Revision 8220
Added by Jing Tao over 11 years ago
ldapweb.cgi | ||
---|---|---|
351 | 351 |
sub handleRegister { |
352 | 352 |
|
353 | 353 |
print "Content-type: text/html\n\n"; |
354 |
if ($query->param('o') =~ "LTER") { |
|
355 |
fullTemplate( ['registerLter'] ); |
|
356 |
exit(0); |
|
357 |
} |
|
354 | 358 |
|
355 |
|
|
356 | 359 |
my $allParams = { 'givenName' => $query->param('givenName'), |
357 | 360 |
'sn' => $query->param('sn'), |
358 | 361 |
'o' => $query->param('o'), |
... | ... | |
912 | 915 |
sub createTemporaryAccount { |
913 | 916 |
my $allParams = shift; |
914 | 917 |
my $org = $query->param('o'); |
915 |
|
|
918 |
my $ldapUsername = $ldapConfig->{$org}{'user'}; |
|
919 |
my $ldapPassword = $ldapConfig->{$org}{'password'}; |
|
920 |
my $tmp = 1; |
|
916 | 921 |
|
922 |
################## Search LDAP to see if the dc=tmp which stores the inactive accounts exist or not. If it doesn't exist, it will be generated |
|
923 |
my $orgAuthBase = $ldapConfig->{$org}{'base'}; |
|
924 |
my $tmpSearchBase = 'dc=tmp,' . $orgAuthBase; |
|
925 |
my $tmpFilter = "dc=tmp"; |
|
926 |
my @attributes=['dc']; |
|
927 |
my $foundTmp = searchDirectory($ldapurl, $orgAuthBase, $tmpFilter, \@attributes); |
|
928 |
if (!$foundTmp) { |
|
929 |
my $dn = $tmpSearchBase; |
|
930 |
my $additions = [ |
|
931 |
'dc' => 'tmp', |
|
932 |
'o' => 'tmp', |
|
933 |
'objectclass' => ['top', 'dcObject', 'organization'] |
|
934 |
]; |
|
935 |
createItem($dn, $ldapUsername, $ldapPassword, $additions, $tmp, $allParams); |
|
936 |
} else { |
|
937 |
debug("found the tmp space"); |
|
938 |
} |
|
917 | 939 |
|
918 |
################## Search LDAP for matching o or ou that already exist |
|
919 |
my $orgAuthBase = $ldapConfig->{$org}{'base'};; |
|
940 |
################## Search LDAP for matching o or ou under the dc=tmp that already exist. If it doesn't exist, it will be generated |
|
920 | 941 |
my $filter = $ldapConfig->{$org}{'filter'}; |
921 |
my $tmpSearchBase = 'dc=tmp,' . $orgAuthBase; |
|
942 |
|
|
922 | 943 |
debug("search filer " . $filter); |
923 | 944 |
debug("ldap server ". $ldapurl); |
924 | 945 |
debug("sesarch base " . $tmpSearchBase); |
925 | 946 |
print "Content-type: text/html\n\n"; |
926 | 947 |
my @attrs = ['o', 'ou' ]; |
927 | 948 |
my $found = searchDirectory($ldapurl, $tmpSearchBase, $filter, \@attrs); |
928 |
|
|
929 |
my $ldapUsername = $ldapConfig->{$org}{'user'}; |
|
930 |
my $ldapPassword = $ldapConfig->{$org}{'password'}; |
|
931 |
debug("LDAP connection to $ldapurl..."); |
|
932 |
|
|
933 |
my @organizationInfo = split('=', $ldapConfig->{$org}{'org'}); #split 'o=NCEAS' or something like that |
|
934 |
my $organization = $organizationInfo[0]; # This will be 'o' or 'ou' |
|
935 |
my $organizationName = $organizationInfo[1]; # This will be 'NCEAS' or 'Account' |
|
949 |
|
|
950 |
my @organizationInfo = split('=', $ldapConfig->{$org}{'org'}); #split 'o=NCEAS' or something like that |
|
951 |
my $organization = $organizationInfo[0]; # This will be 'o' or 'ou' |
|
952 |
my $organizationName = $organizationInfo[1]; # This will be 'NCEAS' or 'Account' |
|
936 | 953 |
|
937 | 954 |
if(!$found) { |
938 | 955 |
debug("generate the subtree in the dc=tmp==========================="); |
939 | 956 |
#need to generate the subtree o or ou |
940 |
my $dn; |
|
941 |
#if main ldap server is down, a html file containing warning message will be returned |
|
942 |
my $ldap = Net::LDAP->new($ldapurl, timeout => $timeout) or handleLDAPBindFailure($ldapurl); |
|
943 |
if ($ldap) { |
|
944 |
$ldap->start_tls( verify => 'none'); |
