Project

General

Profile

« Previous | Next » 

Revision 8351

clear temporary accounts that have not been activated after a configurable number of hours. https://projects.ecoinformatics.org/ecoinfo/issues/6099

View differences:

lib/metacat.properties
256 256
organization.org.unaffiliated=o=unaffiliated
257 257
organization.user.unaffiliated=cn=Manager
258 258
organization.password.unaffiliated=
259
organization.expiration.unaffiliated=36
259 260

  
260 261
organization.name.Account=Account
261 262
organization.base.Account=dc=ecoinformatics,dc=org
262 263
organization.org.Account=ou=Account
263 264
organization.user.Account=cn=Manager
264 265
organization.password.Account=
266
organization.expiration.Account=36
265 267

  
266 268
######## XML / EML  #########################################
267 269

  
src/perl/ldapweb.cgi
38 38
use URI;                # for parsing URL syntax
39 39
use Config::Properties; # for parsing Java .properties files
40 40
use File::Basename;     # for path name parsing
41
use DateTime;			# for parsing dates
42
use DateTime::Duration; # for substracting
41 43
use Captcha::reCAPTCHA; # for protection against spams
42 44
use Cwd 'abs_path';
43 45

  
......
320 322
# Define the subroutines to do the work
321 323
#--------------------------------------------------------------------------80c->
322 324

  
325
sub clearTemporaryAccounts {
326
	
327
    #search accounts that have expired
328
	my $org = $query->param('o'); 
329
    my $ldapUsername = $ldapConfig->{$org}{'user'};
330
    my $ldapPassword = $ldapConfig->{$org}{'password'};
331
    my $orgAuthBase = $ldapConfig->{$org}{'base'};
332
    my $orgExpiration = $ldapConfig->{$org}{'expiration'};
333
    my $tmpSearchBase = 'dc=tmp,' . $orgAuthBase; 
334
	
335
	my $dt = DateTime->now;
336
	$dt->subtract( hours => $orgExpiration );
337
	my $expirationDate = $dt->ymd() . $dt->hms() . "Z";
338
    my $filter = "(createTimestamp <= " . $expirationDate . ")";
339
    debug("Clearing expired accounts with filter: " . $filter);
340
    my @attrs = [ 'uid', 'o', 'ou', 'cn', 'mail', 'telephoneNumber', 'title' ];
341

  
342
    my $ldap;
343
    my $mesg;
344
    
345
    my $dn;
346

  
347
    #if main ldap server is down, a html file containing warning message will be returned
348
    debug("clearTempAccounts: connecting to $ldapurl, $timeout");
349
    $ldap = Net::LDAP->new($ldapurl, timeout => $timeout) or handleLDAPBindFailure($ldapurl);
350
    if ($ldap) {
351
    	$ldap->start_tls( verify => 'none');
352
        $ldap->bind( version => 3, dn => $ldapUsername, password => $ldapPassword ); 
353
		$mesg = $ldap->search (
354
			base   => $base,
355
			filter => $filter,
356
			attrs => \@attrs,
357
		);
358

  
359
	    if ($mesg->count() > 0) {
360
			my $entry;
361
			foreach $entry ($mesg->all_entries) { 
362
            	$dn = $entry->dn();
363
            	# remove the entry
364
   				debug("DRY RUN: Removing expired account: " . $dn);
365
            	#$ldap->delete($dn);
366
			}
367
        }
368
    	$ldap->unbind;   # take down session
369
    }
370

  
371
    return $foundAccounts;
372
}
373

  
323 374
sub fullTemplate {
324 375
    my $templateList = shift;
325 376
    my $templateVars = setVars(shift);
......
503 554
        my $o = $query->param('o');    
504 555
        $searchBase = $ldapConfig->{$o}{'base'};  
505 556
    }
557
    
558
    # Remove any expired temporary accounts for this subtree before continuing
559
    clearTemporaryAccounts();
506 560

  
507 561
    # Search LDAP for matching entries that already exist
508 562
    # Some forms use a single text search box, whereas others search per

Also available in: Unified diff