oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
webgui/lib/WebGUI/Workflow/Activity/SyncProfileToLdap.pm

159 lines
6 KiB
Perl
Raw Blame History

package WebGUI::Workflow::Activity::SyncProfileToLdap;
=head1 LEGAL
-------------------------------------------------------------------
WebGUI is Copyright 2001-2009 Plain Black Corporation.
-------------------------------------------------------------------
Please read the legal notices (docs/legal.txt) and the license
(docs/license.txt) that came with this distribution before using
this software.
-------------------------------------------------------------------
http://www.plainblack.com info@plainblack.com
-------------------------------------------------------------------
=cut
use strict;
use base 'WebGUI::Workflow::Activity';
use Net::LDAP;
use WebGUI::Auth;
use WebGUI::LDAPLink;
use WebGUI::User;
=head1 NAME
Package WebGUI::Workflow::Activity::SyncProfileToLdap
=head1 DESCRIPTION
Synchoronizes the data for one user in your LDAP directory with the WebGUI user's profile. This is a one way sync, so data comes from LDAP to WebGUI, not the other way around.
=head1 SYNOPSIS
See WebGUI::Workflow::Activity for details on how to use any activity.
=head1 METHODS
These methods are available from this class:
=cut
#-------------------------------------------------------------------
=head2 definition ( session, definition )
See WebGUI::Workflow::Activity::definition() for details.
=cut
sub definition {
my $class = shift;
my $session = shift;
my $definition = shift;
my $i18n = WebGUI::International->new($session, "AuthLDAP");
push(@{$definition}, {
name=>$i18n->echo("Synchronize Profile To LDAP"),
properties=> { }
});
return $class->SUPER::definition($session,$definition);
}
my %ldapStatusCode = ( 0=>'success (0)', 1=>'Operations Error (1)', 2=>'Protocol Error (2)',
3=>'Time Limit Exceeded (3)', 4=>'Size Limit Exceeded (4)', 5=>'Compare False (5)',
6=>'Compare True (6)', 7=>'Auth Method Not Supported (7)', 8=>'Strong Auth Required (8)',
10=>'Referral (10)', 11=>'Admin Limit Exceeded (11)', 12=>'Unavailable Critical Extension (12)',
13=>'Confidentiality Required (13)', 14=>'Sasl Bind In Progress (14)',
15=>'No Such Attribute (16)', 17=>'Undefined Attribute Type (17)',
18=>'Inappropriate Matching (18)', 19=>'Constraint Violation (19)',
20=>'Attribute Or Value Exists (20)', 21=>'Invalid Attribute Syntax (21)', 32=>'LDAP Entry Does Not Exist (32)',
33=>'Alias Problem (33)', 34=>'Invalid DN Syntax (34)', 36=>'Alias Dereferencing Problem (36)',
48=>'Inappropriate Authentication (48)', 49=>'Invalid Credentials (49)',
50=>'Insufficient Access Rights (50)', 51=>'Busy (51)', 52=>'Unavailable (52)',
53=>'Unwilling To Perform (53)', 54=>'Loop Detect (54)', 64=>'Naming Violation (64)',
65=>'Object Class Violation (65)', 66=>'Not Allowed On Non Leaf (66)', 67=>'Not Allowed On RDN (67)',
68=>'Entry Already Exists (68)', 69=>'Object Class Mods Prohibited (69)',70=>'The results of the request are to large (70)',
71=>'Affects Multiple DSAs (71)', 80=>'other (80)',81=>'Net::LDAP cannot establish a connection or the connection has been lost (81)',
85=>'Net::LDAP timeout while waiting for a response from the server (85)',
86=>'The method of authentication requested in a bind request is unknown to the server (86)',
87=>'An error occurred while encoding the given search filter. (87)',
89=>'An invalid parameter was specified (89)',90=>'Out of Memory (90)',91=>'A connection to the server could not be established (91)',
92=>'An attempt has been made to use a feature not supported by Net::LDAP (92)');
#-------------------------------------------------------------------
sub _alias {
my $self = shift;
my $attribute = shift;
my %alias = (
firstName=>"cn",
lastName=>"sn",
email=>"mail",
companyName=>"o"
);
if (defined $self->session->config->get('ldapAlias')) {
%alias = %{$self->session->config->get('ldapAlias')};
}
return $alias{$attribute} || $attribute;
}
#-------------------------------------------------------------------
=head2 execute ( )
See WebGUI::Workflow::Activity::execute() for details.
=cut
sub execute {
my $self = shift;
my $userObject = shift; # Set to the current user by the instance
my $userId = $userObject->userId;
my $auth = WebGUI::Auth->new($self->session, "LDAP",$userId);
my $userData = $auth->getParams;
#Don't bother with this script if the user is not using the LDAP auth module.
return $self->COMPLETE if($userObject->authMethod ne "LDAP");
my $ldapLink = WebGUI::LDAPLink->new($self->session,$userData->{ldapConnection});
# Just complete if can't setup ldapLink for the user
if($ldapLink) {
my $ldap = $ldapLink->bind();
if($ldap) {
my $uri = $ldapLink->getURI();
my $search = $ldap->search(
base => $uri->dn,
scope =>"sub",
filter =>$ldapLink->getValue("ldapIdentity").'='.$userObject->username
);
if($search->code) {
$self->session->errorHandler->warn("Couldn't search LDAP ".$uri->host." to find user ".$userObject->username." (".$userId.").\nError Message from LDAP: ".$ldapStatusCode{$search->code});
return $self->COMPLETE;
}
elsif ($search->count == 0) {
$self->session->errorHandler->warn("No results returned for user with dn ".$userData->{connectDN});
return $self->COMPLETE;
}
else {
my $sth = $self->session->db->read("select fieldName from userProfileField where profileCategoryId<>4");
while (my ($fieldName) = $sth->array) {
if ($search->entry(0)->get_value($self->_alias($fieldName)) ne "") {
$userObject->profileField($fieldName,$search->entry(0)->get_value($self->_alias($fieldName)));
}
}
}
$ldap->unbind;
} else {
$self->session->errorHandler->warn("Error connecting to LDAP: ".$ldapLink->getErrorMessage);
return $self->ERROR;
}
}
return $self->COMPLETE;
}
1;
Reference in a new issue View git blame Copy permalink