Revision 4868
Added by walbridge over 15 years ago
src/perl/ldapweb.cgi | ||
---|---|---|
192 | 192 |
} else { |
193 | 193 |
$ldapConfig->{$o}{'dn'} = $ldapConfig->{$o}{'base'}; |
194 | 194 |
} |
195 |
|
|
195 |
|
|
196 |
# set LDAP administrator user account |
|
196 | 197 |
if (!$ldapConfig->{$o}{'user'}) { |
197 | 198 |
$ldapConfig->{$o}{'user'} = $ldapConfig->{'unaffiliated'}{'user'}; |
198 | 199 |
} |
200 |
# check for a fully qualified LDAP name. If it doesn't exist, append base. |
|
201 |
my @userParts = split(',', $ldapConfig->{$o}{'user'}); |
|
202 |
if (scalar(@userParts) == 1) { |
|
203 |
$ldapConfig->{$o}{'user'} = $ldapConfig->{$o}{'user'} . "," . $ldapConfig->{$o}{'base'}; |
|
204 |
} |
|
199 | 205 |
|
200 | 206 |
if (!$ldapConfig->{$o}{'password'}) { |
201 | 207 |
$ldapConfig->{$o}{'password'} = $ldapConfig->{'unaffiliated'}{'password'}; |
... | ... | |
448 | 454 |
my $o = $query->param('o'); |
449 | 455 |
|
450 | 456 |
$searchBase = $ldapConfig->{$o}{'base'}; |
451 |
$ldapUsername = $ldapConfig->{$o}{'user'} . ',' . $searchBase;
|
|
457 |
$ldapUsername = $ldapConfig->{$o}{'user'}; |
|
452 | 458 |
$ldapPassword = $ldapConfig->{$o}{'password'}; |
453 | 459 |
} |
454 | 460 |
|
... | ... | |
539 | 545 |
my $o = shift; |
540 | 546 |
|
541 | 547 |
my $searchBase = $ldapConfig->{$o}{'base'}; |
542 |
|
|
548 |
|
|
543 | 549 |
my $errorMessage = 0; |
544 | 550 |
my $ldap; |
545 |
|
|
551 |
|
|
546 | 552 |
#if main ldap server is down, a html file containing warning message will be returned |
547 | 553 |
$ldap = Net::LDAP->new($ldapurl, timeout => $timeout) or handleLDAPBindFailure($ldapurl); |
548 | 554 |
|
549 | 555 |
if ($ldap) { |
550 |
#$ldap->start_tls( verify => 'require',
|
|
556 |
#$ldap->start_tls( verify => 'require',
|
|
551 | 557 |
#cafile => '/usr/share/ssl/ldapcerts/cacert.pem'); |
552 |
$ldap->start_tls( verify => 'none'); |
|
553 |
my $bindresult = $ldap->bind( version => 3, dn => $bindDN, |
|
558 |
$ldap->start_tls( verify => 'none'); |
|
559 |
debug("changePassword: attempting to bind to $bindDN"); |
|
560 |
my $bindresult = $ldap->bind( version => 3, dn => $bindDN, |
|
554 | 561 |
password => $bindPass ); |
555 |
if ($bindresult->code) {
|
|
556 |
$errorMessage = "Failed to log in. Are you sure your connection credentails are " .
|
|
557 |
"correct? Please correct and try again..."; |
|
558 |
return $errorMessage;
|
|
559 |
}
|
|
562 |
if ($bindresult->code) {
|
|
563 |
$errorMessage = "Failed to log in. Are you sure your connection credentails are " .
|
|
564 |
"correct? Please correct and try again...";
|
|
565 |
return $errorMessage;
|
|
566 |
}
|
|
560 | 567 |
|
561 | 568 |
# Find the user here and change their entry |
562 | 569 |
my $newpass = createSeededPassHash($userPass); |
563 | 570 |
my $modifications = { userPassword => $newpass }; |
564 |
debug("changePass: setting password for $userDN to $newpass");
|
|
571 |
debug("changePass: setting password for $userDN to $newpass"); |
|
565 | 572 |
my $result = $ldap->modify( $userDN, replace => { %$modifications }); |
566 | 573 |
|
567 | 574 |
if ($result->code()) { |
... | ... | |
714 | 721 |
my $foundAccounts = 0; |
715 | 722 |
|
716 | 723 |
#if main ldap server is down, a html file containing warning message will be returned |
717 |
debug("connecting to LDAP in findExistingAccounts with settings $ldapurl, $timeout");
|
|
724 |
debug("findExistingAccounts: connecting to $ldapurl, $timeout");
|
|
718 | 725 |
$ldap = Net::LDAP->new($ldapurl, timeout => $timeout) or handleLDAPBindFailure($ldapurl); |
719 | 726 |
if ($ldap) { |
720 | 727 |
$ldap->start_tls( verify => 'none'); |
... | ... | |
808 | 815 |
|
809 | 816 |
my $searchBase = $ldapConfig->{$o}{'base'}; |
810 | 817 |
my $dnBase = $ldapConfig->{$o}{'dn'}; |
811 |
my $ldapUsername = $ldapConfig->{$o}{'user'} . ',' . $searchBase;
|
|
818 |
my $ldapUsername = $ldapConfig->{$o}{'user'}; |
|
812 | 819 |
my $ldapPassword = $ldapConfig->{$o}{'password'}; |
813 | 820 |
debug("LDAP connection to $ldapurl..."); |
814 | 821 |
#if main ldap server is down, a html file containing warning message will be returned |
Also available in: Unified diff
- build up username using base if username isn't fully qualified (e.g. cn=Manager,dc=ecoinformatics,dc=org)
- additional debugging statements for changePassword