Apache-Sling
view release on metacpan or search on metacpan
lib/Apache/Sling/LDAPSynch.pm view on Meta::CPAN
my (
$class, $ldap_host, $ldap_base, $filter, $dn,
$pass, $authn, $disabled, $verbose, $log
) = @_;
if ( !defined $authn ) { croak 'no authn provided!'; }
$disabled = ( defined $disabled ? $disabled : q(sling:disabled) );
$filter = ( defined $filter ? $filter : q(uid) );
$verbose = ( defined $verbose ? $verbose : 0 );
# Directory containing the cache and user_list files:
my $synch_cache_path =
q(_user/a/ad/admin/private/ldap_synch_cache_system_files);
# Directory containing backups of the cache and user_list files:
my $synch_cache_backup_path =
q(_user/a/ad/admin/private/ldap_synch_cache_system_files_backup);
# List of specific users previously ingested in to the sling system and their status:
my $synch_cache_file = q(cache.txt);
# List of specific ldap users that are to be ingested in to the sling system:
my $synch_user_list = q(user_list.txt);
my $ldap;
my $content = Apache::Sling::Content->new( $authn, $verbose, $log )
or croak q(Problem creating Sling content object!);
my $user = Apache::Sling::User->new( $authn, $verbose, $log )
or croak q(Problem creating Sling user object!);
my $ldap_synch = {
CacheBackupPath => $synch_cache_backup_path,
CachePath => $synch_cache_path,
CacheFile => $synch_cache_file,
Content => \$content,
Disabled => $disabled,
LDAP => \$ldap,
LDAPbase => $ldap_base,
LDAPDN => $dn,
LDAPHost => $ldap_host,
LDAPPass => $pass,
Filter => $filter,
Log => $log,
Message => q(),
User => \$user,
UserList => $synch_user_list,
Verbose => $verbose
};
bless $ldap_synch, $class;
return $ldap_synch;
}
#}}}
#{{{sub ldap_connect
sub ldap_connect {
my ($class) = @_;
$class->{'LDAP'} = Net::LDAP->new( $class->{'LDAPHost'} )
or croak 'Problem opening a connection to the LDAP server!';
if ( defined $class->{'LDAPDN'} && defined $class->{'LDAPPASS'} ) {
my $mesg = $class->{'LDAP'}->bind(
$class->{'LDAPDN'},
password => $class->{'LDAPPASS'},
version => '3'
) or croak 'Problem with authenticated bind to LDAP server!';
}
else {
my $mesg = $class->{'LDAP'}->bind( version => '3' )
or croak 'Problem with anonymous bind to LDAP server!';
}
return 1;
}
#}}}
#{{{sub ldap_search
sub ldap_search {
my ( $class, $search, $attrs ) = @_;
$class->ldap_connect;
return $class->{'LDAP'}->search(
base => $class->{'LDAPbase'},
scope => 'sub',
filter => "$search",
attrs => $attrs
)->as_struct;
}
#}}}
#{{{sub init_synch_cache
sub init_synch_cache {
my ($class) = @_;
if ( !${ $class->{'Content'} }
->check_exists( $class->{'CachePath'} . q(/) . $class->{'CacheFile'} ) )
{
my ( $tmp_cache_file_handle, $tmp_cache_file_name ) =
File::Temp::tempfile();
my %synch_cache;
print {$tmp_cache_file_handle}
Data::Dumper->Dump( [ \%synch_cache ], [qw( synch_cache )] )
or croak q(Unable to print initial data dump of synch cache to file!);
close $tmp_cache_file_handle
or croak
q(Problem closing temporary file handle when initializing synch cache);
${ $class->{'Content'} }
->upload_file( $tmp_cache_file_name, $class->{'CachePath'},
$class->{'CacheFile'} )
or croak q(Unable to initialize LDAP synch cache file!);
unlink $tmp_cache_file_name
or croak
q(Problem clearing up temporary file after init of synch cache!);
}
return 1;
}
#}}}
#{{{sub get_synch_cache
sub get_synch_cache {
my ($class) = @_;
lib/Apache/Sling/LDAPSynch.pm view on Meta::CPAN
my $index = 0;
my $user_id = @{ $valref->{ $class->{'Filter'} } }[0];
$seen_user_ids->{$user_id} = 1;
my @properties_array;
my %properties_hash;
foreach my $ldap_attr ( @{$ldap_attrs_array} ) {
my $value = @{ $valref->{$ldap_attr} }[0];
if ( defined $value ) {
push @properties_array,