|
945 |
debug("Attempting to bind to LDAP server with dn = $ldapUsername, pwd = $ldapPassword"); |
|
946 |
$ldap->bind( version => 3, dn => $ldapUsername, password => $ldapPassword ); |
|
947 |
my $additions; |
|
957 |
my $additions; |
|
948 | 958 |
if($organization eq 'ou') { |
949 | 959 |
$additions = [ |
950 | 960 |
$organization => $organizationName, |
... | ... | |
958 | 968 |
]; |
959 | 969 |
|
960 | 970 |
} |
961 |
|
|
962 |
$dn=$ldapConfig->{$org}{'org'} . ',' . $tmpSearchBase; |
|
963 |
# Do the insertion |
|
964 |
my $result = $ldap->add ( 'dn' => $dn, 'attr' => [ @$additions ]); |
|
965 |
if ($result->code()) { |
|
966 |
fullTemplate( ['registerFailed', 'register'], { stage => "register", |
|
967 |
allParams => $allParams, |
|
968 |
errorMessage => $result->error }); |
|
969 |
$ldap->unbind; # take down session |
|
970 |
exist(0) |
|
971 |
# TODO SCW was included as separate errors, test this |
|
972 |
#$templateVars = setVars({ stage => "register", |
|
973 |
# allParams => $allParams }); |
|
974 |
#$template->process( $templates->{'register'}, $templateVars); |
|
975 |
} |
|
976 |
$ldap->unbind; # take down session |
|
977 |
} else { |
|
978 |
fullTemplate( ['registerFailed', 'register'], { stage => "register", |
|
979 |
allParams => $allParams, |
|
980 |
errorMessage => "The ldap server is not available now. Please try it later"}); |
|
981 |
exit(0); |
|
982 |
} |
|
983 |
|
|
971 |
my $dn=$ldapConfig->{$org}{'org'} . ',' . $tmpSearchBase; |
|
972 |
createItem($dn, $ldapUsername, $ldapPassword, $additions, $tmp, $allParams); |
|
984 | 973 |
} |
985 | 974 |
|
986 | 975 |
################create an account under tmp subtree |
... | ... | |
1019 | 1008 |
#$$additions[$#$additions + 1] = 'o'; |
1020 | 1009 |
#$$additions[$#$additions + 1] = $org; |
1021 | 1010 |
my $dn='uid=' . $query->param('uid') . ',' . $ldapConfig->{$org}{'org'} . ',' . $tmpSearchBase; |
1022 |
my $tmp = 1; |
|
1023 |
createAccount2($dn, $ldapUsername, $ldapPassword, $additions, $tmp, $allParams); |
|
1011 |
createItem($dn, $ldapUsername, $ldapPassword, $additions, $tmp, $allParams); |
|
1024 | 1012 |
|
1025 | 1013 |
|
1026 | 1014 |
####################send the verification email to the user |
... | ... | |
1065 | 1053 |
} |
1066 | 1054 |
|
1067 | 1055 |
# |
1068 |
# Bind to LDAP and create a new account using the information provided
|
|
1056 |
# Bind to LDAP and create a new item (a user or subtree) using the information provided
|
|
1069 | 1057 |
# by the user |
1070 | 1058 |
# |
1071 |
sub createAccount2 {
|
|
1059 |
sub createItem {
|
|
1072 | 1060 |
my $dn = shift; |
1073 | 1061 |
my $ldapUsername = shift; |
1074 | 1062 |
my $ldapPassword = shift; |
... | ... | |
1096 | 1084 |
fullTemplate(@failureTemplate, { stage => "register", |
1097 | 1085 |
allParams => $allParams, |
1098 | 1086 |
errorMessage => $result->error }); |
1087 |
exist(0); |
|
1099 | 1088 |
# TODO SCW was included as separate errors, test this |
1100 | 1089 |
#$templateVars = setVars({ stage => "register", |
1101 | 1090 |
# allParams => $allParams }); |
... | ... | |
1114 | 1103 |
|
1115 | 1104 |
} |
1116 | 1105 |
|
1117 |
# |
|
1118 |
# Bind to LDAP and create a new account using the information provided |
|
1119 |
# by the user |
|
1120 |
# |
|
1121 |
sub createAccount { |
|
1122 |
my $allParams = shift; |
|
1123 | 1106 |
|
1124 |
if ($query->param('o') =~ "LTER") { |
|
1125 |
fullTemplate( ['registerLter'] ); |
|
1126 |
} else { |
|
1127 | 1107 |
|
1128 |
# Be sure the passwords match |
|
1129 |
