1 |
package LDAP::Koha; |
2 |
|
3 |
use strict; |
4 |
use warnings; |
5 |
|
6 |
use lib '../lib'; |
7 |
|
8 |
use Net::LDAP::Constant qw(LDAP_SUCCESS); |
9 |
use Net::LDAP::Server; |
10 |
use base 'Net::LDAP::Server'; |
11 |
use fields qw(); |
12 |
|
13 |
use DBI; |
14 |
use File::Slurp; |
15 |
|
16 |
use Data::Dump qw/dump/; |
17 |
|
18 |
my $debug = 0; # XXX very slow |
19 |
|
20 |
# XXX test with: |
21 |
# |
22 |
# ldapsearch -h localhost -p 2389 -b dc=ffzg,dc=hr -x 'otherPager=200903160021' |
23 |
# |
24 |
|
25 |
our $dsn = 'DBI:mysql:dbname='; |
26 |
our $database = 'koha'; |
27 |
our $user = 'unconfigured-user'; |
28 |
our $passwd = 'unconfigured-password'; |
29 |
|
30 |
our $max_results = $ENV{MAX_RESULTS} || 3000; # FIXME must be enough for all users |
31 |
our $objectclass_default = 'hrEduPerson'; |
32 |
|
33 |
our $objectclass; |
34 |
|
35 |
$SIG{__DIE__} = sub { |
36 |
warn "!!! DIE ", @_; |
37 |
die @_; |
38 |
}; |
39 |
|
40 |
require 'config.pl' if -e 'config.pl'; |
41 |
|
42 |
# we need reverse LDAP -> SQL mapping for where clause |
43 |
|
44 |
my $ldap_sql_mapping = { |
45 |
'uid' => 'userid', |
46 |
'objectGUID' => 'b.borrowernumber', |
47 |
'displayName' => 'surname', |
48 |
'sn' => 'surname', |
49 |
'pager' => 'a.attribute', # was: rfid_sid |
50 |
}; |
51 |
|
52 |
sub __sql_column { |
53 |
my $name = shift; |
54 |
$ldap_sql_mapping->{$name} || $name; |
55 |
} |
56 |
|
57 |
use constant RESULT_OK => { |
58 |
'matchedDN' => '', |
59 |
'errorMessage' => '', |
60 |
'resultCode' => LDAP_SUCCESS |
61 |
}; |
62 |
|
63 |
# constructor |
64 |
sub new { |
65 |
my ($class, $sock) = @_; |
66 |
my $self = $class->SUPER::new($sock); |
67 |
print "connection from: ", $sock->peerhost(), "\n"; |
68 |
return $self; |
69 |
} |
70 |
|
71 |
# the bind operation |
72 |
sub bind { |
73 |
my $self = shift; |
74 |
my $reqData = shift; |
75 |
warn "# bind ",dump($reqData); |
76 |
return RESULT_OK; |
77 |
} |
78 |
|
79 |
our @values; |
80 |
our @limits; |
81 |
|
82 |
sub __ldap_search_to_sql { |
83 |
my ( $how, $what ) = @_; |
84 |
warn "### __ldap_search_to_sql $how ",dump( $what ),"\n"; |
85 |
if ( $how eq 'equalityMatch' && defined $what ) { |
86 |
my $name = $what->{attributeDesc} || warn "ERROR: no attributeDesc?"; |
87 |
my $value = $what->{assertionValue} || warn "ERROR: no assertionValue?"; |
88 |
|
89 |
if ( lc $name eq 'objectclass' ) { |
90 |
$objectclass = $value; |
91 |
} else { |
92 |
push @limits, __sql_column($name) . ' = ?'; |
93 |
push @values, $value; |
94 |
} |
95 |
} elsif ( $how eq 'substrings' ) { |
96 |
foreach my $substring ( @{ $what->{substrings} } ) { |
97 |
my $name = $what->{type} || warn "ERROR: no type?"; |
98 |
while ( my($op,$value) = each %$substring ) { |
99 |
push @limits, __sql_column($name) . ' LIKE ?'; |
100 |
if ( $op eq 'any' ) { |
101 |
$value = '%' . $value . '%'; |
102 |
} else { |
103 |
warn "UNSUPPORTED: op $op - using plain $value"; |
104 |
} |
105 |
push @values, $value; |
106 |
} |
107 |
} |
108 |
} elsif ( $how eq 'present' ) { |
109 |
my $name = __sql_column( $what ); |
110 |
push @limits, "$name IS NOT NULL and length($name) > 1"; |
111 |
## XXX length(foo) > 1 to avoid empty " " strings |
112 |
} else { |
113 |
warn "UNSUPPORTED: $how ",dump( $what ); |
114 |
} |
115 |
} |
116 |
|
117 |
|
118 |
# my ( $dn,$attributes ) = _dn_attributes( $row, $base ); |
119 |
|
120 |
sub _dn_attributes { |
121 |
my ($row,$base) = @_; |
122 |
|
123 |
warn "## row = ",dump( $row ) if $debug; |
124 |
|
125 |
die "no objectClass column in ",dump( $row ) unless defined $row->{objectClass}; |
126 |
|
127 |
$row->{objectClass} = [ split(/\s+/, $row->{objectClass}) ] if $row->{objectClass} =~ m{\n}; |
128 |
|
129 |
warn "## row = ",dump( $row ) if $debug; |
130 |
|
131 |
my $dn = delete( $row->{dn} ) || die "no dn in ",dump( $row ); |
132 |
