Revision 8220
Added by Jing Tao about 11 years ago
| src/perl/ldapweb.cgi | ||
|---|---|---|
| 351 | 351 |
sub handleRegister {
|
| 352 | 352 |
|
| 353 | 353 |
print "Content-type: text/html\n\n"; |
| 354 |
if ($query->param('o') =~ "LTER") {
|
|
| 355 |
fullTemplate( ['registerLter'] ); |
|
| 356 |
exit(0); |
|
| 357 |
} |
|
| 354 | 358 |
|
| 355 |
|
|
| 356 | 359 |
my $allParams = { 'givenName' => $query->param('givenName'),
|
| 357 | 360 |
'sn' => $query->param('sn'),
|
| 358 | 361 |
'o' => $query->param('o'),
|
| ... | ... | |
| 912 | 915 |
sub createTemporaryAccount {
|
| 913 | 916 |
my $allParams = shift; |
| 914 | 917 |
my $org = $query->param('o');
|
| 915 |
|
|
| 918 |
my $ldapUsername = $ldapConfig->{$org}{'user'};
|
|
| 919 |
my $ldapPassword = $ldapConfig->{$org}{'password'};
|
|
| 920 |
my $tmp = 1; |
|
| 916 | 921 |
|
| 922 |
################## Search LDAP to see if the dc=tmp which stores the inactive accounts exist or not. If it doesn't exist, it will be generated |
|
| 923 |
my $orgAuthBase = $ldapConfig->{$org}{'base'};
|
|
| 924 |
my $tmpSearchBase = 'dc=tmp,' . $orgAuthBase; |
|
| 925 |
my $tmpFilter = "dc=tmp"; |
|
| 926 |
my @attributes=['dc']; |
|
| 927 |
my $foundTmp = searchDirectory($ldapurl, $orgAuthBase, $tmpFilter, \@attributes); |
|
| 928 |
if (!$foundTmp) {
|
|
| 929 |
my $dn = $tmpSearchBase; |
|
| 930 |
my $additions = [ |
|
| 931 |
'dc' => 'tmp', |
|
| 932 |
'o' => 'tmp', |
|
| 933 |
'objectclass' => ['top', 'dcObject', 'organization'] |
|
| 934 |
]; |
|
| 935 |
createItem($dn, $ldapUsername, $ldapPassword, $additions, $tmp, $allParams); |
|
| 936 |
} else {
|
|
| 937 |
debug("found the tmp space");
|
|
| 938 |
} |
|
| 917 | 939 |
|
| 918 |
################## Search LDAP for matching o or ou that already exist |
|
| 919 |
my $orgAuthBase = $ldapConfig->{$org}{'base'};;
|
|
| 940 |
################## Search LDAP for matching o or ou under the dc=tmp that already exist. If it doesn't exist, it will be generated |
|
| 920 | 941 |
my $filter = $ldapConfig->{$org}{'filter'};
|
| 921 |
my $tmpSearchBase = 'dc=tmp,' . $orgAuthBase; |
|
| 942 |
|
|
| 922 | 943 |
debug("search filer " . $filter);
|
| 923 | 944 |
debug("ldap server ". $ldapurl);
|
| 924 | 945 |
debug("sesarch base " . $tmpSearchBase);
|
| 925 | 946 |
print "Content-type: text/html\n\n"; |
| 926 | 947 |
my @attrs = ['o', 'ou' ]; |
| 927 | 948 |
my $found = searchDirectory($ldapurl, $tmpSearchBase, $filter, \@attrs); |
| 928 |
|
|
| 929 |
my $ldapUsername = $ldapConfig->{$org}{'user'};
|
|
| 930 |
my $ldapPassword = $ldapConfig->{$org}{'password'};
|
|
| 931 |
debug("LDAP connection to $ldapurl...");
|
|
| 932 |
|
|
| 933 |
my @organizationInfo = split('=', $ldapConfig->{$org}{'org'}); #split 'o=NCEAS' or something like that
|
|
| 934 |
my $organization = $organizationInfo[0]; # This will be 'o' or 'ou' |
|
| 935 |
my $organizationName = $organizationInfo[1]; # This will be 'NCEAS' or 'Account' |
|
| 949 |
|
|
| 950 |
my @organizationInfo = split('=', $ldapConfig->{$org}{'org'}); #split 'o=NCEAS' or something like that
|
|
| 951 |
my $organization = $organizationInfo[0]; # This will be 'o' or 'ou' |
|
| 952 |
my $organizationName = $organizationInfo[1]; # This will be 'NCEAS' or 'Account' |
|
| 936 | 953 |
|
| 937 | 954 |
if(!$found) {
|
| 938 | 955 |
debug("generate the subtree in the dc=tmp===========================");
|
| 939 | 956 |
#need to generate the subtree o or ou |
| 940 |
my $dn; |
|
| 941 |
#if main ldap server is down, a html file containing warning message will be returned |
|
| 942 |
my $ldap = Net::LDAP->new($ldapurl, timeout => $timeout) or handleLDAPBindFailure($ldapurl); |
|
| 943 |
if ($ldap) {
|
|
| 944 |
$ldap->start_tls( verify => 'none'); |
