line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
|
|
|
|
|
|
#!/usr/bin/perl -w |
2
|
|
|
|
|
|
|
|
3
|
|
|
|
|
|
|
package Apache::Sling::LDAPSynch; |
4
|
|
|
|
|
|
|
|
5
|
1
|
|
|
1
|
|
2636
|
use 5.008001; |
|
1
|
|
|
|
|
3
|
|
|
1
|
|
|
|
|
38
|
|
6
|
1
|
|
|
1
|
|
4
|
use strict; |
|
1
|
|
|
|
|
2
|
|
|
1
|
|
|
|
|
29
|
|
7
|
1
|
|
|
1
|
|
73
|
use warnings; |
|
1
|
|
|
|
|
2
|
|
|
1
|
|
|
|
|
26
|
|
8
|
1
|
|
|
1
|
|
12
|
use Carp; |
|
1
|
|
|
|
|
2
|
|
|
1
|
|
|
|
|
59
|
|
9
|
1
|
|
|
1
|
|
1188
|
use Getopt::Long qw(:config bundling); |
|
1
|
|
|
|
|
404919
|
|
|
1
|
|
|
|
|
10
|
|
10
|
1
|
|
|
1
|
|
285
|
use Apache::Sling; |
|
1
|
|
|
|
|
2
|
|
|
1
|
|
|
|
|
43
|
|
11
|
1
|
|
|
1
|
|
6
|
use Apache::Sling::Authn; |
|
1
|
|
|
|
|
3
|
|
|
1
|
|
|
|
|
42
|
|
12
|
1
|
|
|
1
|
|
912
|
use Apache::Sling::Content; |
|
1
|
|
|
|
|
3
|
|
|
1
|
|
|
|
|
70
|
|
13
|
1
|
|
|
1
|
|
1085
|
use Apache::Sling::User; |
|
1
|
|
|
|
|
3
|
|
|
1
|
|
|
|
|
47
|
|
14
|
1
|
|
|
1
|
|
1114
|
use Data::Dumper; |
|
1
|
|
|
|
|
5866
|
|
|
1
|
|
|
|
|
69
|
|
15
|
1
|
|
|
1
|
|
9
|
use Fcntl ':flock'; |
|
1
|
|
|
|
|
2
|
|
|
1
|
|
|
|
|
141
|
|
16
|
1
|
|
|
1
|
|
5
|
use File::Temp; |
|
1
|
|
|
|
|
2
|
|
|
1
|
|
|
|
|
72
|
|
17
|
1
|
|
|
1
|
|
927
|
use Net::LDAP; |
|
1
|
|
|
|
|
187380
|
|
|
1
|
|
|
|
|
9
|
|
18
|
|
|
|
|
|
|
|
19
|
|
|
|
|
|
|
require Exporter; |
20
|
|
|
|
|
|
|
|
21
|
1
|
|
|
1
|
|
94
|
use base qw(Exporter); |
|
1
|
|
|
|
|
2
|
|
|
1
|
|
|
|
|
4864
|
|
22
|
|
|
|
|
|
|
|
23
|
|
|
|
|
|
|
our @EXPORT_OK = qw(command_line); |
24
|
|
|
|
|
|
|
|
25
|
|
|
|
|
|
|
our $VERSION = '0.27'; |
26
|
|
|
|
|
|
|
|
27
|
|
|
|
|
|
|
#{{{sub new |
28
|
|
|
|
|
|
|
|
29
|
|
|
|
|
|
|
sub new { |
30
|
|
|
|
|
|
|
my ( |
31
|
2
|
|
|
2
|
1
|
1530
|
$class, $ldap_host, $ldap_base, $filter, $dn, |
32
|
|
|
|
|
|
|
$pass, $authn, $disabled, $verbose, $log |
33
|
|
|
|
|
|
|
) = @_; |
34
|
2
|
100
|
|
|
|
8
|
if ( !defined $authn ) { croak 'no authn provided!'; } |
|
1
|
|
|
|
|
38
|
|
35
|
1
|
50
|
|
|
|
5
|
$disabled = ( defined $disabled ? $disabled : q(sling:disabled) ); |
36
|
1
|
50
|
|
|
|
5
|
$filter = ( defined $filter ? $filter : q(uid) ); |
37
|
1
|
50
|
|
|
|
4
|
$verbose = ( defined $verbose ? $verbose : 0 ); |
38
|
|
|
|
|
|
|
|
39
|
|
|
|
|
|
|
# Directory containing the cache and user_list files: |
40
|
1
|
|
|
|
|
2
|
my $synch_cache_path = |
41
|
|
|
|
|
|
|
q(_user/a/ad/admin/private/ldap_synch_cache_system_files); |
42
|
|
|
|
|
|
|
|
43
|
|
|
|
|
|
|
# Directory containing backups of the cache and user_list files: |
44
|
1
|
|
|
|
|
3
|
my $synch_cache_backup_path = |
45
|
|
|
|
|
|
|
q(_user/a/ad/admin/private/ldap_synch_cache_system_files_backup); |
46
|
|
|
|
|
|
|
|
47
|
|
|
|
|
|
|
# List of specific users previously ingested in to the sling system and their status: |
48
|
1
|
|
|
|
|
1
|
my $synch_cache_file = q(cache.txt); |
49
|
|
|
|
|
|
|
|
50
|
|
|
|
|
|
|
# List of specific ldap users that are to be ingested in to the sling system: |
51
|
1
|
|
|
|
|
4
|
my $synch_user_list = q(user_list.txt); |
52
|
1
|
|
|
|
|
1
|
my $ldap; |
53
|
1
|
50
|
|
|
|
10
|
my $content = Apache::Sling::Content->new( $authn, $verbose, $log ) |
54
|
|
|
|
|
|
|
or croak q(Problem creating Sling content object!); |
55
|
1
|
50
|
|
|
|
12
|
my $user = Apache::Sling::User->new( $authn, $verbose, $log ) |
56
|
|
|
|
|
|
|
or croak q(Problem creating Sling user object!); |
57
|
1
|
|
|
|
|
16
|
my $ldap_synch = { |
58
|
|
|
|
|
|
|
CacheBackupPath => $synch_cache_backup_path, |
59
|
|
|
|
|
|
|
CachePath => $synch_cache_path, |
60
|
|
|
|
|
|
|
CacheFile => $synch_cache_file, |
61
|
|
|
|
|
|
|
Content => \$content, |
62
|
|
|
|
|
|
|
Disabled => $disabled, |
63
|
|
|
|
|
|
|
LDAP => \$ldap, |
64
|
|
|
|
|
|
|
LDAPbase => $ldap_base, |
65
|
|
|
|
|
|
|
LDAPDN => $dn, |
66
|
|
|
|
|
|
|
LDAPHost => $ldap_host, |
67
|
|
|
|
|
|
|
LDAPPass => $pass, |
68
|
|
|
|
|
|
|
Filter => $filter, |
69
|
|
|
|
|
|
|
Log => $log, |
70
|
|
|
|
|
|
|
Message => q(), |
71
|
|
|
|
|
|
|
User => \$user, |
72
|
|
|
|
|
|
|
UserList => $synch_user_list, |
73
|
|
|
|
|
|
|
Verbose => $verbose |
74
|
|
|
|
|
|
|
}; |
75
|
1
|
|
|
|
|
2
|
bless $ldap_synch, $class; |
76
|
1
|
|
|
|
|
3
|
return $ldap_synch; |
77
|
|
|
|
|
|
|
} |
78
|
|
|
|
|
|
|
|
79
|
|
|
|
|
|
|
#}}} |
80
|
|
|
|
|
|
|
|
81
|
|
|
|
|
|
|
#{{{sub ldap_connect |
82
|
|
|
|
|
|
|
|
83
|
|
|
|
|
|
|
sub ldap_connect { |
84
|
0
|
|
|
0
|
1
|
0
|
my ($class) = @_; |
85
|
0
|
0
|
|
|
|
0
|
$class->{'LDAP'} = Net::LDAP->new( $class->{'LDAPHost'} ) |
86
|
|
|
|
|
|
|
or croak 'Problem opening a connection to the LDAP server!'; |
87
|
0
|
0
|
0
|
|
|
0
|
if ( defined $class->{'LDAPDN'} && defined $class->{'LDAPPASS'} ) { |
88
|
0
|
0
|
|
|
|
0
|
my $mesg = $class->{'LDAP'}->bind( |
89
|
|
|
|
|
|
|
$class->{'LDAPDN'}, |
90
|
|
|
|
|
|
|
password => $class->{'LDAPPASS'}, |
91
|
|
|
|
|
|
|
version => '3' |
92
|
|
|
|
|
|
|
) or croak 'Problem with authenticated bind to LDAP server!'; |
93
|
|
|
|
|
|
|
} |
94
|
|
|
|
|
|
|