|
133 |
# this does some sanity cleanup for our data |
134 |
# my $base_as_domain = $base; |
135 |
# $base_as_domain =~ s{dn=}{.}; |
136 |
# $base_as_domain =~ s{^\.}{@}; |
137 |
# $dn =~ s{$base_as_domain$}{}; |
138 |
# |
139 |
# $dn .= ',' . $base unless $dn =~ m{,}; # add base if none present |
140 |
|
141 |
return ($dn, $row); |
142 |
} |
143 |
|
144 |
|
145 |
# the search operation |
146 |
sub search { |
147 |
my $self = shift; |
148 |
my $reqData = shift; |
149 |
print "searching...\n"; |
150 |
|
151 |
warn "# " . localtime() . " request = ", dump($reqData); |
152 |
|
153 |
my $base = $reqData->{'baseObject'}; # FIXME use it? |
154 |
|
155 |
my @entries; |
156 |
if ( $reqData->{'filter'} ) { |
157 |
|
158 |
my $sql_where = ''; |
159 |
@values = (); |
160 |
$objectclass = ''; |
161 |
|
162 |
foreach my $filter ( keys %{ $reqData->{'filter'} } ) { |
163 |
|
164 |
warn "## filter $filter ", dump( $reqData->{'filter'}->{ $filter } ), "\n"; |
165 |
|
166 |
@limits = (); |
167 |
|
168 |
if ( ref $reqData->{'filter'}->{ $filter } eq 'ARRAY' ) { |
169 |
|
170 |
foreach my $filter ( @{ $reqData->{'filter'}->{ $filter } } ) { |
171 |
warn "### filter ",dump($filter),$/; |
172 |
foreach my $how ( keys %$filter ) { |
173 |
if ( $how eq 'or' ) { |
174 |
__ldap_search_to_sql( %$_ ) foreach ( @{ $filter->{$how} } ); |
175 |
} else { |
176 |
__ldap_search_to_sql( $how, $filter->{$how} ); |
177 |
} |
178 |
warn "## limits ",dump(@limits), " values ",dump(@values); |
179 |
} |
180 |
} |
181 |
|
182 |
} else { |
183 |
__ldap_search_to_sql( $filter, $reqData->{'filter'}->{$filter} ); |
184 |
} |
185 |
|
186 |
$sql_where .= ' ' . join( " $filter ", @limits ) if @limits; |
187 |
|
188 |
} |
189 |
|
190 |
$objectclass ||= $objectclass_default; |
191 |
|
192 |
my $sql_select = read_file( lc "sql/$objectclass.sql" ); |
193 |
if ( $sql_where ) { |
194 |
if ( $sql_select !~ m{where}i ) { |
195 |
$sql_where = " where $sql_where"; |
196 |
} else { |
197 |
$sql_where = " and $sql_where"; |
198 |
} |
199 |
} |
200 |
|
201 |
|
202 |
my $sql |
203 |
= $sql_select |
204 |
. $sql_where |
205 |
# . ( $objectclass =~ m{person}i ? " LIMIT $max_results" : '' ) # add limit just for persons |
206 |
; |
207 |
|
208 |
warn "# SQL:\n$sql\n# DATA: ",dump( @values ); |
209 |
my $dbh = DBI->connect_cached($dsn . $database, $user,$passwd, { RaiseError => 1, AutoCommit => 1 }) || die $DBI::errstr; |
210 |
my $sth = $dbh->prepare( $sql ); |
211 |
$sth->execute( @values ); |
212 |
|
213 |
warn "# ", $sth->rows, " results for ",dump( $reqData->{'filter'} ); |
214 |
|
215 |
my $last_dn = '?'; |
216 |
my $entry; |
217 |
|
218 |
while (my $row = $sth->fetchrow_hashref) { |
219 |
|
220 |
my ( $dn, $attributes ) = _dn_attributes( $row, $base ); |
221 |
|
222 |
warn "# dn $last_dn ... $dn\n"; |
223 |
|
224 |
if ( $dn ne $last_dn ) { |
225 |
|
226 |
if ( $entry ) { |
227 |
#$entry->changetype( 'modify' ); |
228 |
warn "### entry ",$entry->dump( \*STDERR ); |
229 |
push @entries, $entry; |
230 |
undef $entry; |
231 |
} |
232 |
|
233 |
$dn =~ s{@[^,]+}{}; |
234 |
|
235 |
$entry = Net::LDAP::Entry->new; |
236 |
$entry->dn( $dn ); |
237 |
|
238 |
$entry->add( %$attributes ); |
239 |
|
240 |
} else { |
241 |
foreach my $n ( keys %$attributes ) { |
242 |
my $v = $attributes->{$n}; |
243 |
warn "# attr $n = $v\n"; |
244 |
$entry->add( $n, $v ) if $entry->get_value( $n ) ne $v; |
245 |
} |
246 |
} |
247 |
|
248 |
|
249 |
$last_dn = $dn; |
250 |
|
251 |
} |
252 |
|
253 |
if ( $entry ) { |
254 |
warn "### last entry ",$entry->dump( \*STDERR ); |
255 |
push @entries, $entry; |
256 |
} |
257 |
|
258 |
} else { |
259 |
warn "UNKNOWN request: ",dump( $reqData ); |
260 |
} |
261 |
|
262 |
return RESULT_OK, @entries; |
263 |
} |
264 |
|
265 |
# the rest of the operations will return an "unwilling to perform" |
266 |
|
267 |
1; |