Rev 5099 | Rev 13323 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 5099 | Rev 12555 | ||
---|---|---|---|
Line 7... | Line 7... | ||
7 | auth_real_login=ERROR |
7 | auth_real_login=ERROR |
8 | 8 | ||
9 | 9 | ||
10 | ldap_find=!sh which ldapsearch |
10 | ldap_find=!sh which ldapsearch |
11 | !if $ldap_find issametext $empty |
11 | !if $ldap_find issametext $empty |
12 | auth_test=ERROR no_ldap |
12 | auth_test=ERROR no_ldap |
13 | !exit |
13 | !exit |
14 | !endif |
14 | !endif |
15 | 15 | ||
16 | ldap_auth=!defof class_ldap_auth in $authdef |
16 | ldap_auth=!defof class_ldap_auth in $authdef |
17 | !default ldap_auth=!defof ldap_auth in wimshome/log/wims.conf |
17 | !default ldap_auth=!defof ldap_auth in wimshome/log/wims.conf |
18 | 18 | ||
Line 28... | Line 28... | ||
28 | ldap_branch=!defof class_ldap_branch in $authdef |
28 | ldap_branch=!defof class_ldap_branch in $authdef |
29 | !default ldap_branch=!defof ldap_branch in wimshome/log/wims.conf |
29 | !default ldap_branch=!defof ldap_branch in wimshome/log/wims.conf |
30 | 30 | ||
31 | ldap_uid=!defof class_ldap_uid in $authdef |
31 | ldap_uid=!defof class_ldap_uid in $authdef |
32 | !default ldap_uid=!defof ldap_uid in wimshome/log/wims.conf |
32 | !default ldap_uid=!defof ldap_uid in wimshome/log/wims.conf |
33 | 33 | ||
34 | #ldap_id=!replace internal " by in $ldap_uid=$(wims_read_parm[1]),$ldap_branch,$ldap_base |
34 | #ldap_id=!replace internal " by in $ldap_uid=$(wims_read_parm[1]),$ldap_branch,$ldap_base |
35 | ldap_id=!replace internal " by in $ldap_uid=$(wims_read_parm[1]) |
35 | ldap_id=!replace internal " by in $ldap_uid=$(wims_read_parm[1]) |
36 | 36 | ||
37 | ldap_login=!defof class_ldap_login in $authdef |
37 | ldap_login=!defof class_ldap_login in $authdef |
38 | !default ldap_login=!defof ldap_login in wimshome/log/wims.conf |
38 | !default ldap_login=!defof ldap_login in wimshome/log/wims.conf |
39 | 39 | ||
40 | !if $ldap_login=$empty or $ldap_uid=$empty or $ldap_base=$empty \ |
40 | !if $ldap_login=$empty or $ldap_uid=$empty or $ldap_base=$empty \ |
41 | or $ldap_branch=$empty or $ldap_auth=$empty |
41 | or $ldap_branch=$empty or $ldap_auth=$empty |
42 |
|
42 | auth_test=ERROR no_ldap_config |
43 |
|
43 | !exit |
44 | !endif |
44 | !endif |
45 | !!!FIXME Be careful : ldap must be configured such that the option -w is accepted. If not, the answer |
45 | !!!FIXME Be careful : ldap must be configured such that the option -w is accepted. If not, the answer |
46 | !!! is the same for a good or wrong password. |
46 | !!! is the same for a good or wrong password. |
47 | !!! should fix the test |
47 | !!! should fix the test |
48 | ldap_search=!sh ldapsearch -x -H ldap://$ldap_auth:$ldap_port -b "$ldap_base" '$ldap_id' -D "$ldap_id , $ldap_base" -w '$(wims_read_parm[2])' |
48 | ldap_search=!sh ldapsearch -x -H ldap://$ldap_auth:$ldap_port -b "$ldap_base" '$ldap_id' -D "$ldap_id , $ldap_base" -w '$(wims_read_parm[2])' |
Line 50... | Line 50... | ||
50 | btest=# numEntries: 1 |
50 | btest=# numEntries: 1 |
51 | firstcond=0 |
51 | firstcond=0 |