else { |
95
|
0
|
0
|
|
|
|
0
|
my $mesg = $class->{'LDAP'}->bind( version => '3' ) |
96
|
|
|
|
|
|
|
or croak 'Problem with anonymous bind to LDAP server!'; |
97
|
|
|
|
|
|
|
} |
98
|
0
|
|
|
|
|
0
|
return 1; |
99
|
|
|
|
|
|
|
} |
100
|
|
|
|
|
|
|
|
101
|
|
|
|
|
|
|
#}}} |
102
|
|
|
|
|
|
|
|
103
|
|
|
|
|
|
|
#{{{sub ldap_search |
104
|
|
|
|
|
|
|
|
105
|
|
|
|
|
|
|
sub ldap_search { |
106
|
0
|
|
|
0
|
1
|
0
|
my ( $class, $search, $attrs ) = @_; |
107
|
0
|
|
|
|
|
0
|
$class->ldap_connect; |
108
|
0
|
|
|
|
|
0
|
return $class->{'LDAP'}->search( |
109
|
|
|
|
|
|
|
base => $class->{'LDAPbase'}, |
110
|
|
|
|
|
|
|
scope => 'sub', |
111
|
|
|
|
|
|
|
filter => "$search", |
112
|
|
|
|
|
|
|
attrs => $attrs |
113
|
|
|
|
|
|
|
)->as_struct; |
114
|
|
|
|
|
|
|
} |
115
|
|
|
|
|
|
|
|
116
|
|
|
|
|
|
|
#}}} |
117
|
|
|
|
|
|
|
|
118
|
|
|
|
|
|
|
#{{{sub init_synch_cache |
119
|
|
|
|
|
|
|
|
120
|
|
|
|
|
|
|
sub init_synch_cache { |
121
|
0
|
|
|
0
|
1
|
0
|
my ($class) = @_; |
122
|
0
|
0
|
|
|
|
0
|
if ( !${ $class->{'Content'} } |
|
0
|
|
|
|
|
0
|
|
123
|
|
|
|
|
|
|
->check_exists( $class->{'CachePath'} . q(/) . $class->{'CacheFile'} ) ) |
124
|
|
|
|
|
|
|
{ |
125
|
0
|
|
|
|
|
0
|
my ( $tmp_cache_file_handle, $tmp_cache_file_name ) = |
126
|
|
|
|
|
|
|
File::Temp::tempfile(); |
127
|
0
|
|
|
|
|
0
|
my %synch_cache; |
128
|
0
|
0
|
|
|
|
0
|
print {$tmp_cache_file_handle} |
|
0
|
|
|
|
|
0
|
|
129
|
|
|
|
|
|
|
Data::Dumper->Dump( [ \%synch_cache ], [qw( synch_cache )] ) |
130
|
|
|
|
|
|
|
or croak q(Unable to print initial data dump of synch cache to file!); |
131
|
0
|
0
|
|
|
|
0
|
close $tmp_cache_file_handle |
132
|
|
|
|
|
|
|
or croak |
133
|
|
|
|
|
|
|
q(Problem closing temporary file handle when initializing synch cache); |
134
|
0
|
0
|
|
|
|
0
|
${ $class->{'Content'} } |
|
0
|
|
|
|
|
0
|
|
135
|
|
|
|
|
|
|
->upload_file( $tmp_cache_file_name, $class->{'CachePath'}, |
136
|
|
|
|
|
|
|
$class->{'CacheFile'} ) |
137
|
|
|
|
|
|
|
or croak q(Unable to initialize LDAP synch cache file!); |
138
|
0
|
0
|
|
|
|
0
|
unlink $tmp_cache_file_name |
139
|
|
|
|
|
|
|
or croak |
140
|
|
|
|
|
|
|
q(Problem clearing up temporary file after init of synch cache!); |
141
|
|
|
|
|
|
|
} |
142
|
0
|
|
|
|
|
0
|
return 1; |
143
|
|
|
|
|
|
|
} |
144
|
|
|
|
|
|
|
|
145
|
|
|
|
|
|
|
#}}} |
146
|
|
|
|
|
|
|
|
147
|
|
|
|
|
|
|
#{{{sub get_synch_cache |
148
|
|
|
|
|
|
|
|
149
|
|
|
|
|
|
|
sub get_synch_cache { |
150
|
0
|
|
|
0
|
1
|
0
|
my ($class) = @_; |
151
|
0
|
|
|
|
|
0
|
$class->init_synch_cache(); |
152
|
0
|
0
|
|
|
|
0
|
if ( !${ $class->{'Content'} } |
|
0
|
|
|
|
|
0
|
|
153
|
|
|
|
|
|
|
->check_exists( $class->{'CachePath'} . q(/) . $class->{'CacheFile'} ) ) |
154
|
|
|
|
|
|
|
{ |
155
|
0
|
|
|
|
|
0
|
croak q(No synch cache file present - initialization must have failed!); |
156
|
|
|
|
|
|
|
} |
157
|
0
|
0
|
|
|
|
0
|
${ $class->{'Content'} } |
|
0
|
|
|
|
|
0
|
|
158
|
|
|
|
|
|
|
->view_file( $class->{'CachePath'} . q(/) . $class->{'CacheFile'} ) |
159
|
|
|
|
|
|
|
or croak q(Problem viewing synch cache file); |
160
|
0
|
|
|
|
|
0
|
my $synch_cache; |
161
|
0
|
|
|
|
|
0
|
my $success = eval ${ $class->{'Content'} }->{'Message'}; |
|
0
|
|
|
|
|
0
|
|
162
|
0
|
0
|
|
|
|
0
|
if ( !defined $success ) { |
163
|
0
|
|
|
|
|
0
|
croak q{Error parsing synchronized cache dump.}; |
164
|
|
|
|
|
|
|
} |
165
|
0
|
|
|
|
|
0
|
return $synch_cache; |
166
|
|
|
|
|
|
|
} |
167
|
|
|
|
|
|
|
|
168
|
|
|
|
|
|
|
#}}} |
169
|
|
|
|
|
|
|
|
170
|
|
|
|
|
|
|
#{{{sub update_synch_cache |
171
|
|
|
|
|
|
|
|
172
|
|
|
|
|
|
|
sub update_synch_cache { |
173
|
0
|
|
|
0
|
1
|
0
|
my ( $class, $synch_cache ) = @_; |
174
|
0
|
|
|
|
|
0
|
my ( $tmp_cache_file_handle, $tmp_cache_file_name ) = |
175
|
|
|
|
|
|
|
File::Temp::tempfile(); |
176
|
0
|
0
|
|
|
|
0
|
print {$tmp_cache_file_handle} |
|
0
|
|
|
|
|
0
|
|
177
|
|
|
|
|
|
|
Data::Dumper->Dump( [$synch_cache], [qw( synch_cache )] ) |
178
|
|
|
|
|
|
|
or croak q(Unable to print data dump of synch cache to file!); |
179
|
0
|
0
|
|
|
|
0
|
close $tmp_cache_file_handle |
180
|
|
|
|
|
|
|
or croak |
181
|
|
|
|
|
|
|
q(Problem closing temporary file handle when updating synch cache); |
182
|
0
|
0
|
|
|
|
0
|
${ $class->{'Content'} } |
|
0
|
|
|
|
|
0
|
|
183
|
|
|
|
|
|
|
->upload_file( $tmp_cache_file_name, $class->{'CachePath'}, |
184
|
|
|
|
|
|
|
$class->{'CacheFile'} ) |
185
|
|
|
|
|
|
|
or croak q(Unable to update LDAP synch cache file!); |
186
|
0
|
|
|
|
|
0
|
my $time = time; |
187
|
0
|
0
|
|
|
|
0
|
${ $class->{'Content'} } |
|
0
|
|
|
|
|
0
|
|
188
|
|
|
|
|
|
|
->upload_file( $tmp_cache_file_name, $class->{'CacheBackupPath'}, |
189
|
|
|
|
|
|
|
"cache$time.txt" ) |
190
|
|
|
|
|
|
|
or croak q(Unable to create LDAP synch cache backup file!); |
191
|
0
|
0
|
|
|
|
0
|
unlink $tmp_cache_file_name |
192
|
|
|
|
|
|
|
or croak |
193
|
|
|
|
|
|
|
q(Problem clearing up temporary file after updating synch cache!); |
194
|
0
|
|
|
|
|
0
|
return 1; |
195
|
|
|
|
|
|
|