@{$sling_attrs_array}[$index] . q(=) . $value;
$properties_hash{ @{$sling_attrs_array}[$index] } = $value;
}
$index++;
}
if ( defined $synch_cache->{$user_id} ) {
# We already know about this user from a previous run:
if ( $synch_cache->{$user_id}->{ $class->{'Disabled'} } eq '1' ) {
# User was previously disabled. Re-enabling:
push @properties_array, $class->{'Disabled'} . '=0';
print "Re-enabling previously disabled user: $user_id\n"
or croak q{Problem printing!};
${ $class->{'User'} }->update( $user_id, \@properties_array )
or croak q(Problem re-enabling user in sling instance!);
$synch_cache->{$user_id} = \%properties_hash;
$synch_cache->{$user_id}->{ $class->{'Disabled'} } = '0';
}
else {
# User is enabled in sling already, check for modifications:
if (
check_for_property_modifications(
\%properties_hash, \%{ $synch_cache->{$user_id} }
)
)
{
# Modifications are present, so we need to update:
print "Updating existing user $user_id\n"
or croak q{Problem printing!};
${ $class->{'User'} }
->update( $user_id, \@properties_array )
or croak q(Problem updating user in sling instance!);
$properties_hash{ $class->{'Disabled'} } = '0';
$synch_cache->{$user_id} = \%properties_hash;
}
else {
# No modifications present, nothing to do!
print "No user modifications, skipping: $user_id\n"
or croak q{Problem printing!};
}
}
}
else {
# We have never seen this user before:
print "Creating new user: $user_id\n" or croak q{Problem printing!};
${ $class->{'User'} }
->add( $user_id, 'password', \@properties_array )
or croak q(Problem adding new user to sling instance!);
$properties_hash{ $class->{'Disabled'} } = '0';
$synch_cache->{$user_id} = \%properties_hash;
}
}
return 0;
}
#}}}
#{{{sub synch_full
sub synch_full {
my ( $class, $ldap_attrs, $sling_attrs ) = @_;
my $search = q{(} . $class->{'Filter'} . q{=*)};
my @ldap_attrs_array;
my @sling_attrs_array;
parse_attributes( $ldap_attrs, $sling_attrs, \@ldap_attrs_array,
\@sling_attrs_array )
or croak q(Problem parsing attributes!);
# We need to capture the id as well as any attributes:
unshift @ldap_attrs_array, $class->{'Filter'};
my $search_result = $class->ldap_search( $search, \@ldap_attrs_array );
shift @ldap_attrs_array;
my $synch_cache = $class->get_synch_cache;
my %seen_user_ids;
# process each DN using it as a key
my @array_of_dns = sort keys %{$search_result};
$class->perform_synchronization(
\@array_of_dns, $search_result, \%seen_user_ids,
$synch_cache, \@ldap_attrs_array, \@sling_attrs_array
);
# Clean up records no longer in ldap:
my @disable_property;
push @disable_property, $class->{'Disabled'} . '=1';
foreach my $cache_entry ( sort keys %{$synch_cache} ) {
if ( $synch_cache->{$cache_entry}->{ $class->{'Disabled'} } eq '0'
&& !defined $seen_user_ids{$cache_entry} )
{
print
"Disabling user record in sling that no longer exists in ldap: $cache_entry\n"
or croak q{Problem printing!};
${ $class->{'User'} }->update( $cache_entry, \@disable_property )
or croak q(Problem disabling user in sling instance!);
$synch_cache->{$cache_entry}->{ $class->{'Disabled'} } = '1';
}
}
$class->update_synch_cache($synch_cache);
$class->{'Message'} = 'Successfully performed a full synchronization!';
return 1;
}
#}}}
lib/Apache/Sling/LDAPSynch.pm view on Meta::CPAN
my $ldap_filter;
my $ldap_host;
my $ldap_pass;
my $synch_full;
my $synch_full_since;
my $synch_listed;
my $synch_listed_since;
my $upload_user_list;
my %ldap_synch_config = (
'auth' => \$sling->{'Auth'},
'help' => \$sling->{'Help'},
'log' => \$sling->{'Log'},
'man' => \$sling->{'Man'},
'pass' => \$sling->{'Pass'},
'threads' => \$sling->{'Threads'},
'url' => \$sling->{'URL'},
'user' => \$sling->{'User'},
