |
| 514 | 513 |
my $errorMessage = 0; |
| 515 | 514 |
my $ldap; |
| 516 | 515 |
|
| 517 |
#if main ldap server is down, a html file containing warning message will be returned
|
|
| 518 |
$ldap = Net::LDAP->new($ldapurl, timeout => $timeout) or handleGeneralServerFailure($ldapdownmessage);
|
|
| 516 |
#if main ldap server is down, a html file containing warning message will be returned
|
|
| 517 |
$ldap = Net::LDAP->new($ldapurl, timeout => $timeout) or handleLDAPBindFailure($ldapurl);
|
|
| 519 | 518 |
|
| 520 |
#$ldap->start_tls( verify => 'require',
|
|
| 519 |
#$ldap->start_tls( verify => 'require',
|
|
| 521 | 520 |
#cafile => '/usr/share/ssl/ldapcerts/cacert.pem'); |
| 522 | 521 |
$ldap->start_tls( verify => 'none'); |
| 523 | 522 |
my $bindresult = $ldap->bind( version => 3, dn => $bindDN, |
| ... | ... | |
| 576 | 575 |
debug("ldap server: $ldapurl");
|
| 577 | 576 |
|
| 578 | 577 |
#if main ldap server is down, a html file containing warning message will be returned |
| 579 |
$ldap = Net::LDAP->new($ldapurl, timeout => $timeout) or handleGeneralServerFailure($ldapdownmessage);
|
|
| 578 |
$ldap = Net::LDAP->new($ldapurl, timeout => $timeout) or handleLDAPBindFailure($ldapurl);
|
|
| 580 | 579 |
$ldap->start_tls( verify => 'none'); |
| 581 | 580 |
my $bindresult = $ldap->bind; |
| 582 | 581 |
if ($bindresult->code) {
|
| ... | ... | |
| 623 | 622 |
|
| 624 | 623 |
my $errorMessage = ""; |
| 625 | 624 |
if ($recipient) {
|
| 626 |
my $mailhost = $properties->getProperty('email.mailhost');
|
|
| 627 |
my $sender = $properties->getProperty('email.sender');
|
|
| 625 |
my $mailhost = $properties->getProperty('email.mailhost');
|
|
| 626 |
my $sender = $properties->getProperty('email.sender');
|
|
| 628 | 627 |
# Send the email message to them |
| 629 | 628 |
my $smtp = Net::SMTP->new($mailhost); |
| 630 | 629 |
$smtp->mail($sender); |
| ... | ... | |
| 674 | 673 |
|
| 675 | 674 |
#if main ldap server is down, a html file containing warning message will be returned |
| 676 | 675 |
debug("connecting to LDAP in findExistingAccounts with settings $ldapurl, $timeout");
|
| 677 |
$ldap = Net::LDAP->new($ldapurl, timeout => $timeout) or handleGeneralServerFailure($ldapdownmessage);
|
|
| 676 |
$ldap = Net::LDAP->new($ldapurl, timeout => $timeout) or handleLDAPBindFailure($ldapurl);
|
|
| 678 | 677 |
$ldap->start_tls( verify => 'none'); |
| 679 | 678 |
$ldap->bind( version => 3, anonymous => 1); |
| 680 | 679 |
my $mesg = $ldap->search ( |
| ... | ... | |
| 767 | 766 |
my $dnBase = $ldapConfig->{$o}{'dn'};
|
| 768 | 767 |
my $ldapUsername = $ldapConfig->{$o}{'user'} . ',' . $searchBase;
|
| 769 | 768 |
my $ldapPassword = $ldapConfig->{$o}{'password'};
|
| 770 |
debug("LDAP connection to $ldapurl...");
|
|
| 769 |
debug("LDAP connection to $ldapurl...");
|
|
| 771 | 770 |
#if main ldap server is down, a html file containing warning message will be returned |
| 772 |
my $ldap = Net::LDAP->new($ldapurl, timeout => $timeout) or handleGeneralServerFailure("The ldap server " . $ldapurl . " is down!");
|
|
| 771 |
my $ldap = Net::LDAP->new($ldapurl, timeout => $timeout) or handleLDAPBindFailure($ldapurl);
|
|
| 773 | 772 |
|
| 774 | 773 |
|
| 775 | 774 |
$ldap->start_tls( verify => 'none'); |
| 776 |
debug("Attempting to bind to LDAP server with dn = $ldapUsername, pwd = $ldapPassword");
|
|
| 775 |
debug("Attempting to bind to LDAP server with dn = $ldapUsername, pwd = $ldapPassword");
|
|
| 777 | 776 |
$ldap->bind( version => 3, dn => $ldapUsername, password => $ldapPassword ); |
| 778 | 777 |
|
| 779 | 778 |
my $dn = 'uid=' . $query->param('uid') . ',' . $dnBase;
|
| 780 |
debug("Inserting new entry for: $dn");
|
|
| 779 |
debug("Inserting new entry for: $dn");
|
|
| 781 | 780 |
|
| 782 | 781 |
# Create a hashed version of the password |
| 783 | 782 |
my $shapass = createSeededPassHash($query->param('userPassword'));
|
| ... | ... | |
| 913 | 912 |
my $foundAccounts = 0; |
| 914 | 913 |
|
| 915 | 914 |
#if ldap server is down, a html file containing warning message will be returned |
| 916 |
my $ldap = Net::LDAP->new($ldapurl, timeout => $timeout) or handleGeneralServerFailure("The ldap server " . $ldapurl . " is down!");
|
|
| 915 |
my $ldap = Net::LDAP->new($ldapurl, timeout => $timeout) or handleLDAPBindFailure($ldapurl);
|
|
| 917 | 916 |
|
| 918 | 917 |
$ldap->start_tls( verify => 'none'); |
| 919 | 918 |
$ldap->bind( version => 3, anonymous => 1); |
| ... | ... | |
| 970 | 969 |
} |
| 971 | 970 |
} |
| 972 | 971 |
|
| 972 |
sub handleLDAPBindFailure {
|
|
| 973 |
my $ldapAttemptUrl = shift; |
|
| 974 |
my $primaryLdap = $properties->getProperty('auth.url');
|
|
| 975 |
|
|
| 976 |
if ($ldapAttemptUrl eq $primaryLdap) {
|
|
| 977 |
handleGeneralServerFailure("The main LDAP server $ldapurl is down!");
|
|
| 978 |
} else {
|
|
| 979 |
debug("attempted to bind to nonresponsive LDAP server $ldapAttemptUrl, skipped.");
|
|
| 980 |
} |
|
| 981 |
} |
|
| 982 |
|
|
| 973 | 983 |
sub handleGeneralServerFailure {
|
| 974 | 984 |
my $errorMessage = shift; |
| 975 | 985 |
fullTemplate( ['mainServerFailure'], { errorMessage => $errorMessage });
|
Also available in: Unified diff
Handle non-responsive LDAP referrals without killing the script, but still require the main LDAP to be up.