} |
196
|
|
|
|
|
|
|
|
197
|
|
|
|
|
|
|
#}}} |
198
|
|
|
|
|
|
|
|
199
|
|
|
|
|
|
|
#{{{sub get_synch_user_list |
200
|
|
|
|
|
|
|
|
201
|
|
|
|
|
|
|
sub get_synch_user_list { |
202
|
0
|
|
|
0
|
1
|
0
|
my ($class) = @_; |
203
|
0
|
0
|
|
|
|
0
|
if ( !${ $class->{'Content'} } |
|
0
|
|
|
|
|
0
|
|
204
|
|
|
|
|
|
|
->check_exists( $class->{'CachePath'} . q(/) . $class->{'UserList'} ) ) |
205
|
|
|
|
|
|
|
{ |
206
|
0
|
|
|
|
|
0
|
croak q(No user list file present - you need to create one!); |
207
|
|
|
|
|
|
|
} |
208
|
0
|
0
|
|
|
|
0
|
${ $class->{'Content'} } |
|
0
|
|
|
|
|
0
|
|
209
|
|
|
|
|
|
|
->view_file( $class->{'CachePath'} . q(/) . $class->{'UserList'} ) |
210
|
|
|
|
|
|
|
or croak q(Problem viewing synch user list); |
211
|
0
|
|
|
|
|
0
|
my $synch_user_list; |
212
|
0
|
|
|
|
|
0
|
my $success = eval ${ $class->{'Content'} }->{'Message'}; |
|
0
|
|
|
|
|
0
|
|
213
|
0
|
0
|
|
|
|
0
|
if ( !defined $success ) { |
214
|
0
|
|
|
|
|
0
|
croak q{Error parsing synchronized user list dump.}; |
215
|
|
|
|
|
|
|
} |
216
|
0
|
|
|
|
|
0
|
return $synch_user_list; |
217
|
|
|
|
|
|
|
} |
218
|
|
|
|
|
|
|
|
219
|
|
|
|
|
|
|
#}}} |
220
|
|
|
|
|
|
|
|
221
|
|
|
|
|
|
|
#{{{sub update_synch_user_list |
222
|
|
|
|
|
|
|
|
223
|
|
|
|
|
|
|
sub update_synch_user_list { |
224
|
0
|
|
|
0
|
1
|
0
|
my ( $class, $synch_user_list ) = @_; |
225
|
0
|
|
|
|
|
0
|
my ( $tmp_user_list_file_handle, $tmp_user_list_file_name ) = |
226
|
|
|
|
|
|
|
File::Temp::tempfile(); |
227
|
0
|
0
|
|
|
|
0
|
print {$tmp_user_list_file_handle} |
|
0
|
|
|
|
|
0
|
|
228
|
|
|
|
|
|
|
Data::Dumper->Dump( [$synch_user_list], [qw( synch_user_list )] ) |
229
|
|
|
|
|
|
|
or croak q(Unable to print data dump of synch user list to file!); |
230
|
0
|
0
|
|
|
|
0
|
close $tmp_user_list_file_handle |
231
|
|
|
|
|
|
|
or croak |
232
|
|
|
|
|
|
|
q(Problem closing temporary file handle when writing synch user list); |
233
|
0
|
0
|
|
|
|
0
|
${ $class->{'Content'} } |
|
0
|
|
|
|
|
0
|
|
234
|
|
|
|
|
|
|
->upload_file( $tmp_user_list_file_name, $class->{'CachePath'}, |
235
|
|
|
|
|
|
|
$class->{'UserList'} ) |
236
|
|
|
|
|
|
|
or croak |
237
|
|
|
|
|
|
|
q(Unable to upload LDAP synch user list file into sling instance!); |
238
|
0
|
|
|
|
|
0
|
Apache::Sling::Print::print_result( ${ $class->{'Content'} } ); |
|
0
|
|
|
|
|
0
|
|
239
|
0
|
|
|
|
|
0
|
my $time = time; |
240
|
0
|
0
|
|
|
|
0
|
${ $class->{'Content'} } |
|
0
|
|
|
|
|
0
|
|
241
|
|
|
|
|
|
|
->upload_file( $tmp_user_list_file_name, $class->{'CacheBackupPath'}, |
242
|
|
|
|
|
|
|
"user_list$time.txt" ) |
243
|
|
|
|
|
|
|
or croak q(Unable to create LDAP synch user list backup file!); |
244
|
0
|
0
|
|
|
|
0
|
unlink $tmp_user_list_file_name |
245
|
|
|
|
|
|
|
or croak |
246
|
|
|
|
|
|
|
q(Problem clearing up temporary file after updating synch user list!); |
247
|
0
|
|
|
|
|
0
|
return 1; |
248
|
|
|
|
|
|
|
} |
249
|
|
|
|
|
|
|
|
250
|
|
|
|
|
|
|
#}}} |
251
|
|
|
|
|
|
|
|
252
|
|
|
|
|
|
|
#{{{sub download_synch_user_list |
253
|
|
|
|
|
|
|
|
254
|
|
|
|
|
|
|
sub download_synch_user_list { |
255
|
0
|
|
|
0
|
1
|
0
|
my ( $class, $user_list_file ) = @_; |
256
|
0
|
|
|
|
|
0
|
my $synch_user_list = $class->get_synch_user_list; |
257
|
0
|
|
|
|
|
0
|
foreach my $user ( sort keys %{$synch_user_list} ) { |
|
0
|
|
|
|
|
0
|
|
258
|
0
|
0
|
|
|
|
0
|
if ( open my $out, '>>', $user_list_file ) { |
259
|
0
|
|
|
|
|
0
|
flock $out, LOCK_EX; |
260
|
0
|
0
|
|
|
|
0
|
print {$out} $user . "\n" |
|
0
|
|
|
|
|
0
|
|
261
|
|
|
|
|
|
|
or croak |
262
|
|
|
|
|
|
|
q(Problem printing when downloading synchronized user list!); |
263
|
0
|
|
|
|
|
0
|
flock $out, LOCK_UN; |
264
|
0
|
0
|
|
|
|
0
|
close $out |
265
|
|
|
|
|
|
|
or croak |
266
|
|
|
|
|
|
|
q(Problem closing file handle when downloading synchronized user list!); |
267
|
|
|
|
|
|
|
} |
268
|
|
|
|
|
|
|
else { |
269
|
0
|
|
|
|
|
0
|
croak q(Could not open file to download synchronized user list to!); |
270
|
|
|
|
|
|
|
} |
271
|
|
|
|
|
|
|
} |
272
|
0
|
|
|
|
|
0
|
$class->{'Message'} = |
273
|
|
|
|
|
|
|
"Successfully downloaded user list to $user_list_file!"; |
274
|
0
|
|
|
|
|
0
|
return 1; |
275
|
|
|
|
|
|
|
} |
276
|
|
|
|
|
|
|
|
277
|
|
|
|
|
|
|
#}}} |
278
|
|
|
|
|
|
|
|
279
|
|
|
|
|
|
|
#{{{sub upload_synch_user_list |
280
|
|
|
|
|
|
|
|
281
|
|
|
|
|
|
|
sub upload_synch_user_list { |
282
|
0
|
|
|
0
|
1
|
0
|
my ( $class, $user_list_file ) = @_; |
283
|
0
|
|
|
|
|
0
|
my %user_list_hash; |
284
|
0
|
0
|
|
|
|
0
|
if ( open my ($input), '<', $user_list_file ) { |
285
|
0
|
|
|
|
|
0
|
while (<$input>) { |
286
|
0
|
|
|
|
|
0
|
chomp; |
287
|
0
|
|
|
|
|
0
|
$user_list_hash{$_} = 1; |
288
|
|
|
|
|
|
|
} |
289
|
0
|
0
|
|
|
|
0
|
close $input or croak q(Problem closing upload user list file handle!); |
290
|
|
|
|
|
|
|
} |
291
|
|
|
|
|
|
|
else { |
292
|
0
|
|
|
|
|
0
|
croak q(Unable to open synch user list file to parse for upload!); |
293
|
|
|
|
|
|
|
} |
294
|
0
|
|
|
|
|
0
|
$class->update_synch_user_list( \%user_list_hash ); |