'verbose' => \$sling->{'Verbose'},
'attributes' => $attributes,
'download-user-list' => $download_user_list,
'flag-disabled' => $flag_disabled,
'ldap-attributes' => $ldap_attributes,
'ldap-base' => $ldap_base,
'ldap-dn' => $ldap_dn,
'ldap-filter' => $ldap_filter,
'ldap-host' => $ldap_host,
'ldap-pass' => $ldap_pass,
'synch-full' => $synch_full,
'synch-full-since' => $synch_full_since,
'synch-listed' => $synch_listed,
'synch-listed-since' => $synch_listed_since,
'upload-user-list' => $upload_user_list
);
return \%ldap_synch_config;
}
#}}}
#{{{ sub help
sub help {
print <<"EOF";
Usage: perl $0 [-OPTIONS [-MORE_OPTIONS]] [--] [PROGRAM_ARG1 ...]
The following options are accepted:
--attributes or -a (attribs) - Comma separated list of attributes.
--auth (type) - Specify auth type. If ommitted, default is used.
--download-user-list (userList) - Download user list to file userList
--flag-disabled or -f - property to denote user should be disabled.
--help or -? - View the script synopsis and options.
--ldap-attributes or -A (attribs) - Specify ldap attributes to be updated.
--ldap-base or -B (ldapBase) - Specify ldap base to synchronize users from.
--ldap-dn or -D (ldapDN) - Specify ldap DN for authentication.
--ldap-filter or -F (filter) - Specify ldap attribute to search for users with.
--ldap-host or -H (host) - Specify ldap host to synchronize from.
--ldap-pass or -P (pass) - Specify ldap pass for authentication.
--log or -L (log) - Log script output to specified log file.
--man or -M - View the full script documentation.
--pass or -p (password) - Password of user performing actions.
--synch-full or -s - Perform a full synchronization from ldap to sling.
--synch-full-since or -S (since) - Perform a full synchronization from ldap to sling using changes since specified time.
--synch-listed or -l - Perform a sychronization of listed users from ldap to sling.
--synch-listed-since (since) - Perform a sychronization of listed users from ldap to sling using changes since specified time.
--upload-user-list (userList) - Upload user list specified by file userList.
--url or -U (URL) - URL for system being tested against.
--user or -u (username) - Name of user to perform any actions as.
--verbose or -v or -vv or -vvv - Increase verbosity of output.
Options may be merged together. -- stops processing of options.
Space is not required between options and their arguments.
For full details run: perl $0 --man
EOF
return 1;
}
#}}}
#{{{ sub man
sub man {
my ($ldap_synch) = @_;
print <<'EOF';
LDAP synchronization perl script. Provides a means of synchronizing user
information from an LDAP server into a running sling instance from the command
line. The script also acts as a reference implementation for the LDAPSynch perl
library.
EOF
$ldap_synch->help();
print <<"EOF";
Example Usage
* Upload a restricted list of users (one id per line of specified file) to use in synchronizations:
perl $0 --upload-user-list user_list.txt --sling-host http://localhost:8080 --sling-user admin --sling-pass admin
* Download a previously specified list of users to be synchronized to a specified file:
perl $0 --download-user-list user_list.txt --sling-host http://localhost:8080 --sling-user admin --sling-pass admin
* Authenticate and perform a full synchronization:
perl $0 -s -h ldap://ldap.org -b "ou=people,o=ldap,dc=org" -H http://localhost:8080 -u admin -P admin -a "displayname,mail,sn" -A "name,email,surname"
EOF
return 1;
}
#}}}
#{{{sub run
sub run {
my ( $ldap_synch, $sling, $config ) = @_;
if ( !defined $config ) {
croak 'No ldap_synch config supplied!';
( run in 1.172 second using v1.01-cache-2.11-cpan-0bb4e1dffa6 )