Revision 8185
Added by Jing Tao about 11 years ago
src/perl/ldapweb.cgi | ||
---|---|---|
270 | 270 |
'initchangepass' => \&handleInitialChangePassword, |
271 | 271 |
'resetpass' => \&handleResetPassword, |
272 | 272 |
'initresetpass' => \&handleInitialResetPassword, |
273 |
'emailverification' => \&handleEmailVerification, |
|
273 | 274 |
); |
274 | 275 |
|
275 | 276 |
# call the appropriate routine based on the stage |
... | ... | |
870 | 871 |
sub createTemporaryAccount { |
871 | 872 |
my $allParams = shift; |
872 | 873 |
my $org = $query->param('o'); |
873 |
#my $org = 'unaffiliated'; |
|
874 | 874 |
my $ou = $query->param('ou'); |
875 |
#my $ou = 'LTER'; |
|
875 |
|
|
876 | 876 |
|
877 | 877 |
################## Search LDAP for matching o or ou that already exist |
878 |
my $tmpSearchBase = 'dc=tmp,' . $authBase;
|
|
878 |
my $orgAuthBase;
|
|
879 | 879 |
my $filter; |
880 | 880 |
if($org) { |
881 | 881 |
$filter = "(o" |
882 | 882 |
. "=" . $org . |
883 | 883 |
")"; |
884 |
$orgAuthBase = $ldapConfig->{$org}{'base'}; |
|
884 | 885 |
} else { |
885 | 886 |
$filter = "(ou" |
886 | 887 |
. "=" . $ou . |
887 | 888 |
")"; |
889 |
$orgAuthBase = $ldapConfig->{$ou}{'base'}; |
|
888 | 890 |
} |
891 |
my $tmpSearchBase = 'dc=tmp,' . $orgAuthBase; |
|
889 | 892 |
debug("search filer " . $filter); |
890 | 893 |
debug("ldap server ". $ldapurl); |
891 | 894 |
debug("sesarch base " . $tmpSearchBase); |
... | ... | |
976 | 979 |
$$additions[$#$additions + 1] = $query->param('title'); |
977 | 980 |
} |
978 | 981 |
my $dn; |
982 |
my $orgStr; |
|
979 | 983 |
if($org) { |
980 | 984 |
$$additions[$#$additions + 1] = 'o'; |
981 | 985 |
$$additions[$#$additions + 1] = $org; |
982 | 986 |
$dn='uid=' . $query->param('uid') . ',' . 'o=' . $org . ',' . $tmpSearchBase; |
987 |
$orgStr='o=' . $org; |
|
983 | 988 |
} else { |
984 | 989 |
$$additions[$#$additions + 1] = 'ou'; |
985 | 990 |
$$additions[$#$additions + 1] = $ou; |
986 | 991 |
$dn='uid=' . $query->param('uid') . ',' . 'ou=' . $ou . ',' . $tmpSearchBase; |
992 |
$orgStr='ou=' . $ou; |
|
987 | 993 |
} |
988 | 994 |
my $tmp = 1; |
989 | 995 |
createAccount2($dn, $ldapUsername, $ldapPassword, $additions, $tmp, $allParams); |
990 | 996 |
|
991 | 997 |
|
992 | 998 |
####################send the verification email to the user |
993 |
my $link = $contextUrl. '/cgi-bin/ldapweb.cgi?cfg=' . $skinName . '&' . 'stage=' . $emailVerification . '&' . 'dn=' . $dn . '&' . 'hash=' . $randomStr; |
|
999 |
my $link = $contextUrl. '/cgi-bin/ldapweb.cgi?cfg=' . $skinName . '&' . 'stage=' . $emailVerification . '&' . 'dn=' . $dn . '&' . 'hash=' . $randomStr . '&' . $orgStr . '&uid=' . $query->param('uid');
|
|
994 | 1000 |
|
995 | 1001 |
my $mailhost = $properties->getProperty('email.mailhost'); |
996 | 1002 |
my $sender = $properties->getProperty('email.sender'); |
... | ... | |
1050 | 1056 |
if ($ldap) { |
1051 | 1057 |
$ldap->start_tls( verify => 'none'); |
1052 | 1058 |
debug("Attempting to bind to LDAP server with dn = $ldapUsername, pwd = $ldapPassword"); |
1053 |
$ldap->bind( version => 3, dn => $ldapUsername, password => $ldapPassword ); |
|
1054 |
debug(" 1 here is the additions " . $additions); |
|
1055 |
debug(" 2 here is the additions " . @$additions); |
|
1056 |
debug(" 3 here is the additions " . [@$additions]); |
|
1059 |
$ldap->bind( version => 3, dn => $ldapUsername, password => $ldapPassword ); |
|
1057 | 1060 |
my $result = $ldap->add ( 'dn' => $dn, 'attr' => [@$additions ]); |
1058 | 1061 |
if ($result->code()) { |
1059 | 1062 |
fullTemplate(@failureTemplate, { stage => "register", |
... | ... | |
1163 | 1166 |
} |
1164 | 1167 |
} |
1165 | 1168 |
|
1169 |
# |
|
1170 |
# This subroutine will handle a email verification: |
|
1171 |
# If the hash string matches the one store in the ldap, the account will be |
|