295
|
0
|
|
|
|
|
0
|
$class->{'Message'} = |
296
|
|
|
|
|
|
|
q(Successfully uploaded user list for use in subsequent synchronizations!); |
297
|
0
|
|
|
|
|
0
|
return 1; |
298
|
|
|
|
|
|
|
} |
299
|
|
|
|
|
|
|
|
300
|
|
|
|
|
|
|
#}}} |
301
|
|
|
|
|
|
|
|
302
|
|
|
|
|
|
|
#{{{sub parse_attributes |
303
|
|
|
|
|
|
|
|
304
|
|
|
|
|
|
|
sub parse_attributes { |
305
|
3
|
|
|
3
|
1
|
427
|
my ( $ldap_attrs, $sling_attrs, $ldap_attrs_array, $sling_attrs_array ) = |
306
|
|
|
|
|
|
|
@_; |
307
|
3
|
100
|
66
|
|
|
17
|
if ( defined $ldap_attrs_array && defined $sling_attrs_array ) { |
308
|
2
|
50
|
|
|
|
4
|
if ( defined $ldap_attrs ) { |
309
|
2
|
|
|
|
|
6
|
@{$ldap_attrs_array} = split /,/msx, $ldap_attrs; |
|
2
|
|
|
|
|
6
|
|
310
|
|
|
|
|
|
|
} |
311
|
2
|
50
|
|
|
|
5
|
if ( defined $sling_attrs ) { |
312
|
2
|
|
|
|
|
5
|
@{$sling_attrs_array} = split /,/msx, $sling_attrs; |
|
2
|
|
|
|
|
4
|
|
313
|
|
|
|
|
|
|
} |
314
|
2
|
100
|
|
|
|
4
|
if ( @{$ldap_attrs_array} != @{$sling_attrs_array} ) { |
|
2
|
|
|
|
|
3
|
|
|
2
|
|
|
|
|
6
|
|
315
|
1
|
|
|
|
|
18
|
croak |
316
|
|
|
|
|
|
|
q(Number of ldap attributes must match number of sling attributes, ) |
317
|
1
|
|
|
|
|
15
|
. @{$ldap_attrs_array} . ' != ' |
318
|
1
|
|
|
|
|
2
|
. @{$sling_attrs_array}; |
319
|
|
|
|
|
|
|
} |
320
|
|
|
|
|
|
|
} |
321
|
2
|
|
|
|
|
8
|
return 1; |
322
|
|
|
|
|
|
|
} |
323
|
|
|
|
|
|
|
|
324
|
|
|
|
|
|
|
#}}} |
325
|
|
|
|
|
|
|
|
326
|
|
|
|
|
|
|
#{{{sub check_for_property_modifications |
327
|
|
|
|
|
|
|
|
328
|
|
|
|
|
|
|
sub check_for_property_modifications { |
329
|
1
|
|
|
1
|
1
|
3
|
my ( $new_properties, $cached_properties ) = @_; |
330
|
1
|
|
|
|
|
2
|
foreach my $property_key ( keys %{$new_properties} ) { |
|
1
|
|
|
|
|
11
|
|
331
|
1
|
50
|
|
|
|
5
|
if ( !defined $cached_properties->{$property_key} ) { |
332
|
|
|
|
|
|
|
|
333
|
|
|
|
|
|
|
# Found a newly specified property: |
334
|
1
|
|
|
|
|
6
|
return 1; |
335
|
|
|
|
|
|
|
} |
336
|
0
|
0
|
|
|
|
0
|
if ( $new_properties->{$property_key} ne |
337
|
|
|
|
|
|
|
$cached_properties->{$property_key} ) |
338
|
|
|
|
|
|
|
{ |
339
|
|
|
|
|
|
|
|
340
|
|
|
|
|
|
|
# Found a modified property: |
341
|
0
|
|
|
|
|
0
|
return 1; |
342
|
|
|
|
|
|
|
} |
343
|
|
|
|
|
|
|
} |
344
|
0
|
|
|
|
|
0
|
return 0; |
345
|
|
|
|
|
|
|
} |
346
|
|
|
|
|
|
|
|
347
|
|
|
|
|
|
|
#}}} |
348
|
|
|
|
|
|
|
|
349
|
|
|
|
|
|
|
#{{{sub perform_synchronization |
350
|
|
|
|
|
|
|
|
351
|
|
|
|
|
|
|
sub perform_synchronization { |
352
|
0
|
|
|
0
|
1
|
0
|
my ( $class, $array_of_dns, $search_result, $seen_user_ids, $synch_cache, |
353
|
|
|
|
|
|
|
$ldap_attrs_array, $sling_attrs_array ) |
354
|
|
|
|
|
|
|
= @_; |
355
|
0
|
|
|
|
|
0
|
foreach my $dn ( @{$array_of_dns} ) { |
|
0
|
|
|
|
|
0
|
|
356
|
0
|
|
|
|
|
0
|
my $valref = $search_result->{$dn}; |
357
|
0
|
|
|
|
|
0
|
my $index = 0; |
358
|
0
|
|
|
|
|
0
|
my $user_id = @{ $valref->{ $class->{'Filter'} } }[0]; |
|
0
|
|
|
|
|
0
|
|
359
|
0
|
|
|
|
|
0
|
$seen_user_ids->{$user_id} = 1; |
360
|
0
|
|
|
|
|
0
|
my @properties_array; |
361
|
|
|
|
|
|
|
my %properties_hash; |
362
|
0
|
|
|
|
|
0
|
foreach my $ldap_attr ( @{$ldap_attrs_array} ) { |
|
0
|
|
|
|
|
0
|
|
363
|
0
|
|
|
|
|
0
|
my $value = @{ $valref->{$ldap_attr} }[0]; |
|
0
|
|
|
|
|
0
|
|
364
|
0
|
0
|
|
|
|
0
|
if ( defined $value ) { |
365
|
0
|
|
|
|
|
0
|
push @properties_array, |
366
|
0
|
|
|
|
|
0
|
@{$sling_attrs_array}[$index] . q(=) . $value; |
367
|
0
|
|
|
|
|
0
|
$properties_hash{ @{$sling_attrs_array}[$index] } = $value; |
|
0
|
|
|
|
|
0
|
|
368
|
|
|
|
|
|
|
} |
369
|
0
|
|
|
|
|
0
|
$index++; |
370
|
|
|
|
|
|
|
} |
371
|
0
|
0
|
|
|
|
0
|
if ( defined $synch_cache->{$user_id} ) { |
372
|
|
|
|
|
|
|
|
373
|
|
|
|
|
|
|
# We already know about this user from a previous run: |
374
|
0
|
0
|
|
|
|
0
|
if ( $synch_cache->{$user_id}->{ $class->{'Disabled'} } eq '1' ) { |
375
|
|
|
|
|
|
|
|
376
|
|
|
|
|
|
|
# User was previously disabled. Re-enabling: |
377
|
0
|
|
|
|
|
0
|
push @properties_array, $class->{'Disabled'} . '=0'; |
378
|
0
|
0
|
|
|
|
0
|
print "Re-enabling previously disabled user: $user_id\n" |
379
|
|
|
|
|
|
|
or croak q{Problem printing!}; |
380
|
0
|
0
|
|
|
|
0
|
${ $class->{'User'} }->update( $user_id, \@properties_array ) |
|
0
|
|
|
|
|
0
|
|
381
|
|
|
|
|
|
|
or croak q(Problem re-enabling user in sling instance!); |
382
|
0
|
|
|
|
|
0
|
$synch_cache->{$user_id} = \%properties_hash; |
383
|
0
|
|
|
|
|
0
|
$synch_cache->{$user_id}->{ $class->{'Disabled'} } = '0'; |
384
|
|
|
|
|
|
|
} |
385
|
|
|
|
|
|
|
else { |
386
|
|
|
|
|
|
|
|
387
|
|
|
|
|
|
|
# User is enabled in sling already, check for modifications: |
388
|
0
|
0
|
|
|
|
0
|
if ( |
389
|
0
|
|
|
|
|
0
|
check_for_property_modifications( |
390
|
|
|
|
|
|
|
\%properties_hash, \%{ $synch_cache->{$user_id} } |
391
|
|
|
|
|
|
|
) |
392
|
|
|
|
|
|
|
) |
393
|
|
|
|
|
|
|
{ |
394
|
|
|
|
|
|
|
|
395
|
|
|
|
|
|
|
# Modifications are present, so we need to update: |
396
