oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
webgui/lib/WebGUI/Workflow/Activity/SyncProfilesToLdap.pm

198 lines
8.1 KiB
Perl
Raw Blame History

package WebGUI::Workflow::Activity::SyncProfilesToLdap;
=head1 LEGAL
-------------------------------------------------------------------
WebGUI is Copyright 2001-2009 Plain Black Corporation.
-------------------------------------------------------------------
Please read the legal notices (docs/legal.txt) and the license
(docs/license.txt) that came with this distribution before using
this software.
-------------------------------------------------------------------
http://www.plainblack.com info@plainblack.com
-------------------------------------------------------------------
=cut
use strict;
use base 'WebGUI::Workflow::Activity';
use Net::LDAP;
use Time::HiRes;
use WebGUI::Auth;
use WebGUI::User;
use WebGUI::Utility;
=head1 NAME
Package WebGUI::Workflow::Activity::SyncProfilesToLdap
=head1 DESCRIPTION
Synchoronizes the data in your LDAP directory with the WebGUI user's profile. This is a one way sync, so data comes from LDAP to WebGUI, not the other way around.
=head1 SYNOPSIS
See WebGUI::Workflow::Activity for details on how to use any activity.
=head1 METHODS
These methods are available from this class:
=cut
#-------------------------------------------------------------------
#Status code messages returned by the server
my %ldapStatusCode = ( 0=>'success (0)', 1=>'Operations Error (1)', 2=>'Protocol Error (2)',
3=>'Time Limit Exceeded (3)', 4=>'Size Limit Exceeded (4)', 5=>'Compare False (5)',
6=>'Compare True (6)', 7=>'Auth Method Not Supported (7)', 8=>'Strong Auth Required (8)',
10=>'Referral (10)', 11=>'Admin Limit Exceeded (11)', 12=>'Unavailable Critical Extension (12)',
13=>'Confidentiality Required (13)', 14=>'Sasl Bind In Progress (14)',
15=>'No Such Attribute (16)', 17=>'Undefined Attribute Type (17)',
18=>'Inappropriate Matching (18)', 19=>'Constraint Violation (19)',
20=>'Attribute Or Value Exists (20)', 21=>'Invalid Attribute Syntax (21)', 32=>'LDAP Entry Does Not Exist (32)',
33=>'Alias Problem (33)', 34=>'Invalid DN Syntax (34)', 36=>'Alias Dereferencing Problem (36)',
48=>'Inappropriate Authentication (48)', 49=>'Invalid Credentials (49)',
50=>'Insufficient Access Rights (50)', 51=>'Busy (51)', 52=>'Unavailable (52)',
53=>'Unwilling To Perform (53)', 54=>'Loop Detect (54)', 64=>'Naming Violation (64)',
65=>'Object Class Violation (65)', 66=>'Not Allowed On Non Leaf (66)', 67=>'Not Allowed On RDN (67)',
68=>'Entry Already Exists (68)', 69=>'Object Class Mods Prohibited (69)',70=>'The results of the request are to large (70)',
71=>'Affects Multiple DSAs (71)', 80=>'other (80)',81=>'Net::LDAP cannot establish a connection or the connection has been lost (81)',
85=>'Net::LDAP timeout while waiting for a response from the server (85)',
86=>'The method of authentication requested in a bind request is unknown to the server (86)',
87=>'An error occurred while encoding the given search filter. (87)',
89=>'An invalid parameter was specified (89)',90=>'Out of Memory (90)',91=>'A connection to the server could not be established (91)',
92=>'An attempt has been made to use a feature not supported by Net::LDAP (92)',
93=>'The controls required to perform the requested operation were not found. (93)',
94=>'No results were returned from the server. (94)', 95=>'There are more results in the chain of results. (95)',
96=>'A loop has been detected. For example when following referals. (96)', 97=>'The referral hop limit has been exceeded. (97)');
#-------------------------------------------------------------------
sub _alias {
my $self = shift;
my $key = shift;
my $session = $self->session;
#Pull alias from memory.
my $alias = $self->{_alias};
#If alias is not in memory, pull it from the config file and set it.
unless ($alias) {
$alias = $session->config->get("ldapAlias");
$self->{_alias} = $alias;
}
#Print an error message if no aliases are found
unless (scalar(keys %{$alias}) > 0) {
$session->errorHandler->warn("SynchProfilesToLdap: ldapAlias is not configured properly in your WebGUI config file. Please check to make sure that this setting is enabled and contains alias mappings");
}
#Return the value of the key passed in
return $alias->{$key} || $key;
}
#-------------------------------------------------------------------
=head2 definition ( session, definition )
See WebGUI::Workflow::Activity::definition() for details.
