WebSVN – wimsdev – Diff – /trunk/wims/public_html/scripts/adm/class/auth-ldap

 auth_real_login=ERROR
 ldap_find=!sh which ldapsearch
 !if $ldap_find issametext $empty
- auth_test=ERROR no_ldap
+  auth_test=ERROR no_ldap
- !exit
+  !exit
 !endif
 ldap_auth=!defof class_ldap_auth in $authdef
 !default ldap_auth=!defof ldap_auth in wimshome/log/wims.conf
 ldap_branch=!defof class_ldap_branch in $authdef
 !default ldap_branch=!defof ldap_branch in wimshome/log/wims.conf
 ldap_uid=!defof class_ldap_uid in $authdef
 !default ldap_uid=!defof ldap_uid in wimshome/log/wims.conf
 #ldap_id=!replace internal " by in $ldap_uid=$(wims_read_parm[1]),$ldap_branch,$ldap_base
 ldap_id=!replace internal " by in $ldap_uid=$(wims_read_parm[1])
 ldap_login=!defof class_ldap_login in $authdef
 !default ldap_login=!defof ldap_login in wimshome/log/wims.conf
 !if $ldap_login=$empty or $ldap_uid=$empty or $ldap_base=$empty \
        or $ldap_branch=$empty  or $ldap_auth=$empty
-   auth_test=ERROR no_ldap_config
+  auth_test=ERROR no_ldap_config
-   !exit
+  !exit
 !endif
 !!!FIXME  Be careful : ldap must be configured such that the option -w is accepted. If not, the answer
 !!! is the same for a good or wrong password.
 !!! should fix the test
 ldap_search=!sh ldapsearch -x -H ldap://$ldap_auth:$ldap_port -b "$ldap_base" '$ldap_id' -D "$ldap_id , $ldap_base" -w '$(wims_read_parm[2])'
 btest=# numEntries: 1
 firstcond=0
 ldap_cnt=!linecnt $ldap_search
 !for i=1 to $ldap_cnt
- l=!line $i of $ldap_search
+  l=!line $i of $ldap_search
- field=!word 1 of $l
+  field=!word 1 of $l
- !if $field iswordof $ldap_login:
+  !if $field iswordof $ldap_login:
-  auth_real_login=!word 2 of $l
+    auth_real_login=!word 2 of $l
- !endif
+  !endif
- !if $l issametext $atest
+  !if $l issametext $atest
-  !increase firstcond
+    !increase firstcond
- !endif
+  !endif
- !if $l issametext $btest
+  !if $l issametext $btest
-  !increase firstcond
+    !increase firstcond
- !endif
+  !endif
 !next i
 !if $firstcond=2
   !!! now the user exists and password is good
   !!! find eventually  wims login
   !if $ldap_login issametext $ldap_uid
-     auth_test=!replace internal " by  in $(wims_read_parm[1])
+    auth_test=!replace internal " by  in $(wims_read_parm[1])
   !else
-   !if $auth_real_login!= and $auth_real_login!=ERROR
+    !if $auth_real_login!= and $auth_real_login!=ERROR
-     auth_test=$auth_real_login
+      auth_test=$auth_real_login
-   !else
+    !else
-    !! one looks for the ldap_login in an anonymous way (no password)
+      !! one looks for the ldap_login in an anonymous way (no password)
-    ldap_search2=!sh ldapsearch -x -H ldap://$ldap_auth:$ldap_port -b "$ldap_base" '$ldap_id' $ldap_login | grep -v "^[d]n:"
+      ldap_search2=!sh ldapsearch -x -H ldap://$ldap_auth:$ldap_port -b "$ldap_base" '$ldap_id' $ldap_login | grep -v "^[d]n:"
-    ldap_search2=!replace internal :$ $ by , in $ldap_search2
+      ldap_search2=!replace internal :$ $ by , in $ldap_search2
-    ldap_cnt2=!linecnt $ldap_search2
+      ldap_cnt2=!linecnt $ldap_search2
-    !for i=1 to $ldap_cnt2
+      !for i=1 to $ldap_cnt2
-     l=!line $i of $ldap_search2
+        l=!line $i of $ldap_search2
-     field=!item 1 of $l
+        field=!item 1 of $l
-     !if $field iswordof $ldap_login
+        !if $field iswordof $ldap_login
-      auth_real_login=!item 2 of $l
+          auth_real_login=!item 2 of $l
-     !endif
+        !endif
-    !next
+      !next
-    !if $auth_real_login!=
+      !if $auth_real_login!=
-      auth_user=$auth_real_login
+        auth_user=$auth_real_login
+      !endif
+      auth_test=$auth_real_login
     !endif
-    auth_test=$auth_real_login
-   !endif
   !endif
 !endif
 cnt_=!charcnt $auth_user
 !if $cnt_=3
- auth_user=!nospace $auth_user 0
+  auth_user=!nospace $auth_user 0
 !endif
 !if $cnt_<=2
   auth_test=ERROR
   !reset auth_user
 !endif

Subversion Repositories wimsdev

(root)/trunk/wims/public_html/scripts/adm/class/auth-ldap – Rev 5099 → 12555