Subversion Repositories wimsdev

Rev

Rev 5099 | Rev 13323 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log | RSS feed

Rev 5099 Rev 12555
Line 7... Line 7...
7
auth_real_login=ERROR
7
auth_real_login=ERROR
8
 
8
 
9
 
9
 
10
ldap_find=!sh which ldapsearch
10
ldap_find=!sh which ldapsearch
11
!if $ldap_find issametext $empty
11
!if $ldap_find issametext $empty
12
 auth_test=ERROR no_ldap
12
  auth_test=ERROR no_ldap
13
 !exit
13
  !exit
14
!endif
14
!endif
15
 
15
 
16
ldap_auth=!defof class_ldap_auth in $authdef
16
ldap_auth=!defof class_ldap_auth in $authdef
17
!default ldap_auth=!defof ldap_auth in wimshome/log/wims.conf
17
!default ldap_auth=!defof ldap_auth in wimshome/log/wims.conf
18
 
18
 
Line 28... Line 28...
28
ldap_branch=!defof class_ldap_branch in $authdef
28
ldap_branch=!defof class_ldap_branch in $authdef
29
!default ldap_branch=!defof ldap_branch in wimshome/log/wims.conf
29
!default ldap_branch=!defof ldap_branch in wimshome/log/wims.conf
30
 
30
 
31
ldap_uid=!defof class_ldap_uid in $authdef
31
ldap_uid=!defof class_ldap_uid in $authdef
32
!default ldap_uid=!defof ldap_uid in wimshome/log/wims.conf
32
!default ldap_uid=!defof ldap_uid in wimshome/log/wims.conf
33
 
33
 
34
#ldap_id=!replace internal " by in $ldap_uid=$(wims_read_parm[1]),$ldap_branch,$ldap_base
34
#ldap_id=!replace internal " by in $ldap_uid=$(wims_read_parm[1]),$ldap_branch,$ldap_base
35
ldap_id=!replace internal " by in $ldap_uid=$(wims_read_parm[1])
35
ldap_id=!replace internal " by in $ldap_uid=$(wims_read_parm[1])
36
 
36
 
37
ldap_login=!defof class_ldap_login in $authdef
37
ldap_login=!defof class_ldap_login in $authdef
38
!default ldap_login=!defof ldap_login in wimshome/log/wims.conf
38
!default ldap_login=!defof ldap_login in wimshome/log/wims.conf
39
 
39
 
40
!if $ldap_login=$empty or $ldap_uid=$empty or $ldap_base=$empty \
40
!if $ldap_login=$empty or $ldap_uid=$empty or $ldap_base=$empty \
41
       or $ldap_branch=$empty  or $ldap_auth=$empty 
41
       or $ldap_branch=$empty  or $ldap_auth=$empty
42
   auth_test=ERROR no_ldap_config
42
  auth_test=ERROR no_ldap_config
43
   !exit
43
  !exit
44
!endif
44
!endif
45
!!!FIXME  Be careful : ldap must be configured such that the option -w is accepted. If not, the answer
45
!!!FIXME  Be careful : ldap must be configured such that the option -w is accepted. If not, the answer
46
!!! is the same for a good or wrong password.
46
!!! is the same for a good or wrong password.
47
!!! should fix the test
47
!!! should fix the test
48
ldap_search=!sh ldapsearch -x -H ldap://$ldap_auth:$ldap_port -b "$ldap_base" '$ldap_id' -D "$ldap_id , $ldap_base" -w '$(wims_read_parm[2])'
48
ldap_search=!sh ldapsearch -x -H ldap://$ldap_auth:$ldap_port -b "$ldap_base" '$ldap_id' -D "$ldap_id , $ldap_base" -w '$(wims_read_parm[2])'
Line 50... Line 50...
50
btest=# numEntries: 1
50
btest=# numEntries: 1
51
firstcond=0
51
firstcond=0
52
 