|
0
|
0
|
|
|
|
0
|
print "Updating existing user $user_id\n" |
397
|
|
|
|
|
|
|
or croak q{Problem printing!}; |
398
|
0
|
0
|
|
|
|
0
|
${ $class->{'User'} } |
|
0
|
|
|
|
|
0
|
|
399
|
|
|
|
|
|
|
->update( $user_id, \@properties_array ) |
400
|
|
|
|
|
|
|
or croak q(Problem updating user in sling instance!); |
401
|
0
|
|
|
|
|
0
|
$properties_hash{ $class->{'Disabled'} } = '0'; |
402
|
0
|
|
|
|
|
0
|
$synch_cache->{$user_id} = \%properties_hash; |
403
|
|
|
|
|
|
|
} |
404
|
|
|
|
|
|
|
else { |
405
|
|
|
|
|
|
|
|
406
|
|
|
|
|
|
|
# No modifications present, nothing to do! |
407
|
0
|
0
|
|
|
|
0
|
print "No user modifications, skipping: $user_id\n" |
408
|
|
|
|
|
|
|
or croak q{Problem printing!}; |
409
|
|
|
|
|
|
|
} |
410
|
|
|
|
|
|
|
} |
411
|
|
|
|
|
|
|
} |
412
|
|
|
|
|
|
|
else { |
413
|
|
|
|
|
|
|
|
414
|
|
|
|
|
|
|
# We have never seen this user before: |
415
|
0
|
0
|
|
|
|
0
|
print "Creating new user: $user_id\n" or croak q{Problem printing!}; |
416
|
0
|
0
|
|
|
|
0
|
${ $class->{'User'} } |
|
0
|
|
|
|
|
0
|
|
417
|
|
|
|
|
|
|
->add( $user_id, 'password', \@properties_array ) |
418
|
|
|
|
|
|
|
or croak q(Problem adding new user to sling instance!); |
419
|
0
|
|
|
|
|
0
|
$properties_hash{ $class->{'Disabled'} } = '0'; |
420
|
0
|
|
|
|
|
0
|
$synch_cache->{$user_id} = \%properties_hash; |
421
|
|
|
|
|
|
|
} |
422
|
|
|
|
|
|
|
} |
423
|
0
|
|
|
|
|
0
|
return 0; |
424
|
|
|
|
|
|
|
} |
425
|
|
|
|
|
|
|
|
426
|
|
|
|
|
|
|
#}}} |
427
|
|
|
|
|
|
|
|
428
|
|
|
|
|
|
|
#{{{sub synch_full |
429
|
|
|
|
|
|
|
|
430
|
|
|
|
|
|
|
sub synch_full { |
431
|
0
|
|
|
0
|
1
|
0
|
my ( $class, $ldap_attrs, $sling_attrs ) = @_; |
432
|
0
|
|
|
|
|
0
|
my $search = q{(} . $class->{'Filter'} . q{=*)}; |
433
|
0
|
|
|
|
|
0
|
my @ldap_attrs_array; |
434
|
|
|
|
|
|
|
my @sling_attrs_array; |
435
|
0
|
0
|
|
|
|
0
|
parse_attributes( $ldap_attrs, $sling_attrs, \@ldap_attrs_array, |
436
|
|
|
|
|
|
|
\@sling_attrs_array ) |
437
|
|
|
|
|
|
|
or croak q(Problem parsing attributes!); |
438
|
|
|
|
|
|
|
|
439
|
|
|
|
|
|
|
# We need to capture the id as well as any attributes: |
440
|
0
|
|
|
|
|
0
|
unshift @ldap_attrs_array, $class->{'Filter'}; |
441
|
0
|
|
|
|
|
0
|
my $search_result = $class->ldap_search( $search, \@ldap_attrs_array ); |
442
|
0
|
|
|
|
|
0
|
shift @ldap_attrs_array; |
443
|
|
|
|
|
|
|
|
444
|
0
|
|
|
|
|
0
|
my $synch_cache = $class->get_synch_cache; |
445
|
0
|
|
|
|
|
0
|
my %seen_user_ids; |
446
|
|
|
|
|
|
|
|
447
|
|
|
|
|
|
|
# process each DN using it as a key |
448
|
0
|
|
|
|
|
0
|
my @array_of_dns = sort keys %{$search_result}; |
|
0
|
|
|
|
|
0
|
|
449
|
|
|
|
|
|
|
|
450
|
0
|
|
|
|
|
0
|
$class->perform_synchronization( |
451
|
|
|
|
|
|
|
\@array_of_dns, $search_result, \%seen_user_ids, |
452
|
|
|
|
|
|
|
$synch_cache, \@ldap_attrs_array, \@sling_attrs_array |
453
|
|
|
|
|
|
|
); |
454
|
|
|
|
|
|
|
|
455
|
|
|
|
|
|
|
# Clean up records no longer in ldap: |
456
|
0
|
|
|
|
|
0
|
my @disable_property; |
457
|
0
|
|
|
|
|
0
|
push @disable_property, $class->{'Disabled'} . '=1'; |
458
|
0
|
|
|
|
|
0
|
foreach my $cache_entry ( sort keys %{$synch_cache} ) { |
|
0
|
|
|
|
|
0
|
|
459
|
0
|
0
|
0
|
|
|
0
|
if ( $synch_cache->{$cache_entry}->{ $class->{'Disabled'} } eq '0' |
460
|
|
|
|
|
|
|
&& !defined $seen_user_ids{$cache_entry} ) |
461
|
|
|
|
|
|
|
{ |
462
|
0
|
0
|
|
|
|
0
|
print |
463
|
|
|
|
|
|
|
"Disabling user record in sling that no longer exists in ldap: $cache_entry\n" |
464
|
|
|
|
|
|
|
or croak q{Problem printing!}; |
465
|
0
|
0
|
|
|
|
0
|
${ $class->{'User'} }->update( $cache_entry, \@disable_property ) |
|
0
|
|
|
|
|
0
|
|
466
|
|
|
|
|
|
|
or croak q(Problem disabling user in sling instance!); |
467
|
0
|
|
|
|
|
0
|
$synch_cache->{$cache_entry}->{ $class->{'Disabled'} } = '1'; |
468
|
|
|
|
|
|
|
} |
469
|
|
|
|
|
|
|
} |
470
|
0
|
|
|
|
|
0
|
$class->update_synch_cache($synch_cache); |
471
|
|
|
|
|
|
|
|
472
|
0
|
|
|
|
|
0
|
$class->{'Message'} = 'Successfully performed a full synchronization!'; |
473
|
0
|
|
|
|
|
0
|
return 1; |
474
|
|
|
|
|
|
|
} |
475
|
|
|
|
|
|
|
|
476
|
|
|
|
|
|
|
#}}} |
477
|
|
|
|
|
|
|
|
478
|
|
|
|
|
|
|
#{{{sub synch_full_since |
479
|
|
|
|
|
|
|
|
480
|
|
|
|
|
|
|
sub synch_full_since { |
481
|
0
|
|
|
0
|
1
|
0
|
my ( $class, $ldap_attrs, $sling_attrs, $synch_since ) = @_; |
482
|
0
|
|
|
|
|
0
|
my $search = q{(modifytimestamp>=} . $synch_since . q{)}; |
483
|
0
|
|
|
|
|
0
|
my $search_result = $class->ldap_search( $search, $ldap_attrs ); |
484
|
0
|
|
|
|
|
0
|
croak q(Function not yet fully supported!); |
485
|
|
|
|
|
|
|
|
486
|
|
|
|
|
|
|
# return 1; |
487
|
|
|
|
|
|
|
} |
488
|
|
|
|
|
|
|
|
489
|
|
|
|
|
|
|
#}}} |
490
|
|
|
|
|
|
|
|
491
|
|
|
|
|
|
|
#{{{sub synch_listed |
492
|
|
|
|
|
|
|
|
493
|
|
|
|
|
|
|
sub synch_listed { |
494
|
0
|
|
|
0
|
1
|
0
|
my ( $class, $ldap_attrs, $sling_attrs ) = @_; |
495
|
0
|
|
|
|
|
0
|
my $search = q{(} . $class->{'Filter'} . q{=*)}; |
496
|
0
|
|
|
|
|
0
|