=cut
sub definition {
my $class = shift;
my $session = shift;
my $definition = shift;
my $i18n = WebGUI::International->new($session, "AuthLDAP");
push(@{$definition}, {
name=>$i18n->get("sync profiles to ldap"),
properties=> { }
});
return $class->SUPER::definition($session,$definition);
}
#-------------------------------------------------------------------
=head2 execute ( )
See WebGUI::Workflow::Activity::execute() for details.
=cut
sub execute {
my $self = shift;
my $object = shift;
my $instance = shift;
my $session = $self->session;
# No Results Codes are returned by the server if a search didn't error, but returned no results. These codes should have a different error message returned.
my @noResultsCodes = (32,94);
my $startTime = time;
my @fieldNames = $self->session->db->buildArray("SELECT fieldName FROM userProfileField WHERE profileCategoryId <> 4");
my $index = $instance->getScratch('ldapSelectIndex') || 0;
my $sth = $self->session->db->read("SELECT u.userId AS userId, a1.fieldData AS ldapConnection FROM users AS u INNER JOIN authentication AS a1 ON u.userId = a1.userId WHERE a1.fieldName = 'ldapConnection' AND u.authMethod = 'LDAP' ORDER BY ldapConnection, userId LIMIT $index,18446744073709551615");
my ($currentLinkId, $link, $ldapUrl, $ldap);
my $skippingLink = 0;
my $ttl = $self->getTTL;
while (my ($userId, $rowLinkId) = $sth->array) {
if ($rowLinkId ne $currentLinkId) {
$link->unbind if defined $link;
$skippingLink = 0;
# $self->session->errorHandler->warn("DEBUG: SyncProfilesToLdap: Switching to link $rowLinkId");
$currentLinkId = $rowLinkId;
$link = WebGUI::LDAPLink->new($self->session, $rowLinkId);
next unless $link;
$ldapUrl = $link->get->{ldapUrl};
$ldap = $link->bind;
if (my $error = $link->getErrorMessage) {
$self->session->errorHandler->error("SyncProfilesToLdap: Couldn't bind to LDAP link $ldapUrl ($currentLinkId), skipping: $error");
$skippingLink = 1;
next;
}
} elsif ($skippingLink) {
next;
}
# $self->session->errorHandler->warn("DEBUG: SyncProfilesToLdap: Syncing profile for user $userId");
my $user = WebGUI::User->new($self->session, $userId);
my $username = $user->username;
my $auth = WebGUI::Auth->new($self->session, 'LDAP', $userId);
my $userData = $auth->getParams;
my $result = $ldap->search(base => $userData->{connectDN},
filter => "&(objectClass=*)");
if ($result->code && !isIn($result->code, @noResultsCodes)) {
$self->session->errorHandler->error("SyncProfilesToLdap: Couldn't search LDAP link $ldapUrl ($currentLinkId) to find user $username ($userId) with DN ".$userData->{connectDN}.": LDAP returned: ".$ldapStatusCode{$result->code});
} elsif (isIn($result->code, @noResultsCodes) || $result->count == 0) {
$self->session->errorHandler->warn("SyncProfilesToLdap: No results returned by LDAP server for user with dn ".$userData->{connectDN});
} else {
my $entry = $result->entry(0);
foreach my $fieldName (@fieldNames) {
my $value = $entry->get_value($self->_alias($fieldName));
next unless length $value;
# $self->session->errorHandler->warn("DEBUG: SyncProfilesToLdap: Got data for profile field '$fieldName'");
$user->profileField($fieldName, $value);
}
}
} continue {
$index++;
if (time - $startTime >= $ttl) {
# $self->session->errorHandler->warn("DEBUG: SyncProfilesToLdap: next round");
$link->unbind if defined $link;
$instance->setScratch('ldapSelectIndex', $index);
$sth->finish;
return $self->WAITING(1);
}
}
# $self->session->errorHandler->warn("DEBUG: SyncProfilesToLdap: done");
$link->unbind if defined $link;
$instance->deleteScratch('ldapSelectIndex');
return $self->COMPLETE;
}
1;
Reference in a new issue View git blame Copy permalink