52
 
53
ldap_cnt=!linecnt $ldap_search
53
ldap_cnt=!linecnt $ldap_search
54
!for i=1 to $ldap_cnt
54
!for i=1 to $ldap_cnt
55
 l=!line $i of $ldap_search
55
  l=!line $i of $ldap_search
56
 field=!word 1 of $l
56
  field=!word 1 of $l
57
 
57
 
58
 !if $field iswordof $ldap_login:
58
  !if $field iswordof $ldap_login:
59
  auth_real_login=!word 2 of $l
59
    auth_real_login=!word 2 of $l
60
 !endif
60
  !endif
61
 
61
 
62
 !if $l issametext $atest
62
  !if $l issametext $atest
63
  !increase firstcond
63
    !increase firstcond
64
 !endif
64
  !endif
65
 !if $l issametext $btest
65
  !if $l issametext $btest
66
  !increase firstcond
66
    !increase firstcond
67
 !endif
67
  !endif
68
!next i
68
!next i
69
!if $firstcond=2
69
!if $firstcond=2
70
  !!! now the user exists and password is good
70
  !!! now the user exists and password is good
71
  !!! find eventually  wims login
71
  !!! find eventually  wims login
72
  !if $ldap_login issametext $ldap_uid
72
  !if $ldap_login issametext $ldap_uid
73
     auth_test=!replace internal " by  in $(wims_read_parm[1])
73
    auth_test=!replace internal " by  in $(wims_read_parm[1])
74
  !else
74
  !else
75
   !if $auth_real_login!= and $auth_real_login!=ERROR
75
    !if $auth_real_login!= and $auth_real_login!=ERROR
76
     auth_test=$auth_real_login
76
      auth_test=$auth_real_login
77
   !else
77
    !else
78
    !! one looks for the ldap_login in an anonymous way (no password)
78
      !! one looks for the ldap_login in an anonymous way (no password)
79
    ldap_search2=!sh ldapsearch -x -H ldap://$ldap_auth:$ldap_port -b "$ldap_base" '$ldap_id' $ldap_login | grep -v "^[d]n:" 
79
      ldap_search2=!sh ldapsearch -x -H ldap://$ldap_auth:$ldap_port -b "$ldap_base" '$ldap_id' $ldap_login | grep -v "^[d]n:"
80
    ldap_search2=!replace internal :$ $ by , in $ldap_search2
80
      ldap_search2=!replace internal :$ $ by , in $ldap_search2
81
    ldap_cnt2=!linecnt $ldap_search2
81
      ldap_cnt2=!linecnt $ldap_search2
82
 
82
 
83
    !for i=1 to $ldap_cnt2
83
      !for i=1 to $ldap_cnt2
84
     l=!line $i of $ldap_search2
84
        l=!line $i of $ldap_search2
85
     field=!item 1 of $l
85
        field=!item 1 of $l
86
     !if $field iswordof $ldap_login
86
        !if $field iswordof $ldap_login
87
      auth_real_login=!item 2 of $l
87
          auth_real_login=!item 2 of $l
88
     !endif 
88
        !endif
89
    !next
89
      !next
90
    !if $auth_real_login!=
90
      !if $auth_real_login!=
91
      auth_user=$auth_real_login
91
        auth_user=$auth_real_login
-
 
92
      !endif
-
 
93
      auth_test=$auth_real_login
92
    !endif
94
    !endif
93
    auth_test=$auth_real_login
-
 
94
   !endif
-
 
95
  !endif
95
  !endif
96
!endif
96
!endif
97
 
97
 
98
cnt_=!charcnt $auth_user
98
cnt_=!charcnt $auth_user
99
!if $cnt_=3
99
!if $cnt_=3
100
 auth_user=!nospace $auth_user 0
100
  auth_user=!nospace $auth_user 0
101
!endif
101
!endif
102
!if $cnt_<=2
102
!if $cnt_<=2
103
  auth_test=ERROR
103
  auth_test=ERROR
104
  !reset auth_user
104
  !reset auth_user
105
!endif
105
!endif