my $search_result = $class->ldap_search( $search, $ldap_attrs ); |
497
|
0
|
|
|
|
|
0
|
croak q(Function not yet fully supported!); |
498
|
|
|
|
|
|
|
|
499
|
|
|
|
|
|
|
# return 1; |
500
|
|
|
|
|
|
|
} |
501
|
|
|
|
|
|
|
|
502
|
|
|
|
|
|
|
#}}} |
503
|
|
|
|
|
|
|
|
504
|
|
|
|
|
|
|
#{{{sub synch_listed_since |
505
|
|
|
|
|
|
|
|
506
|
|
|
|
|
|
|
sub synch_listed_since { |
507
|
0
|
|
|
0
|
1
|
0
|
my ( $class, $ldap_attrs, $sling_attrs, $synch_since ) = @_; |
508
|
0
|
|
|
|
|
0
|
my $search = q{(} . $class->{'Filter'} . q{=*)}; |
509
|
0
|
|
|
|
|
0
|
my $search_result = $class->ldap_search( $search, $ldap_attrs ); |
510
|
0
|
|
|
|
|
0
|
croak q(Function not yet fully supported!); |
511
|
|
|
|
|
|
|
|
512
|
|
|
|
|
|
|
# return 1; |
513
|
|
|
|
|
|
|
} |
514
|
|
|
|
|
|
|
|
515
|
|
|
|
|
|
|
#}}} |
516
|
|
|
|
|
|
|
|
517
|
|
|
|
|
|
|
#{{{ sub command_line |
518
|
|
|
|
|
|
|
sub command_line { |
519
|
0
|
|
|
0
|
0
|
0
|
my ( $ldap_synch, @ARGV ) = @_; |
520
|
0
|
|
|
|
|
0
|
my $sling = Apache::Sling->new; |
521
|
0
|
|
|
|
|
0
|
my $config = $ldap_synch->config( $sling, @ARGV ); |
522
|
0
|
|
|
|
|
0
|
return $ldap_synch->run( $sling, $config ); |
523
|
|
|
|
|
|
|
} |
524
|
|
|
|
|
|
|
|
525
|
|
|
|
|
|
|
#}}} |
526
|
|
|
|
|
|
|
|
527
|
|
|
|
|
|
|
#{{{sub config |
528
|
|
|
|
|
|
|
|
529
|
|
|
|
|
|
|
sub config { |
530
|
1
|
|
|
1
|
1
|
3
|
my ( $ldap_synch, $sling, @ARGV ) = @_; |
531
|
1
|
|
|
|
|
5
|
my $ldap_synch_config = $ldap_synch->config_hash( $sling, @ARGV ); |
532
|
|
|
|
|
|
|
|
533
|
1
|
50
|
|
|
|
20
|
GetOptions( |
534
|
|
|
|
|
|
|
$ldap_synch_config, 'auth=s', |
535
|
|
|
|
|
|
|
'help|?', 'log|L=s', |
536
|
|
|
|
|
|
|
'man|M', 'pass|p=s', |
537
|
|
|
|
|
|
|
'threads|t=s', 'url|U=s', |
538
|
|
|
|
|
|
|
'user|u=s', 'verbose|v+', |
539
|
|
|
|
|
|
|
'download-user-list', 'ldap-attributes|a=s', |
540
|
|
|
|
|
|
|
'ldap-base|b=s', 'ldap-dn|d=s', |
541
|
|
|
|
|
|
|
'ldap-filter|f=s', 'ldap-host|h=s', |
542
|
|
|
|
|
|
|
'ldap-pass|P=s', 'attributes|A=s', |
543
|
|
|
|
|
|
|
'synch-full|s', 'synch-full-since|S=s', |
544
|
|
|
|
|
|
|
'synch-listed|l', 'synch-listed-since', |
545
|
|
|
|
|
|
|
'upload-user-list' |
546
|
|
|
|
|
|
|
) or $ldap_synch->help(); |
547
|
|
|
|
|
|
|
|
548
|
1
|
|
|
|
|
1667
|
return $ldap_synch_config; |
549
|
|
|
|
|
|
|
} |
550
|
|
|
|
|
|
|
|
551
|
|
|
|
|
|
|
#}}} |
552
|
|
|
|
|
|
|
|
553
|
|
|
|
|
|
|
#{{{sub config_hash |
554
|
|
|
|
|
|
|
|
555
|
|
|
|
|
|
|
sub config_hash { |
556
|
1
|
|
|
1
|
0
|
3
|
my ( $ldap_synch, $sling, @ARGV ) = @_; |
557
|
1
|
|
|
|
|
2
|
my $attributes; |
558
|
|
|
|
|
|
|
my $download_user_list; |
559
|
0
|
|
|
|
|
0
|
my $flag_disabled; |
560
|
0
|
|
|
|
|
0
|
my $ldap_attributes; |
561
|
0
|
|
|
|
|
0
|
my $ldap_base; |
562
|
0
|
|
|
|
|
0
|
my $ldap_dn; |
563
|
0
|
|
|
|
|
0
|
my $ldap_filter; |
564
|
0
|
|
|
|
|
0
|
my $ldap_host; |
565
|
0
|
|
|
|
|
0
|
my $ldap_pass; |
566
|
0
|
|
|
|
|
0
|
my $synch_full; |
567
|
0
|
|
|
|
|
0
|
my $synch_full_since; |
568
|
0
|
|
|
|
|
0
|
my $synch_listed; |
569
|
0
|
|
|
|
|
0
|
my $synch_listed_since; |
570
|
0
|
|
|
|
|
0
|
my $upload_user_list; |
571
|
|
|
|
|
|
|
|
572
|
1
|
|
|
|
|
26
|
my %ldap_synch_config = ( |
573
|
|
|
|
|
|
|
'auth' => \$sling->{'Auth'}, |
574
|
|
|
|
|
|
|
'help' => \$sling->{'Help'}, |
575
|
|
|
|
|
|
|
'log' => \$sling->{'Log'}, |
576
|
|
|
|
|
|
|
'man' => \$sling->{'Man'}, |
577
|
|
|
|
|
|
|
'pass' => \$sling->{'Pass'}, |
578
|
|
|
|
|
|
|
'threads' => \$sling->{'Threads'}, |
579
|
|
|
|
|
|
|
'url' => \$sling->{'URL'}, |
580
|
|
|
|
|
|
|
'user' => \$sling->{'User'}, |
581
|
|
|
|
|
|
|
'verbose' => \$sling->{'Verbose'}, |
582
|
|
|
|
|
|
|
'attributes' => $attributes, |
583
|
|
|
|
|
|
|
'download-user-list' => $download_user_list, |
584
|
|
|
|
|
|
|
'flag-disabled' => $flag_disabled, |
585
|
|
|
|
|
|
|
'ldap-attributes' => $ldap_attributes, |
586
|
|
|
|
|
|
|
'ldap-base' => $ldap_base, |
587
|
|
|
|
|
|
|
'ldap-dn' => $ldap_dn, |
588
|
|
|
|
|
|
|
'ldap-filter' => $ldap_filter, |
589
|
|
|
|
|
|
|
'ldap-host' => $ldap_host, |
590
|
|
|
|
|
|
|
'ldap-pass' => $ldap_pass, |
591
|
|
|
|
|
|
|
'synch-full' => $synch_full, |
592
|
|
|
|
|
|
|
'synch-full-since' => $synch_full_since, |
593
|
|
|
|
|
|
|
'synch-listed' => $synch_listed, |
594
|
|
|
|
|
|
|
'synch-listed-since' => $synch_listed_since, |
595
|
|
|
|
|
|
|
'upload-user-list' => $upload_user_list |
596
|
|
|
|
|
|
|
); |
597
|
|
|
|
|
|
|
|
598
|
1
|
|
|
|
|
4
|
return \%ldap_synch_config; |
599
|
|
|
|
|
|
|
} |
600
|
|
|
|
|
|
|
|
601
|
|
|
|
|
|
|
#}}} |
602
|
|
|
|
|
|
|
|
603
|
|
|
|
|
|
|
#{{{ sub help |
604
|
|
|
|
|
|
|
sub help { |
605
|
|
|
|
|
|
|
|
606
|
1
|
|
|
1
|
0
|
2010
|
print <<"EOF"; |
607
|
|
|
|
|
|
|
Usage: perl $0 [-OPTIONS [-MORE_OPTIONS]] [--] [PROGRAM_ARG1 ...] |
608
|
|
|
|
|
|
|
The following options are accepted: |
609
|
|
|
|
|
|
|
|
610
|
|
|
|
|
|
|
--attributes or -a (attribs) - Comma separated list of attributes. |
611
|
|
|
|
|
|
|
--auth (type) - Specify auth type. If ommitted, default is used. |
612
|
|
