Connector

 view release on metacpan or  search on metacpan

lib/Connector/Proxy/Net/LDAP.pm  view on Meta::CPAN

# Connector::Proxy::Net::LDAP
#
# Proxy class for accessing LDAP directories
#
# Written by Scott Hardin,  Martin Bartosch and Oliver Welter for the OpenXPKI project 2012
#
package Connector::Proxy::Net::LDAP;

use strict;
use warnings;
use English;
use Net::LDAP;
use Template;
use Data::Dumper;

use Moose;
extends 'Connector::Proxy';

has base => (
    is  => 'rw',
    isa => 'Str',
    required => 1,
);

has binddn => (
    is  => 'rw',
    isa => 'Str',
);

has password => (
    is  => 'rw',
    isa => 'Str',
);

has filter => (
    is  => 'rw',
    # TODO: this does not work (currently); NB: do we need that?
#    isa => 'Str|Net::LDAP::Filter',
    isa => 'Str',
    required => 1,
);

has attrs => (
    is  => 'rw',
    isa => 'ArrayRef|Str',
    trigger => \&_convert_attrs
);

has scope => (
    is  => 'rw',
    isa => 'Str',
);

has timeout => (
    is  => 'rw',
    isa => 'Int',
);

has keepalive => (
    is  => 'rw',
    isa => 'Int',
);

has timelimit => (
    is  => 'rw',
    isa => 'Int',
);

has sizelimit => (
    is  => 'rw',
    isa => 'Int',
);

has multihomed => (
    is => 'rw',
    isa => 'Int',
);

has localaddr => (
    is  => 'rw',
    isa => 'Str',
);

has raw => (
    is  => 'rw',
    isa => 'RegexpRef|Undef',
    default => sub { return qr/(?i:;binary)/; },
);

has debug => (
    is  => 'rw',
    isa => 'Int',
    default => 0,
);

# ssl certificate options in SSLUserAgent format
has certificate_file => (
    is => 'rw',
    isa => 'Str',
);

has certificate_key_file => (
    is => 'rw',
    isa => 'Str',
);

has ca_certificate_path => (
    is => 'rw',
    isa => 'Str',
);

has ca_certificate_file => (
    is => 'rw',
    isa => 'Str',
);

has ssl_ignore_mode => (
    is => 'rw',
    isa => 'Bool',

lib/Connector/Proxy/Net/LDAP.pm  view on Meta::CPAN

has clientkey => (
    is  => 'rw',
    isa => 'Str|Undef',
    lazy => 1,
    default => sub { shift->certificate_key_file(); }
);

has checkcrl => (
    is  => 'rw',
    isa => 'Int',
);

has bind => (
    is  => 'ro',
    isa => 'Net::LDAP',
    reader => '_bind',
    builder => '_init_bind',
    clearer   => '_purge_bind',
    lazy => 1,
);

has action => (
    is  => 'rw',
    isa => 'Str',
    lazy => 1,
    default => 'replace',
);

has create => (
    is  => 'ro',
    isa => 'HashRef',
    default => sub { return {} },
);

has schema => (
    is  => 'ro',
    isa => 'HashRef',
);

sub _build_config {
    my $self = shift;

}

sub _build_options {
    my $self = shift;

    my %options;
    foreach my $key (@_) {
        if (defined $self->$key()) {
            $options{$key} = $self->$key();
        }
    }
    return %options;
}

sub _build_new_options {
    my $self = shift;
    return $self->_build_options(qw(
        timeout verify  keepalive debug raw multihomed localaddr
        verify sslversion ciphers capath cafile capath clientcert clientkey checkcrl
    ));
}

sub _build_bind_options {
    my $self = shift;
    return $self->_build_options(qw( password ));
}

# the argument passed to this method will be used as template parameters
# in the expansion of the filter attribute
sub _build_search_options {
    my $self = shift;
    my $arg = shift;
    my $params = shift;

    my %options = $self->_build_options(qw( base scope sizelimit timelimit ));

    my $filter = $self->filter();