1172 |
# copied from the temporary space to the permanent tree and the account in |
|
1173 |
# the temporary space will be removed. |
|
1174 |
sub handleEmailVerification { |
|
1175 |
|
|
1176 |
my $cfg = $query->param('cfg'); |
|
1177 |
my $dn = $query->param('dn'); |
|
1178 |
my $hash = $query->param('hash'); |
|
1179 |
my $org = $query->param('o'); |
|
1180 |
my $ou = $query->param('ou'); |
|
1181 |
my $uid = $query->param('uid'); |
|
1182 |
|
|
1183 |
my $orgAttributeName; |
|
1184 |
my $ldapUsername; |
|
1185 |
my $ldapPassword; |
|
1186 |
my $ldaporg; |
|
1187 |
my $orgAuthBase; |
|
1188 |
if($org) { |
|
1189 |
$ldapUsername = $ldapConfig->{$org}{'user'}; |
|
1190 |
$ldapPassword = $ldapConfig->{$org}{'password'}; |
|
1191 |
$orgAttributeName = 'o'; |
|
1192 |
$ldaporg = $org; |
|
1193 |
$orgAuthBase = $ldapConfig->{$org}{'base'}; |
|
1194 |
} else { |
|
1195 |
$ldapUsername = $ldapConfig->{$ou}{'user'}; |
|
1196 |
$ldapPassword = $ldapConfig->{$ou}{'password'}; |
|
1197 |
$orgAttributeName = 'ou'; |
|
1198 |
$ldaporg = $ou; |
|
1199 |
$orgAuthBase = $ldapConfig->{$org}{'base'}; |
|
1200 |
} |
|
1201 |
debug("LDAP connection to $ldapurl..."); |
|
1202 |
|
|
1203 |
|
|
1204 |
print "Content-type: text/html\n\n"; |
|
1205 |
#if main ldap server is down, a html file containing warning message will be returned |
|
1206 |
my $ldap = Net::LDAP->new($ldapurl, timeout => $timeout) or handleLDAPBindFailure($ldapurl); |
|
1207 |
if ($ldap) { |
|
1208 |
$ldap->start_tls( verify => 'none'); |
|
1209 |
$ldap->bind( version => 3, dn => $ldapUsername, password => $ldapPassword ); |
|
1210 |
my $mesg = $ldap->search(base => $dn, scope => 'base', filter => '(objectClass=*)'); |
|
1211 |
my $max = $mesg->count; |
|
1212 |
debug("the count is " . $max); |
|
1213 |
if($max < 1) { |
|
1214 |
$ldap->unbind; # take down session |
|
1215 |
fullTemplate( ['registerFailed'], {errorMessage => "No record was founded to matche the dn " . $dn . " for the verification."}); |
|
1216 |
#handleLDAPBindFailure($ldapurl); |
|
1217 |
exit(0); |
|
1218 |
} else { |
|
1219 |
#check if the hash string match |
|
1220 |
my $entry = $mesg->entry (0); |
|
1221 |
my $hashStrFromLdap = $entry->get_value('employeeNumber'); |
|
1222 |
if( $hashStrFromLdap eq $hash) { |
|
1223 |
#my $additions = [ ]; |
|
1224 |
#foreach my $attr ( $entry->attributes ) { |
|
1225 |
#if($attr ne 'employeeNumber') { |
|
1226 |
#$$additions[$#$additions + 1] = $attr; |
|
1227 |
#$$additions[$#$additions + 1] = $entry->get_value( $attr ); |
|
1228 |
#} |
|
1229 |
#} |
|
1230 |
#my $tmp=0; |
|
1231 |
#my $allParams=""; |
|
1232 |
$mesg = $ldap->moddn( |
|
1233 |
dn => $dn, |
|
1234 |
deleteoldrdn => 1, |
|
1235 |
newrdn => "uid=" . $uid, |
|
1236 |
newsuperior => $orgAttributeName . "=" . $ldaporg . "," . $orgAuthBase); |
|
1237 |
$ldap->unbind; # take down session |
|
1238 |
if(mesg->code()) { |
|
1239 |
fullTemplate( ['registerFailed'], {errorMessage => "Cannot move the account from the inactive area to the ative area since " . $mesg->error()}); |
|
1240 |
exit(0); |
|
1241 |
} else { |
|
1242 |
fullTemplate( ['success'] ); |
|
1243 |
} |
|
1244 |
#createAccount2($dn, $ldapUsername, $ldapPassword, $additions, $tmp, $allParams); |
|
1245 |
} else { |
|
1246 |
$ldap->unbind; # take down session |
|
1247 |
fullTemplate( ['registerFailed'], {errorMessage => "The hash string " . $hash . " from your link doesn't match our record."}); |
|
1248 |
exit(0); |
|
1249 |
} |
|
1250 |
|
|
1251 |
} |
|
1252 |
} else { |
|
1253 |
handleLDAPBindFailure($ldapurl); |
|
1254 |
exit(0); |
|
1255 |
} |
|
1256 |
|
|
1257 |
} |
|
1258 |
|
|
1166 | 1259 |
sub handleResponseMessage { |
1167 | 1260 |
|
1168 | 1261 |
print "Content-type: text/html\n\n"; |
Also available in: Unified diff
Add the new feature for the email verification.