|
|
|
|
|
--download-user-list (userList) - Download user list to file userList |
613
|
|
|
|
|
|
|
--flag-disabled or -f - property to denote user should be disabled. |
614
|
|
|
|
|
|
|
--help or -? - View the script synopsis and options. |
615
|
|
|
|
|
|
|
--ldap-attributes or -A (attribs) - Specify ldap attributes to be updated. |
616
|
|
|
|
|
|
|
--ldap-base or -B (ldapBase) - Specify ldap base to synchronize users from. |
617
|
|
|
|
|
|
|
--ldap-dn or -D (ldapDN) - Specify ldap DN for authentication. |
618
|
|
|
|
|
|
|
--ldap-filter or -F (filter) - Specify ldap attribute to search for users with. |
619
|
|
|
|
|
|
|
--ldap-host or -H (host) - Specify ldap host to synchronize from. |
620
|
|
|
|
|
|
|
--ldap-pass or -P (pass) - Specify ldap pass for authentication. |
621
|
|
|
|
|
|
|
--log or -L (log) - Log script output to specified log file. |
622
|
|
|
|
|
|
|
--man or -M - View the full script documentation. |
623
|
|
|
|
|
|
|
--pass or -p (password) - Password of user performing actions. |
624
|
|
|
|
|
|
|
--synch-full or -s - Perform a full synchronization from ldap to sling. |
625
|
|
|
|
|
|
|
--synch-full-since or -S (since) - Perform a full synchronization from ldap to sling using changes since specified time. |
626
|
|
|
|
|
|
|
--synch-listed or -l - Perform a sychronization of listed users from ldap to sling. |
627
|
|
|
|
|
|
|
--synch-listed-since (since) - Perform a sychronization of listed users from ldap to sling using changes since specified time. |
628
|
|
|
|
|
|
|
--upload-user-list (userList) - Upload user list specified by file userList. |
629
|
|
|
|
|
|
|
--url or -U (URL) - URL for system being tested against. |
630
|
|
|
|
|
|
|
--user or -u (username) - Name of user to perform any actions as. |
631
|
|
|
|
|
|
|
--verbose or -v or -vv or -vvv - Increase verbosity of output. |
632
|
|
|
|
|
|
|
|
633
|
|
|
|
|
|
|
Options may be merged together. -- stops processing of options. |
634
|
|
|
|
|
|
|
Space is not required between options and their arguments. |
635
|
|
|
|
|
|
|
For full details run: perl $0 --man |
636
|
|
|
|
|
|
|
EOF |
637
|
|
|
|
|
|
|
|
638
|
1
|
|
|
|
|
5
|
return 1; |
639
|
|
|
|
|
|
|
} |
640
|
|
|
|
|
|
|
|
641
|
|
|
|
|
|
|
#}}} |
642
|
|
|
|
|
|
|
|
643
|
|
|
|
|
|
|
#{{{ sub man |
644
|
|
|
|
|
|
|
sub man { |
645
|
|
|
|
|
|
|
|
646
|
0
|
|
|
0
|
0
|
0
|
my ($ldap_synch) = @_; |
647
|
|
|
|
|
|
|
|
648
|
0
|
|
|
|
|
0
|
print <<'EOF'; |
649
|
|
|
|
|
|
|
LDAP synchronization perl script. Provides a means of synchronizing user |
650
|
|
|
|
|
|
|
information from an LDAP server into a running sling instance from the command |
651
|
|
|
|
|
|
|
line. The script also acts as a reference implementation for the LDAPSynch perl |
652
|
|
|
|
|
|
|
library. |
653
|
|
|
|
|
|
|
|
654
|
|
|
|
|
|
|
EOF |
655
|
|
|
|
|
|
|
|
656
|
0
|
|
|
|
|
0
|
$ldap_synch->help(); |
657
|
|
|
|
|
|
|
|
658
|
0
|
|
|
|
|
0
|
print <<"EOF"; |
659
|
|
|
|
|
|
|
Example Usage |
660
|
|
|
|
|
|
|
|
661
|
|
|
|
|
|
|
* Upload a restricted list of users (one id per line of specified file) to use in synchronizations: |
662
|
|
|
|
|
|
|
|
663
|
|
|
|
|
|
|
perl $0 --upload-user-list user_list.txt --sling-host http://localhost:8080 --sling-user admin --sling-pass admin |
664
|
|
|
|
|
|
|
|
665
|
|
|
|
|
|
|
* Download a previously specified list of users to be synchronized to a specified file: |
666
|
|
|
|
|
|
|
|
667
|
|
|
|
|
|
|
perl $0 --download-user-list user_list.txt --sling-host http://localhost:8080 --sling-user admin --sling-pass admin |
668
|
|
|
|
|
|
|
|
669
|
|
|
|
|
|
|
* Authenticate and perform a full synchronization: |
670
|
|
|
|
|
|
|
|
671
|
|
|
|
|
|
|
perl $0 -s -h ldap://ldap.org -b "ou=people,o=ldap,dc=org" -H http://localhost:8080 -u admin -P admin -a "displayname,mail,sn" -A "name,email,surname" |
672
|
|
|
|
|
|
|
EOF |
673
|
|
|
|
|
|
|
|
674
|
0
|
|
|
|
|
0
|
return 1; |
675
|
|
|
|
|
|
|
} |
676
|
|
|
|
|
|
|
|
677
|
|
|
|
|
|
|
#}}} |
678
|
|
|
|
|
|
|
|
679
|
|
|
|
|
|
|
#{{{sub run |
680
|
|
|
|
|
|
|
sub run { |
681
|
2
|
|
|
2
|
1
|
44
|
my ( $ldap_synch, $sling, $config ) = @_; |
682
|
2
|
100
|
|
|
|
6
|
if ( !defined $config ) { |
683
|
1
|
|
|
|
|
25
|
croak 'No ldap_synch config supplied!'; |
684
|
|
|
|
|
|
|
} |
685
|
1
|
|
|
|
|
7
|
$sling->check_forks; |
686
|
|
|
|
|
|
|
|
687
|
1
|
|
|
|
|
10
|
my $authn = new Apache::Sling::Authn( \$sling ); |
688
|
1
|
|
|
|
|
5
|
$authn->login_user(); |
689
|
|
|
|
|
|
|
|
690
|
1
|
|
|
|
|
2
|
my $success = 1; |
691
|
|
|
|
|
|
|
|
692
|
1
|
50
|
|
|
|
8
|
if ( $sling->{'Help'} ) { $ldap_synch->help(); } |
|
0
|
50
|
|
|
|
0
|
|
|
|
50
|
|
|
|
|
|
|
|
50
|
|
|
|
|
|
|
|
50
|
|
|
|
|
|
|
|
50
|
|
|
|
|
|
|
|
50
|
|
|
|
|
|
|
|
50
|
|
|
|
|
|
693
|
0
|
|
|
|
|
0
|
elsif ( $sling->{'Man'} ) { $ldap_synch->man(); } |
|
1
|
|
|
|
|
13
|
|
694
|
1
|
|
|
|
|
6
|
elsif ( defined ${ $config->{'download-user-list'} } ) { |
695
|
0
|
|
|
|
|
0
|
$ldap_synch = new Apache::Sling::LDAPSynch( |
696
|
0
|
|
|
|
|
0
|
${ $config->{'ldap-host'} }, |
