Revision 8185
Added by Jing Tao about 11 years ago
| ldapweb.cgi | ||
|---|---|---|
| 270 | 270 |
'initchangepass' => \&handleInitialChangePassword, |
| 271 | 271 |
'resetpass' => \&handleResetPassword, |
| 272 | 272 |
'initresetpass' => \&handleInitialResetPassword, |
| 273 |
'emailverification' => \&handleEmailVerification, |
|
| 273 | 274 |
); |
| 274 | 275 |
|
| 275 | 276 |
# call the appropriate routine based on the stage |
| ... | ... | |
| 870 | 871 |
sub createTemporaryAccount {
|
| 871 | 872 |
my $allParams = shift; |
| 872 | 873 |
my $org = $query->param('o');
|
| 873 |
#my $org = 'unaffiliated'; |
|
| 874 | 874 |
my $ou = $query->param('ou');
|
| 875 |
#my $ou = 'LTER'; |
|
| 875 |
|
|
| 876 | 876 |
|
| 877 | 877 |
################## Search LDAP for matching o or ou that already exist |
| 878 |
my $tmpSearchBase = 'dc=tmp,' . $authBase;
|
|
| 878 |
my $orgAuthBase;
|
|
| 879 | 879 |
my $filter; |
| 880 | 880 |
if($org) {
|
| 881 | 881 |
$filter = "(o" |
| 882 | 882 |
. "=" . $org . |
| 883 | 883 |
")"; |
| 884 |
$orgAuthBase = $ldapConfig->{$org}{'base'};
|
|
| 884 | 885 |
} else {
|
| 885 | 886 |
$filter = "(ou" |
| 886 | 887 |
. "=" . $ou . |
| 887 | 888 |
")"; |
| 889 |
$orgAuthBase = $ldapConfig->{$ou}{'base'};
|
|
| 888 | 890 |
} |
| 891 |
my $tmpSearchBase = 'dc=tmp,' . $orgAuthBase; |
|
| 889 | 892 |
debug("search filer " . $filter);
|
| 890 | 893 |
debug("ldap server ". $ldapurl);
|
| 891 | 894 |
debug("sesarch base " . $tmpSearchBase);
|
| ... | ... | |
| 976 | 979 |
$$additions[$#$additions + 1] = $query->param('title');
|
| 977 | 980 |
} |
| 978 | 981 |
my $dn; |
| 982 |
my $orgStr; |
|
| 979 | 983 |
if($org) {
|
| 980 | 984 |
$$additions[$#$additions + 1] = 'o'; |
| 981 | 985 |
$$additions[$#$additions + 1] = $org; |
| 982 | 986 |
$dn='uid=' . $query->param('uid') . ',' . 'o=' . $org . ',' . $tmpSearchBase;
|
| 987 |
$orgStr='o=' . $org; |
|
| 983 | 988 |
} else {
|
| 984 | 989 |
$$additions[$#$additions + 1] = 'ou'; |
| 985 | 990 |
$$additions[$#$additions + 1] = $ou; |
| 986 | 991 |
$dn='uid=' . $query->param('uid') . ',' . 'ou=' . $ou . ',' . $tmpSearchBase;
|
| 992 |
$orgStr='ou=' . $ou; |
|
| 987 | 993 |
} |
| 988 | 994 |
my $tmp = 1; |
| 989 | 995 |
createAccount2($dn, $ldapUsername, $ldapPassword, $additions, $tmp, $allParams); |
| 990 | 996 |
|
| 991 | 997 |
|
| 992 | 998 |
####################send the verification email to the user |
| 993 |
my $link = $contextUrl. '/cgi-bin/ldapweb.cgi?cfg=' . $skinName . '&' . 'stage=' . $emailVerification . '&' . 'dn=' . $dn . '&' . 'hash=' . $randomStr; |
|
| 999 |
my $link = $contextUrl. '/cgi-bin/ldapweb.cgi?cfg=' . $skinName . '&' . 'stage=' . $emailVerification . '&' . 'dn=' . $dn . '&' . 'hash=' . $randomStr . '&' . $orgStr . '&uid=' . $query->param('uid');
|
|
| 994 | 1000 |
|
| 995 | 1001 |
my $mailhost = $properties->getProperty('email.mailhost');
|
| 996 | 1002 |
my $sender = $properties->getProperty('email.sender');
|
| ... | ... | |
| 1050 | 1056 |
if ($ldap) {
|
| 1051 | 1057 |
$ldap->start_tls( verify => 'none'); |
| 1052 | 1058 |
debug("Attempting to bind to LDAP server with dn = $ldapUsername, pwd = $ldapPassword");
|
| 1053 |
$ldap->bind( version => 3, dn => $ldapUsername, password => $ldapPassword ); |
|
| 1054 |
debug(" 1 here is the additions " . $additions);
|
|
| 1055 |
debug(" 2 here is the additions " . @$additions);
|
|
| 1056 |
debug(" 3 here is the additions " . [@$additions]);
|
|
| 1059 |
$ldap->bind( version => 3, dn => $ldapUsername, password => $ldapPassword ); |
|
| 1057 | 1060 |
my $result = $ldap->add ( 'dn' => $dn, 'attr' => [@$additions ]); |
| 1058 | 1061 |
if ($result->code()) {
|
| 1059 | 1062 |
fullTemplate(@failureTemplate, { stage => "register",
|
| ... | ... | |
| 1163 | 1166 |
} |
| 1164 | 1167 |
} |
| 1165 | 1168 |
|
| 1169 |
# |
|
| 1170 |
# This subroutine will handle a email verification: |
|
| 1171 |
# If the hash string matches the one store in the ldap, the account will be |
|
| 1172 |
