view release on metacpan or  search on metacpan

lib/Lemonldap/NG/Common/Conf/Backends/LDAP.pm  view on Meta::CPAN

    $ldap->unbind;

    if ( $search->code ) {
        $self->logError($search);
        return 0;
    }

    my @entries = $search->entries();
    my @conf;
    foreach (@entries) {
        my $cn = $_->get_value( $self->{ldapAttributeId} );
        my ($cfgNum) = ( $cn =~ /lmConf-(\d*)/ );
        push @conf, $cfgNum;
    }
    return sort { $a <=> $b } @conf;
}

sub lastCfg {
    my $self  = shift;
    my @avail = $self->available;
    return $avail[$#avail];
}

sub getLdapConnection {
    my $self = shift;

    # Parse servers configuration
    my $useTls = 0;
    my $tlsParam;
    my @servers = ();
    foreach my $server ( split /[\s,]+/, $self->{ldapServer} ) {
        if ( $server =~ m{^ldap\+tls://([^/]+)/?\??(.*)$} ) {
            $useTls   = 1;
            $server   = $1;
            $tlsParam = $2 || "";
        }
        else {
            $useTls = 0;
        }
        push @servers, $server;
    }

    # Connect
    my $ldap = Net::LDAP->new(
        \@servers,
        keepalive => 1,
        onerror   => undef,
        verify    => ( $self->{ldapVerify} || "require" ),
        ( $self->{ldapCAFile} ? ( cafile => $self->{ldapCAFile} ) : () ),
        ( $self->{ldapCAPath} ? ( capath => $self->{ldapCAPath} ) : () ),
        ( $self->{ldapPort}   ? ( port   => $self->{ldapPort} )   : () ),
        raw => => qr/(?i:^jpegPhoto|;binary)/
    );

    unless ($ldap) {
        $Lemonldap::NG::Common::Conf::msg .= "$@\n";
        return;
    }
    elsif ( $Net::LDAP::VERSION < '0.64' ) {

        # CentOS7 has a bug in which IO::Socket::SSL will return a broken
        # socket when certificate validation fails. Net::LDAP does not catch
        # it, and the process ends up crashing.
        # As a precaution, make sure the underlying socket is doing fine:
        if (    $ldap->socket->isa('IO::Socket::SSL')
            and $ldap->socket->errstr < 0 )
        {
            $Lemonldap::NG::Common::Conf::msg .=
              "SSL connection error: " . $ldap->socket->errstr;
            return;
        }
    }

    # Start TLS if needed
    if ($useTls) {
        my %h = split( /[&=]/, $tlsParam );
        $h{verify} ||= $self->{ldapVerify} || "require";
        $h{cafile} ||= $self->{ldapCAFile} if ( $self->{ldapCAFile} );
        $h{capath} ||= $self->{ldapCAPath} if ( $self->{ldapCAPath} );
        my $start_tls = $ldap->start_tls(%h);
        if ( $start_tls->code ) {
            $self->logError($start_tls);
            return;
        }
    }

    # Bind with credentials
    my $bind =
      $ldap->bind( $self->{ldapBindDN}, password => $self->{ldapBindPassword} );
    if ( $bind->code ) {
        $self->logError($bind);
        return;
    }

    return $ldap;
}

sub lock {

    # No lock for LDAP
    return 1;
}

sub isLocked {

    # No lock for LDAP
    return 0;
}

sub unlock {

    # No lock for LDAP
    return 1;
}

sub store {
    my ( $self, $fields ) = @_;

    my $ldap = $self->getLdapConnection;
    unless ($ldap) {
        return 0;
    }

    $fields = $self->serialize($fields);