697
|
0
|
|
|
|
|
0
|
${ $config->{'ldap-base'} }, |
698
|
0
|
|
|
|
|
0
|
${ $config->{'ldap-filter'} }, |
699
|
0
|
|
|
|
|
0
|
${ $config->{'ldap-dn'} }, |
700
|
0
|
|
|
|
|
0
|
${ $config->{'ldap-pass'} }, |
701
|
|
|
|
|
|
|
\$authn, |
702
|
0
|
|
|
|
|
0
|
${ $config->{'flag-disabled'} }, |
703
|
|
|
|
|
|
|
$sling->{'Verbose'}, |
704
|
|
|
|
|
|
|
$sling->{'Log'} |
705
|
|
|
|
|
|
|
); |
706
|
0
|
|
|
|
|
0
|
$success = $ldap_synch->download_synch_user_list( |
707
|
0
|
|
|
|
|
0
|
${ $config->{'download-user-list'} } ); |
708
|
|
|
|
|
|
|
} |
709
|
1
|
|
|
|
|
5
|
elsif ( defined ${ $config->{'upload-user-list'} } ) { |
710
|
0
|
|
|
|
|
0
|
$ldap_synch = new Apache::Sling::LDAPSynch( |
711
|
0
|
|
|
|
|
0
|
${ $config->{'ldap-host'} }, |
712
|
0
|
|
|
|
|
0
|
${ $config->{'ldap-base'} }, |
713
|
0
|
|
|
|
|
0
|
${ $config->{'ldap-filter'} }, |
714
|
0
|
|
|
|
|
0
|
${ $config->{'ldap-dn'} }, |
715
|
0
|
|
|
|
|
0
|
${ $config->{'ldap-pass'} }, |
716
|
|
|
|
|
|
|
\$authn, |
717
|
0
|
|
|
|
|
0
|
${ $config->{'flag-disabled'} }, |
718
|
|
|
|
|
|
|
$sling->{'Verbose'}, |
719
|
|
|
|
|
|
|
$sling->{'Log'} |
720
|
|
|
|
|
|
|
); |
721
|
0
|
|
|
|
|
0
|
$success = $ldap_synch->upload_synch_user_list( |
722
|
0
|
|
|
|
|
0
|
${ $config->{'upload-user-list'} } ); |
723
|
|
|
|
|
|
|
} |
724
|
1
|
|
|
|
|
5
|
elsif ( defined ${ $config->{'synch-full'} } ) { |
725
|
0
|
|
|
|
|
0
|
$ldap_synch = new Apache::Sling::LDAPSynch( |
726
|
0
|
|
|
|
|
0
|
${ $config->{'ldap-host'} }, |
727
|
0
|
|
|
|
|
0
|
${ $config->{'ldap-base'} }, |
728
|
0
|
|
|
|
|
0
|
${ $config->{'ldap-filter'} }, |
729
|
0
|
|
|
|
|
0
|
${ $config->{'ldap-dn'} }, |
730
|
0
|
|
|
|
|
0
|
${ $config->{'ldap-pass'} }, |
731
|
|
|
|
|
|
|
\$authn, |
732
|
0
|
|
|
|
|
0
|
${ $config->{'flag-disabled'} }, |
733
|
|
|
|
|
|
|
$sling->{'Verbose'}, |
734
|
|
|
|
|
|
|
$sling->{'Log'} |
735
|
|
|
|
|
|
|
); |
736
|
0
|
|
|
|
|
0
|
$success = $ldap_synch->synch_full( ${ $config->{'ldap-attributes'} }, |
|
0
|
|
|
|
|
0
|
|
737
|
0
|
|
|
|
|
0
|
${ $config->{'attributes'} } ); |
738
|
|
|
|
|
|
|
} |
739
|
1
|
|
|
|
|
5
|
elsif ( defined ${ $config->{'synch-full-since'} } ) { |
740
|
0
|
|
|
|
|
0
|
$ldap_synch = new Apache::Sling::LDAPSynch( |
741
|
0
|
|
|
|
|
0
|
${ $config->{'ldap-host'} }, |
742
|
0
|
|
|
|
|
0
|
${ $config->{'ldap-base'} }, |
743
|
0
|
|
|
|
|
0
|
${ $config->{'ldap-filter'} }, |
744
|
0
|
|
|
|
|
0
|
${ $config->{'ldap-dn'} }, |
745
|
0
|
|
|
|
|
0
|
${ $config->{'ldap-pass'} }, |
746
|
|
|
|
|
|
|
\$authn, |
747
|
0
|
|
|
|
|
0
|
${ $config->{'flag-disabled'} }, |
748
|
|
|
|
|
|
|
$sling->{'Verbose'}, |
749
|
|
|
|
|
|
|
$sling->{'Log'} |
750
|
|
|
|
|
|
|
); |
751
|
0
|
|
|
|
|
0
|
$success = $ldap_synch->synch_full_since( |
752
|
0
|
|
|
|
|
0
|
${ $config->{'ldap-attributes'} }, |
753
|
0
|
|
|
|
|
0
|
${ $config->{'attributes'} }, |
754
|
0
|
|
|
|
|
0
|
${ $config->{'synch-full-since'} } |
755
|
|
|
|
|
|
|
); |
756
|
|
|
|
|
|
|
} |
757
|
1
|
|
|
|
|
5
|
elsif ( defined ${ $config->{'synch-listed'} } ) { |
758
|
0
|
|
|
|
|
0
|
$ldap_synch = new Apache::Sling::LDAPSynch( |
759
|
0
|
|
|
|
|
0
|
${ $config->{'ldap-host'} }, |
760
|
0
|
|
|
|
|
0
|
${ $config->{'ldap-base'} }, |
761
|
0
|
|
|
|
|
0
|
${ $config->{'ldap-filter'} }, |
762
|
0
|
|
|
|
|
0
|
${ $config->{'ldap-dn'} }, |
763
|
0
|
|
|
|
|
0
|
${ $config->{'ldap-pass'} }, |
764
|
|
|
|
|
|
|
\$authn, |
765
|
0
|
|
|
|
|
0
|
${ $config->{'flag-disabled'} }, |
766
|
|
|
|
|
|
|
$sling->{'Verbose'}, |
767
|
|
|
|
|
|
|
$sling->{'Log'} |
768
|
|
|
|
|
|
|
); |
769
|
0
|
|
|
|
|
0
|
$success = $ldap_synch->synch_listed( ${ $config->{'ldap-attributes'} }, |
|
0
|
|
|
|
|
0
|
|
770
|
0
|
|
|
|
|
0
|
${ $config->{'attributes'} } ); |
771
|
|
|
|
|
|
|
} |
772
|
|
|
|
|
|
|
elsif ( defined ${ $config->{'synch-listed-since'} } ) { |
773
|
0
|
|
|
|
|
0
|
$ldap_synch = new Apache::Sling::LDAPSynch( |
774
|
0
|
|
|
|
|
0
|
${ $config->{'ldap-host'} }, |
775
|
0
|
|
|
|
|
0
|
${ $config->{'ldap-base'} }, |
776
|
0
|
|
|
|
|
0
|
${ $config->{'ldap-filter'} }, |
777
|
0
|
|
|
|
|
0
|
${ $config->{'ldap-dn'} }, |
778
|
0
|
|
|
|
|
0
|
${ $config->{'ldap-pass'} }, |
779
|
|
|
|
|
|
|
\$authn, |
780
|
0
|
|
|
|
|
0
|
${ $config->{'flag-disabled'} }, |
781
|
|
|
|
|
|
|
$sling->{'Verbose'}, |
782
|
|
|
|
|
|
|
$sling->{'Log'} |
783
|
|
|
|
|
|
|
); |
784
|
0
|
|
|
|
|
0
|
$success = $ldap_synch->synch_listed_since( |
785
|
0
|
|
|
|
|
0
|
${ $config->{'ldap-attributes'} }, |
786
|
0
|
|
|
|
|
0
|
${ $config->{'attributes'} }, |
787
|
0
|
|
|
|
|
0
|
${ $config->{'synch-listed-since'} } |
788
|
|
|
|
|
|
|
); |
789
|
|
|
|
|
|
|
} |
790
|
|
|
|
|
|
|
else { |
791
|
1
|
|
|
|
|
7
|
$ldap_synch->help(); |
792
|
1
|
|
|
|
|
11
|
return 1; |
793
|
|
|
|
|
|
|
} |
794
|
0
|
|
|
|
|
|
Apache::Sling::Print::print_result($ldap_synch); |
795
|
0
|
|
|
|
|
|
return $success; |
796
|
|
|
|
|
|
|
} |
797
|
|
|
|
|
|
|
|
798
|
|
|
|
|
|
|
#}}} |
799
|
|
|
|
|
|
|
|
800
|
|
|
|
|
|
|
1; |
801
|
|
|
|
|
|
|
|
802
|
|
|
|
|
|
|
__END__ |