    # template expansion is performed on filter strings only, not
    # on Net::LDAP::Filter objects
    my $value;
    if (ref $filter eq '') {
        Template->new()->process(\$filter, $arg, \$value) || $self->_log_and_die("Error processing argument template.");
        $options{filter} = $value;
    } else {
        $options{filter} = $filter;
    }


    # Add the attributes to the query to return only the ones we are asked for
    # Will not work if we allow Filters
    $options{attrs} = $self->attrs unless( $params->{noattrs} );

    $self->log()->debug('LDAP Search options ' . Dumper %options);

    return %options;
}

# If the attr property is set using a string (necessary atm for Config::Std)
# its converted to an arrayref. Might be removed if Config::* improves
# This might create indefinite loops if something goes wrong on the conversion!
sub _convert_attrs {
    my ( $self, $new, $old ) = @_;

    # Test if the given value is a non empty scalar
    if ($new && !ref $new && (!$old || $new ne $old)) {
        my @attrs = split(" ", $new);
        $self->attrs( \@attrs )
    }

}

sub _init_bind {

    my $self = shift;

    $self->log()->debug('Open bind to to ' . $self->LOCATION());

lib/Connector/Proxy/Net/LDAP.pm  view on Meta::CPAN

        $mesg = $self->ldap()->search( %option );
    }

    return $mesg;

}

no Moose;
__PACKAGE__->meta->make_immutable;

1;
__END__

=head1 NAME

Connector::Proxy::Net::LDAP

=head1 DESCRIPTION

This is the base class for all LDAP Proxy modules. It does not offer any
external functionality but bundles common configuration options.

=head1 USAGE

=head2 minimal setup

    my $conn = Connector::Proxy::Net::LDAP->new({
       LOCATION  => 'ldap://localhost:389',
       base      => 'dc=example,dc=org',
       filter  => '(cn=[% ARGS.0 %])',
    });

    $conn->get('John Doe');

Above code will run a query of C<cn=test@example.org against the server>
using an anonymous bind.

=head2 using bind credentials

    my $conn = Connector::Proxy::Net::LDAP->new( {
        LOCATION  => 'ldap://localhost:389',
        base      => 'dc=example,dc=org',
        filter  => '(cn=[% ARGS.0 %])',
        binddn    => 'cn=admin,dc=openxpki,dc=org',
        password  => 'admin',
        attrs => ['usercertificate;binary','usercertificate'],
    });

Uses bind credentials and queries for entries having (at least) one of the
mentioned attributes.

=head2 connection control

Following controls are passed to Net::LDAP->new from class parameters
with the same name, see Net::LDAP for details.

=over

=item timeout

=item keepalive

=item multihomed

=item localaddr

=item debug

=item raw

Enables utf8 for returned attribute values. The default value is
qr/;binary/, set this to a Regex reference to change the attribute
pattern for utf8 conversion or set I<undef> to disable it.

=back

=head3 SSL connection options

SSl related options are passed to Net::LDAP->new, see Net::LDAP for
details. The attribute names in brackets are identical to the ones
used in the HTTP based connectors and mapped to their equivalents.

Note that mapping takes place at first init, so modifications to those
values after the first connection will not be visibile. The native
parameter names are superior.

=over

=item verify (ssl_ignore_mode - 'reqiured' if true)

=item sslversion

=item ciphers

=item capath (ca_certificate_path)

=item cafile (ca_certificate_file)

=item clientcert (certificate_file)

=item clientkey (certificate_key_file)

=item checkcrl

=back

=head2 setting values

You can control how existing attributes in the node are treated setting the
I<action> parameter in the connectors base configuration.

    connector:
        LOCATION:...
        ....
        action: replace

=over

=item replace

This is the default (the action parameter may be omitted). The passed value is