if ($query->param('userPassword') !~ $query->param('userPassword2')) { |
|
1130 |
my $errorMessage = "The passwords do not match. Try again."; |
|
1131 |
fullTemplate( ['registerFailed', 'register'], { stage => "register", |
|
1132 |
allParams => $allParams, |
|
1133 |
errorMessage => $errorMessage }); |
|
1134 |
exit(); |
|
1135 |
} |
|
1136 | 1108 |
|
1137 |
my $o = $query->param('o'); |
|
1138 | 1109 |
|
1139 |
my $searchBase = $ldapConfig->{$o}{'base'}; |
|
1140 |
my $dnBase = $ldapConfig->{$o}{'dn'}; |
|
1141 |
debug("the dn is " . $dnBase); |
|
1142 |
my $ldapUsername = $ldapConfig->{$o}{'user'}; |
|
1143 |
my $ldapPassword = $ldapConfig->{$o}{'password'}; |
|
1144 |
debug("LDAP connection to $ldapurl..."); |
|
1145 |
#if main ldap server is down, a html file containing warning message will be returned |
|
1146 |
my $ldap = Net::LDAP->new($ldapurl, timeout => $timeout) or handleLDAPBindFailure($ldapurl); |
|
1147 |
|
|
1148 |
if ($ldap) { |
|
1149 |
$ldap->start_tls( verify => 'none'); |
|
1150 |
debug("Attempting to bind to LDAP server with dn = $ldapUsername, pwd = $ldapPassword"); |
|
1151 |
$ldap->bind( version => 3, dn => $ldapUsername, password => $ldapPassword ); |
|
1152 |
|
|
1153 |
my $dn = 'uid=' . $query->param('uid') . ',' . $dnBase; |
|
1154 |
debug("Inserting new entry for: $dn"); |
|
1155 | 1110 |
|
1156 |
# Create a hashed version of the password |
|
1157 |
my $shapass = createSeededPassHash($query->param('userPassword')); |
|
1158 |
|
|
1159 |
# Do the insertion |
|
1160 |
my $additions = [ |
|
1161 |
'uid' => $query->param('uid'), |
|
1162 |
'o' => $query->param('o'), |
|
1163 |
'cn' => join(" ", $query->param('givenName'), |
|
1164 |
$query->param('sn')), |
|
1165 |
'sn' => $query->param('sn'), |
|
1166 |
'givenName' => $query->param('givenName'), |
|
1167 |
'mail' => $query->param('mail'), |
|
1168 |
'userPassword' => $shapass, |
|
1169 |
'objectclass' => ['top', 'person', 'organizationalPerson', |
|
1170 |
'inetOrgPerson', 'uidObject' ] |
|
1171 |
]; |
|
1172 |
if (defined($query->param('telephoneNumber')) && |
|
1173 |
$query->param('telephoneNumber') && |
|
1174 |
! $query->param('telephoneNumber') =~ /^\s+$/) { |
|
1175 |
$$additions[$#$additions + 1] = 'telephoneNumber'; |
|
1176 |
$$additions[$#$additions + 1] = $query->param('telephoneNumber'); |
|
1177 |
} |
|
1178 |
if (defined($query->param('title')) && |
|
1179 |
$query->param('title') && |
|
1180 |
! $query->param('title') =~ /^\s+$/) { |
|
1181 |
$$additions[$#$additions + 1] = 'title'; |
|
1182 |
$$additions[$#$additions + 1] = $query->param('title'); |
|
1183 |
} |
|
1184 |
my $result = $ldap->add ( 'dn' => $dn, 'attr' => [ @$additions ]); |
|
1185 |
|
|
1186 |
if ($result->code()) { |
|
1187 |
fullTemplate( ['registerFailed', 'register'], { stage => "register", |
|
1188 |
allParams => $allParams, |
|
1189 |
errorMessage => $result->error }); |
|
1190 |
# TODO SCW was included as separate errors, test this |
|
1191 |
#$templateVars = setVars({ stage => "register", |
|
1192 |
# allParams => $allParams }); |
|
1193 |
#$template->process( $templates->{'register'}, $templateVars); |
|
1194 |
} else { |
|
1195 |
fullTemplate( ['success'] ); |
|
1196 |
} |
|
1197 |
|
|
1198 |
$ldap->unbind; # take down session |
|
1199 |
} |
|
1200 |
} |
|
1201 |
} |
|
1202 |
|
|
1203 | 1111 |
# |
1204 | 1112 |
# This subroutine will handle a email verification: |
1205 | 1113 |
# If the hash string matches the one store in the ldap, the account will be |
Also available in: Unified diff
Add code to generate dc=tmp. Clean up some code.