|
| 945 |
debug("Attempting to bind to LDAP server with dn = $ldapUsername, pwd = $ldapPassword");
|
|
| 946 |
$ldap->bind( version => 3, dn => $ldapUsername, password => $ldapPassword ); |
|
| 947 |
my $additions; |
|
| 957 |
my $additions; |
|
| 948 | 958 |
if($organization eq 'ou') {
|
| 949 | 959 |
$additions = [ |
| 950 | 960 |
$organization => $organizationName, |
| ... | ... | |
| 958 | 968 |
]; |
| 959 | 969 |
|
| 960 | 970 |
} |
| 961 |
|
|
| 962 |
$dn=$ldapConfig->{$org}{'org'} . ',' . $tmpSearchBase;
|
|
| 963 |
# Do the insertion |
|
| 964 |
my $result = $ldap->add ( 'dn' => $dn, 'attr' => [ @$additions ]); |
|
| 965 |
if ($result->code()) {
|
|
| 966 |
fullTemplate( ['registerFailed', 'register'], { stage => "register",
|
|
| 967 |
allParams => $allParams, |
|
| 968 |
errorMessage => $result->error }); |
|
| 969 |
$ldap->unbind; # take down session |
|
| 970 |
exist(0) |
|
| 971 |
# TODO SCW was included as separate errors, test this |
|
| 972 |
#$templateVars = setVars({ stage => "register",
|
|
| 973 |
# allParams => $allParams }); |
|
| 974 |
#$template->process( $templates->{'register'}, $templateVars);
|
|
| 975 |
} |
|
| 976 |
$ldap->unbind; # take down session |
|
| 977 |
} else {
|
|
| 978 |
fullTemplate( ['registerFailed', 'register'], { stage => "register",
|
|
| 979 |
allParams => $allParams, |
|
| 980 |
errorMessage => "The ldap server is not available now. Please try it later"}); |
|
| 981 |
exit(0); |
|
| 982 |
} |
|
| 983 |
|
|
| 971 |
my $dn=$ldapConfig->{$org}{'org'} . ',' . $tmpSearchBase;
|
|
| 972 |
createItem($dn, $ldapUsername, $ldapPassword, $additions, $tmp, $allParams); |
|
| 984 | 973 |
} |
| 985 | 974 |
|
| 986 | 975 |
################create an account under tmp subtree |
| ... | ... | |
| 1019 | 1008 |
#$$additions[$#$additions + 1] = 'o'; |
| 1020 | 1009 |
#$$additions[$#$additions + 1] = $org; |
| 1021 | 1010 |
my $dn='uid=' . $query->param('uid') . ',' . $ldapConfig->{$org}{'org'} . ',' . $tmpSearchBase;
|
| 1022 |
my $tmp = 1; |
|
| 1023 |
createAccount2($dn, $ldapUsername, $ldapPassword, $additions, $tmp, $allParams); |
|
| 1011 |
createItem($dn, $ldapUsername, $ldapPassword, $additions, $tmp, $allParams); |
|
| 1024 | 1012 |
|
| 1025 | 1013 |
|
| 1026 | 1014 |
####################send the verification email to the user |
| ... | ... | |
| 1065 | 1053 |
} |
| 1066 | 1054 |
|
| 1067 | 1055 |
# |
| 1068 |
# Bind to LDAP and create a new account using the information provided
|
|
| 1056 |
# Bind to LDAP and create a new item (a user or subtree) using the information provided
|
|
| 1069 | 1057 |
# by the user |
| 1070 | 1058 |
# |
| 1071 |
sub createAccount2 {
|
|
| 1059 |
sub createItem {
|
|
| 1072 | 1060 |
my $dn = shift; |
| 1073 | 1061 |
my $ldapUsername = shift; |
| 1074 | 1062 |
my $ldapPassword = shift; |
| ... | ... | |
| 1096 | 1084 |
fullTemplate(@failureTemplate, { stage => "register",
|
| 1097 | 1085 |
allParams => $allParams, |
| 1098 | 1086 |
errorMessage => $result->error }); |
| 1087 |
exist(0); |
|
| 1099 | 1088 |
# TODO SCW was included as separate errors, test this |
| 1100 | 1089 |
#$templateVars = setVars({ stage => "register",
|
| 1101 | 1090 |
# allParams => $allParams }); |
| ... | ... | |
| 1114 | 1103 |
|
| 1115 | 1104 |
} |
| 1116 | 1105 |
|
| 1117 |
# |
|
| 1118 |
# Bind to LDAP and create a new account using the information provided |
|
| 1119 |
# by the user |
|
| 1120 |
# |
|
| 1121 |
sub createAccount {
|
|
| 1122 |
my $allParams = shift; |
|
| 1123 | 1106 |
|
| 1124 |
if ($query->param('o') =~ "LTER") {
|
|
| 1125 |
fullTemplate( ['registerLter'] ); |
|
| 1126 |
} else {
|
|
| 1127 | 1107 |
|
| 1128 |
# Be sure the passwords match |
|
| 1129 |
