# This program is free software; you can redistribute it and/or
# modify it under the same terms as Perl itself.
+# It's modified by Dobrica Pavlinusic <dpavlin@rot13.org> to include following:
+#
+# * rewrite LDAP bind request cn: username@domain.com -> uid=username,dc=domain,dc=com
+# * rewrite search responses:
+# ** expand key:value pairs from hrEduPersonUniqueNumber into hrEduPersonUniqueNumber_key
+# ** augment response with yaml/dn.yaml data (for external data import)
use strict;
use warnings;
use Data::Dump qw/dump/;
use Convert::ASN1 qw(asn_read);
use Net::LDAP::ASN qw(LDAPRequest LDAPResponse);
-our $VERSION = '0.2';
+our $VERSION = '0.3';
use fields qw(socket target);
use YAML qw/LoadFile/;
+my $debug = 1;
+
my $config = {
yaml_dir => './yaml/',
- listen => 'localhost:1389',
+ listen => shift @ARGV || 'localhost:1389',
upstream_ldap => 'ldap.ffzg.hr',
upstream_ssl => 1,
overlay_prefix => 'ffzg-',
+ log_file => 'log',
};
+my $log_fh;
+
+sub log {
+ if ( ! $log_fh ) {
+ open($log_fh, '>>', $config->{log_file}) || die "can't open ", $config->{log_file},": $!";
+ print $log_fh "# " . time;
+ }
+ $log_fh->autoflush(1);
+ print $log_fh join("\n", @_),"\n";
+}
+
+BEGIN {
+ $SIG{'__WARN__'} = sub { warn @_; main::log(@_); }
+}
+
+
if ( ! -d $config->{yaml_dir} ) {
warn "DISABLE ", $config->{yaml_dir}," data overlay";
}
# read from client
asn_read($clientsocket, my $reqpdu);
- log_request($reqpdu);
-
- return 1 unless $reqpdu;
+ if ( ! $reqpdu ) {
+ warn "WARNING no reqpdu\n";
+ return 1;
+ }
+ $reqpdu = log_request($reqpdu);
# send to server
print $serversocket $reqpdu or die "Could not send PDU to server\n ";
sub log_request {
my $pdu=shift;
- print '-' x 80,"\n";
- print "Request ASN 1:\n";
- Convert::ASN1::asn_hexdump(\*STDOUT,$pdu);
- print "Request Perl:\n";
+# print '-' x 80,"\n";
+# print "Request ASN 1:\n";
+# Convert::ASN1::asn_hexdump(\*STDOUT,$pdu);
+# print "Request Perl:\n";
my $request = $LDAPRequest->decode($pdu);
- print dump($request);
+ warn "## request = ",dump($request);
+
+ if ( defined $request->{bindRequest} ) {
+ if ( $request->{bindRequest}->{name} =~ m{@} ) {
+ my $old = $request->{bindRequest}->{name};
+ $request->{bindRequest}->{name} =~ s/[@\.]/,dc=/g;
+ $request->{bindRequest}->{name} =~ s/^/uid=/;
+ warn "rewrite bind cn $old -> ", $request->{bindRequest}->{name};
+ Convert::ASN1::asn_hexdump(\*STDOUT,$pdu) if $debug;
+ $pdu = $LDAPRequest->encode($request);
+ Convert::ASN1::asn_hexdump(\*STDOUT,$pdu) if $debug;
+ }
+ }
+
+ return $pdu;
}
sub log_response {
my $pdu=shift;
- print '-' x 80,"\n";
- print "Response ASN 1:\n";
- Convert::ASN1::asn_hexdump(\*STDOUT,$pdu);
- print "Response Perl:\n";
+# print '-' x 80,"\n";
+# print "Response ASN 1:\n";
+# Convert::ASN1::asn_hexdump(\*STDOUT,$pdu);
+# print "Response Perl:\n";
my $response = $LDAPResponse->decode($pdu);
if ( defined $response->{protocolOp}->{searchResEntry} ) {
my $uid = $response->{protocolOp}->{searchResEntry}->{objectName};
- warn "## SEARCH $uid";
+ warn "## objectName $uid";
my @attrs;
$pdu = $LDAPResponse->encode($response);
}
- print dump($response);
+ warn "## response = ", dump($response);
return $pdu;
}
die "Could not create listener socket: $!\n" unless $listenersock;
die "Could not create connection to server: $!\n" unless $targetsock;
- # mark sockets as binary
- binmode( $listenersock );
- binmode( $targetsock );
-
my $sel = IO::Select->new($listenersock);
my %Handlers;
while (my @ready = $sel->can_read) {
Proto => 'tcp',
Reuse => 1,
LocalAddr => $config->{listen},
-);
+) || die "can't open listen socket: $!";
my $targetsock = $config->{upstream_ssl}
PeerPort => 389,
)
: IO::Socket::SSL->new( $config->{upstream_ldap} . ':ldaps')
- ;
+ || die "can't open upstream socket: $!";
run_proxy($listenersock,$targetsock);
projects / virtual-ldap / blobdiff