52 | 52 | ||
53 | ldap_cnt=!linecnt $ldap_search |
53 | ldap_cnt=!linecnt $ldap_search |
54 | !for i=1 to $ldap_cnt |
54 | !for i=1 to $ldap_cnt |
55 | l=!line $i of $ldap_search |
55 | l=!line $i of $ldap_search |
56 | field=!word 1 of $l |
56 | field=!word 1 of $l |
57 | 57 | ||
58 | !if $field iswordof $ldap_login: |
58 | !if $field iswordof $ldap_login: |
59 | auth_real_login=!word 2 of $l |
59 | auth_real_login=!word 2 of $l |
60 | !endif |
60 | !endif |
61 | 61 | ||
62 | !if $l issametext $atest |
62 | !if $l issametext $atest |
63 | !increase firstcond |
63 | !increase firstcond |
64 | !endif |
64 | !endif |
65 | !if $l issametext $btest |
65 | !if $l issametext $btest |
66 | !increase firstcond |
66 | !increase firstcond |
67 | !endif |
67 | !endif |
68 | !next i |
68 | !next i |
69 | !if $firstcond=2 |
69 | !if $firstcond=2 |
70 | !!! now the user exists and password is good |
70 | !!! now the user exists and password is good |
71 | !!! find eventually wims login |
71 | !!! find eventually wims login |
72 | !if $ldap_login issametext $ldap_uid |
72 | !if $ldap_login issametext $ldap_uid |
73 |
|
73 | auth_test=!replace internal " by in $(wims_read_parm[1]) |
74 | !else |
74 | !else |
75 | !if $auth_real_login!= and $auth_real_login!=ERROR |
75 | !if $auth_real_login!= and $auth_real_login!=ERROR |
76 | auth_test=$auth_real_login |
76 | auth_test=$auth_real_login |
77 | !else |
77 | !else |
78 | !! one looks for the ldap_login in an anonymous way (no password) |
78 | !! one looks for the ldap_login in an anonymous way (no password) |
79 | ldap_search2=!sh ldapsearch -x -H ldap |
79 | ldap_search2=!sh ldapsearch -x -H ldap://$ldap_auth:$ldap_port -b "$ldap_base" '$ldap_id' $ldap_login | grep -v "^[d]n:" |
80 | ldap_search2=!replace internal :$ $ by , in $ldap_search2 |
80 | ldap_search2=!replace internal :$ $ by , in $ldap_search2 |
81 | ldap_cnt2=!linecnt $ldap_search2 |
81 | ldap_cnt2=!linecnt $ldap_search2 |
82 | 82 | ||
83 | !for i=1 to $ldap_cnt2 |
83 | !for i=1 to $ldap_cnt2 |
84 | l=!line $i of $ldap_search2 |
84 | l=!line $i of $ldap_search2 |
85 | field=!item 1 of $l |
85 | field=!item 1 of $l |
86 | !if $field iswordof $ldap_login |
86 | !if $field iswordof $ldap_login |
87 | auth_real_login=!item 2 of $l |
87 | auth_real_login=!item 2 of $l |
88 |
|
88 | !endif |
89 | !next |
89 | !next |
90 | !if $auth_real_login!= |
90 | !if $auth_real_login!= |
91 | auth_user=$auth_real_login |
91 | auth_user=$auth_real_login |
- | 92 | !endif |
|
- | 93 | auth_test=$auth_real_login |
|
92 | !endif |
94 | !endif |
93 | auth_test=$auth_real_login |
- | |
94 | !endif |
- | |
95 | !endif |
95 | !endif |
96 | !endif |
96 | !endif |
97 | 97 | ||
98 | cnt_=!charcnt $auth_user |
98 | cnt_=!charcnt $auth_user |
99 | !if $cnt_=3 |
99 | !if $cnt_=3 |
100 | auth_user=!nospace $auth_user 0 |
100 | auth_user=!nospace $auth_user 0 |
101 | !endif |
101 | !endif |
102 | !if $cnt_<=2 |
102 | !if $cnt_<=2 |
103 | auth_test=ERROR |
103 | auth_test=ERROR |
104 | !reset auth_user |
104 | !reset auth_user |
105 | !endif |
105 | !endif |