if ($query->param('userPassword') !~ $query->param('userPassword2')) {
|
|
| 1130 |
my $errorMessage = "The passwords do not match. Try again."; |
|
| 1131 |
fullTemplate( ['registerFailed', 'register'], { stage => "register",
|
|
| 1132 |
allParams => $allParams, |
|
| 1133 |
errorMessage => $errorMessage }); |
|
| 1134 |
exit(); |
|
| 1135 |
} |
|
| 1136 | 1108 |
|
| 1137 |
my $o = $query->param('o');
|
|
| 1138 | 1109 |
|
| 1139 |
my $searchBase = $ldapConfig->{$o}{'base'};
|
|
| 1140 |
my $dnBase = $ldapConfig->{$o}{'dn'};
|
|
| 1141 |
debug("the dn is " . $dnBase);
|
|
| 1142 |
my $ldapUsername = $ldapConfig->{$o}{'user'};
|
|
| 1143 |
my $ldapPassword = $ldapConfig->{$o}{'password'};
|
|
| 1144 |
debug("LDAP connection to $ldapurl...");
|
|
| 1145 |
#if main ldap server is down, a html file containing warning message will be returned |
|
| 1146 |
my $ldap = Net::LDAP->new($ldapurl, timeout => $timeout) or handleLDAPBindFailure($ldapurl); |
|
| 1147 |
|
|
| 1148 |
if ($ldap) {
|
|
| 1149 |
$ldap->start_tls( verify => 'none'); |
|
| 1150 |
debug("Attempting to bind to LDAP server with dn = $ldapUsername, pwd = $ldapPassword");
|
|
| 1151 |
$ldap->bind( version => 3, dn => $ldapUsername, password => $ldapPassword ); |
|
| 1152 |
|
|
| 1153 |
my $dn = 'uid=' . $query->param('uid') . ',' . $dnBase;
|
|
| 1154 |
debug("Inserting new entry for: $dn");
|
|
| 1155 | 1110 |
|
| 1156 |
# Create a hashed version of the password |
|
| 1157 |
my $shapass = createSeededPassHash($query->param('userPassword'));
|
|
| 1158 |
|
|
| 1159 |
# Do the insertion |
|
| 1160 |
my $additions = [ |
|
| 1161 |
'uid' => $query->param('uid'),
|
|
| 1162 |
'o' => $query->param('o'),
|
|
| 1163 |
'cn' => join(" ", $query->param('givenName'),
|
|
| 1164 |
$query->param('sn')),
|
|
| 1165 |
'sn' => $query->param('sn'),
|
|
| 1166 |
'givenName' => $query->param('givenName'),
|
|
| 1167 |
'mail' => $query->param('mail'),
|
|
| 1168 |
'userPassword' => $shapass, |
|
| 1169 |
'objectclass' => ['top', 'person', 'organizationalPerson', |
|
| 1170 |
'inetOrgPerson', 'uidObject' ] |
|
| 1171 |
]; |
|
| 1172 |
if (defined($query->param('telephoneNumber')) &&
|
|
| 1173 |
$query->param('telephoneNumber') &&
|
|
| 1174 |
! $query->param('telephoneNumber') =~ /^\s+$/) {
|
|
| 1175 |
$$additions[$#$additions + 1] = 'telephoneNumber'; |
|
| 1176 |
$$additions[$#$additions + 1] = $query->param('telephoneNumber');
|
|
| 1177 |
} |
|
| 1178 |
if (defined($query->param('title')) &&
|
|
| 1179 |
$query->param('title') &&
|
|
| 1180 |
! $query->param('title') =~ /^\s+$/) {
|
|
| 1181 |
$$additions[$#$additions + 1] = 'title'; |
|
| 1182 |
$$additions[$#$additions + 1] = $query->param('title');
|
|
| 1183 |
} |
|
| 1184 |
my $result = $ldap->add ( 'dn' => $dn, 'attr' => [ @$additions ]); |
|
| 1185 |
|
|
| 1186 |
if ($result->code()) {
|
|
| 1187 |
fullTemplate( ['registerFailed', 'register'], { stage => "register",
|
|
| 1188 |
allParams => $allParams, |
|
| 1189 |
errorMessage => $result->error }); |
|
| 1190 |
# TODO SCW was included as separate errors, test this |
|
| 1191 |
#$templateVars = setVars({ stage => "register",
|
|
| 1192 |
# allParams => $allParams }); |
|
| 1193 |
#$template->process( $templates->{'register'}, $templateVars);
|
|
| 1194 |
} else {
|
|
| 1195 |
fullTemplate( ['success'] ); |
|
| 1196 |
} |
|
| 1197 |
|
|
| 1198 |
$ldap->unbind; # take down session |
|
| 1199 |
} |
|
| 1200 |
} |
|
| 1201 |
} |
|
| 1202 |
|
|
| 1203 | 1111 |
# |
| 1204 | 1112 |
# This subroutine will handle a email verification: |
| 1205 | 1113 |
# If the hash string matches the one store in the ldap, the account will be |
Also available in: Unified diff
Add code to generate dc=tmp. Clean up some code.