Rev 13323 | Blame | Compare with Previous | Last modification | View Log | RSS feed
# Input variables: authdef=def file.
# Parameters: auth_user, auth_password.
# output : auth_test, auth_user
auth_test=ERROR
auth_real_login=ERROR
ldap_find=!sh which ldapsearch
!if $ldap_find issametext $empty
auth_test=ERROR no_ldap
!exit
!endif
ldap_auth=!defof class_ldap_auth in $authdef
!default ldap_auth=!defof ldap_auth in wimshome/log/wims.conf
!if xxxldap: notin xxx$ldap_auth and xxxldaps: notin xxx$ldap_auth
ldap_auth=ldap://$ldap_auth
!endif
ldap_port=!defof class_ldap_port in $authdef
!default ldap_port=!defof ldap_port in wimshome/log/wims.conf
ldap_version=!defof class_ldap_version in $authdef
!default ldap_version=!defof ldap_version in wimshome/log/wims.conf
ldap_base=!defof class_ldap_base in $authdef
!default ldap_base=!defof ldap_base in wimshome/log/wims.conf
ldap_branch=!defof class_ldap_branch in $authdef
!default ldap_branch=!defof ldap_branch in wimshome/log/wims.conf
ldap_uid=!defof class_ldap_uid in $authdef
!default ldap_uid=!defof ldap_uid in wimshome/log/wims.conf
#ldap_id=!replace internal " by in $ldap_uid=$(wims_read_parm[1]),$ldap_branch,$ldap_base
ldap_id=!replace internal " by in $ldap_uid=$(wims_read_parm[1])
ldap_login=!defof class_ldap_login in $authdef
!default ldap_login=!defof ldap_login in wimshome/log/wims.conf
!if $ldap_login=$empty or $ldap_uid=$empty or $ldap_base=$empty \
or $ldap_branch=$empty or $ldap_auth=$empty
auth_test=ERROR no_ldap_config
!exit
!endif
!!!FIXME Be careful : ldap must be configured such that the option -w is accepted. If not, the answer
!!! is the same for a good or wrong password.
!!! should fix the test
ldap_search=!sh ldapsearch -x -H $ldap_auth:$ldap_port -b "$ldap_base" '$ldap_id' -D "$ldap_id , $ldap_base" -w '$(wims_read_parm[2])'
atest=result: 0 Success
btest=# numEntries: 1
firstcond=0
ldap_cnt=!linecnt $ldap_search
!for i=1 to $ldap_cnt
l=!line $i of $ldap_search
field=!word 1 of $l
!if $field iswordof $ldap_login:
auth_real_login=!word 2 of $l
!endif
!if $l issametext $atest
!increase firstcond
!endif
!if $l issametext $btest
!increase firstcond
!endif
!next i
!if $firstcond=2
!!! now the user exists and password is good
!!! find eventually wims login
!if $ldap_login issametext $ldap_uid
auth_test=!replace internal " by in $(wims_read_parm[1])
!else
!if $auth_real_login!= and $auth_real_login!=ERROR
auth_test=$auth_real_login
!else
!! one looks for the ldap_login in an anonymous way (no password)
!! quite anonymous search, since $ldap_oneuser is unpriviledged
ldap_search2=!sh ldapsearch -x -H $ldap_auth:$ldap_port -b "$ldap_base" $ldap_accreditation '$ldap_id' $ldap_login | grep -v "^[d]n:"
ldap_search2=!replace internal :$ $ by , in $ldap_search2
ldap_cnt2=!linecnt $ldap_search2
!for i=1 to $ldap_cnt2
l=!line $i of $ldap_search2
field=!item 1 of $l
!if $field iswordof $ldap_login
auth_real_login=!item 2 of $l
!endif
!next
!if $auth_real_login!=
auth_user=$auth_real_login
!endif
auth_test=$auth_real_login
!endif
!endif
!endif
cnt_=!charcnt $auth_user
!if $cnt_=3
auth_user=!nospace $auth_user 0
!endif
!if $cnt_<=2
auth_test=ERROR
!reset auth_user
!endif
!if $auth_test!=ERROR
auth_test=OK
!endif
auth_error=$wims_exec_error
!reset wims_exec_error
auth_user_orig=$(wims_read_parm[1])