# copied from the temporary space to the permanent tree and the account in |
|
| 1173 |
# the temporary space will be removed. |
|
| 1174 |
sub handleEmailVerification {
|
|
| 1175 |
|
|
| 1176 |
my $cfg = $query->param('cfg');
|
|
| 1177 |
my $dn = $query->param('dn');
|
|
| 1178 |
my $hash = $query->param('hash');
|
|
| 1179 |
my $org = $query->param('o');
|
|
| 1180 |
my $ou = $query->param('ou');
|
|
| 1181 |
my $uid = $query->param('uid');
|
|
| 1182 |
|
|
| 1183 |
my $orgAttributeName; |
|
| 1184 |
my $ldapUsername; |
|
| 1185 |
my $ldapPassword; |
|
| 1186 |
my $ldaporg; |
|
| 1187 |
my $orgAuthBase; |
|
| 1188 |
if($org) {
|
|
| 1189 |
$ldapUsername = $ldapConfig->{$org}{'user'};
|
|
| 1190 |
$ldapPassword = $ldapConfig->{$org}{'password'};
|
|
| 1191 |
$orgAttributeName = 'o'; |
|
| 1192 |
$ldaporg = $org; |
|
| 1193 |
$orgAuthBase = $ldapConfig->{$org}{'base'};
|
|
| 1194 |
} else {
|
|
| 1195 |
$ldapUsername = $ldapConfig->{$ou}{'user'};
|
|
| 1196 |
$ldapPassword = $ldapConfig->{$ou}{'password'};
|
|
| 1197 |
$orgAttributeName = 'ou'; |
|
| 1198 |
$ldaporg = $ou; |
|
| 1199 |
$orgAuthBase = $ldapConfig->{$org}{'base'};
|
|
| 1200 |
} |
|
| 1201 |
debug("LDAP connection to $ldapurl...");
|
|
| 1202 |
|
|
| 1203 |
|
|
| 1204 |
print "Content-type: text/html\n\n"; |
|
| 1205 |
#if main ldap server is down, a html file containing warning message will be returned |
|
| 1206 |
my $ldap = Net::LDAP->new($ldapurl, timeout => $timeout) or handleLDAPBindFailure($ldapurl); |
|
| 1207 |
if ($ldap) {
|
|
| 1208 |
$ldap->start_tls( verify => 'none'); |
|
| 1209 |
$ldap->bind( version => 3, dn => $ldapUsername, password => $ldapPassword ); |
|
| 1210 |
my $mesg = $ldap->search(base => $dn, scope => 'base', filter => '(objectClass=*)'); |
|
| 1211 |
my $max = $mesg->count; |
|
| 1212 |
debug("the count is " . $max);
|
|
| 1213 |
if($max < 1) {
|
|
| 1214 |
$ldap->unbind; # take down session |
|
| 1215 |
fullTemplate( ['registerFailed'], {errorMessage => "No record was founded to matche the dn " . $dn . " for the verification."});
|
|
| 1216 |
#handleLDAPBindFailure($ldapurl); |
|
| 1217 |
exit(0); |
|
| 1218 |
} else {
|
|
| 1219 |
#check if the hash string match |
|
| 1220 |
my $entry = $mesg->entry (0); |
|
| 1221 |
my $hashStrFromLdap = $entry->get_value('employeeNumber');
|
|
| 1222 |
if( $hashStrFromLdap eq $hash) {
|
|
| 1223 |
#my $additions = [ ]; |
|
| 1224 |
#foreach my $attr ( $entry->attributes ) {
|
|
| 1225 |
#if($attr ne 'employeeNumber') {
|
|
| 1226 |
#$$additions[$#$additions + 1] = $attr; |
|
| 1227 |
#$$additions[$#$additions + 1] = $entry->get_value( $attr ); |
|
| 1228 |
#} |
|
| 1229 |
#} |
|
| 1230 |
#my $tmp=0; |
|
| 1231 |
#my $allParams=""; |
|
| 1232 |
$mesg = $ldap->moddn( |
|
| 1233 |
dn => $dn, |
|
| 1234 |
deleteoldrdn => 1, |
|
| 1235 |
newrdn => "uid=" . $uid, |
|
| 1236 |
newsuperior => $orgAttributeName . "=" . $ldaporg . "," . $orgAuthBase); |
|
| 1237 |
$ldap->unbind; # take down session |
|
| 1238 |
if(mesg->code()) {
|
|
| 1239 |
fullTemplate( ['registerFailed'], {errorMessage => "Cannot move the account from the inactive area to the ative area since " . $mesg->error()});
|
|
| 1240 |
exit(0); |
|
| 1241 |
} else {
|
|
| 1242 |
fullTemplate( ['success'] ); |
|
| 1243 |
} |
|
| 1244 |
#createAccount2($dn, $ldapUsername, $ldapPassword, $additions, $tmp, $allParams); |
|
| 1245 |
} else {
|
|
| 1246 |
$ldap->unbind; # take down session |
|
| 1247 |
fullTemplate( ['registerFailed'], {errorMessage => "The hash string " . $hash . " from your link doesn't match our record."});
|
|
| 1248 |
exit(0); |
|
| 1249 |
} |
|
| 1250 |
|
|
| 1251 |
} |
|
| 1252 |
} else {
|
|
| 1253 |
handleLDAPBindFailure($ldapurl); |
|
| 1254 |
exit(0); |
|
| 1255 |
} |
|
| 1256 |
|
|
| 1257 |
} |
|
| 1258 |
|
|
| 1166 | 1259 |
sub handleResponseMessage {
|
| 1167 | 1260 |
|
| 1168 | 1261 |
print "Content-type: text/html\n\n"; |
Also available in: Unified diff
Add the new feature for the email verification.