use strict;
use warnings;
-use Data::Dump qw/dump/;
use lib '../lib';
+
use Net::LDAP::Constant qw(LDAP_SUCCESS);
use Net::LDAP::Server;
use base 'Net::LDAP::Server';
use fields qw();
use DBI;
+use File::Slurp;
+
+use Data::Dump qw/dump/;
# XXX test with:
#
our $user = 'unconfigured-user';
our $passwd = 'unconfigured-password';
+our $max_results = 3000; # FIXME must be enough for all users
+
+our $objectclass = 'HrEduPerson';
+
+$SIG{__DIE__} = sub {
+ warn "!!! DIE ", @_;
+ die @_;
+};
+
require 'config.pl' if -e 'config.pl';
-my $dbh = DBI->connect($dsn . $database, $user,$passwd, { RaiseError => 1, AutoCommit => 0 }) || die $DBI::errstr;
-
-# Net::LDAP::Entry will lc all our attribute names anyway, so
-# we don't really care about correctCapitalization for LDAP
-# attributes which won't pass through DBI
-my $sth = $dbh->prepare(q{
- select
- userid as uid,
- firstname as givenName,
- surname as sn,
- concat(
- firstname,
- ' ',
- surname
- ) as cn,
- cardnumber as otherPager,
- email as mail
- from borrowers
- where
- cardnumber = ?
-});
+my $dbh = DBI->connect($dsn . $database, $user,$passwd, { RaiseError => 1, AutoCommit => 1 }) || die $DBI::errstr;
+
+# we need reverse LDAP -> SQL mapping for where clause
+
+my $ldap_sql_mapping = {
+ 'uid' => 'userid',
+ 'objectGUID' => 'borrowernumber',
+ 'displayName' => 'surname',
+ 'sn' => 'surname',
+ 'pager' => 'rfid_sid',
+};
+
+sub __sql_column {
+ my $name = shift;
+ $ldap_sql_mapping->{$name} || $name;
+}
use constant RESULT_OK => {
'matchedDN' => '',
return RESULT_OK;
}
+our @values;
+our @limits;
+
+sub __ldap_search_to_sql {
+ my ( $how, $what ) = @_;
+ warn "### __ldap_search_to_sql $how ",dump( $what ),"\n";
+ if ( $how eq 'equalityMatch' && defined $what ) {
+ my $name = $what->{attributeDesc} || warn "ERROR: no attributeDesc?";
+ my $value = $what->{assertionValue} || warn "ERROR: no assertionValue?";
+
+ if ( lc $name eq 'objectclass' ) {
+ $objectclass = $value;
+ } else {
+ push @limits, __sql_column($name) . ' = ?';
+ push @values, $value;
+ }
+ } elsif ( $how eq 'substrings' ) {
+ foreach my $substring ( @{ $what->{substrings} } ) {
+ my $name = $what->{type} || warn "ERROR: no type?";
+ while ( my($op,$value) = each %$substring ) {
+ push @limits, __sql_column($name) . ' LIKE ?';
+ if ( $op eq 'any' ) {
+ $value = '%' . $value . '%';
+ } else {
+ warn "UNSUPPORTED: op $op - using plain $value";
+ }
+ push @values, $value;
+ }
+ }
+ } elsif ( $how eq 'present' ) {
+ my $name = __sql_column( $what );
+ push @limits, "$name IS NOT NULL and length($name) > 1";
+ ## XXX length(foo) > 1 to avoid empty " " strings
+ } else {
+ warn "UNSUPPORTED: $how ",dump( $what );
+ }
+}
+
+
+# my ( $dn,$attributes ) = _dn_attributes( $row, $base );
+
+sub _dn_attributes {
+ my ($row,$base) = @_;
+
+ warn "## row = ",dump( $row );
+
+ die "no objectClass column in ",dump( $row ) unless defined $row->{objectClass};
+
+ $row->{objectClass} = [ split(/\s+/, $row->{objectClass}) ] if $row->{objectClass} =~ m{\n};
+
+ warn "## row = ",dump( $row );
+
+ my $dn = delete( $row->{dn} ) || die "no dn in ",dump( $row );
+
+ # this does some sanity cleanup for our data
+ my $base_as_domain = $base;
+ $base_as_domain =~ s{dn=}{.};
+ $base_as_domain =~ s{^\.}{@};
+ $dn =~ s{$base_as_domain$}{};
+
+ $dn .= ',' . $base unless $dn =~ m{,}; # add base if none present
+
+ return ($dn, $row);
+}
+
+
# the search operation
sub search {
my $self = shift;
my $reqData = shift;
print "searching...\n";
- warn "# request = ", dump($reqData);
+ warn "# " . localtime() . " request = ", dump($reqData);
my $base = $reqData->{'baseObject'}; # FIXME use it?
my @entries;
- if ( $reqData->{'filter'}->{'equalityMatch'}->{'attributeDesc'} eq 'otherPager' ) {
+ if ( $reqData->{'filter'} ) {
+
+ my $sql_where = '';
+ @values = ();
- my $value = $reqData->{'filter'}->{'equalityMatch'}->{'assertionValue'} || die "no value?";
+ foreach my $filter ( keys %{ $reqData->{'filter'} } ) {
- $sth->execute( $value );
+ warn "## filter $filter ", dump( $reqData->{'filter'}->{ $filter } ), "\n";
- warn "# ", $sth->rows, " results for: $value\n";
+ @limits = ();
+
+ if ( ref $reqData->{'filter'}->{ $filter } eq 'ARRAY' ) {
+
+ foreach my $filter ( @{ $reqData->{'filter'}->{ $filter } } ) {
+ warn "### filter ",dump($filter),$/;
+ foreach my $how ( keys %$filter ) {
+ if ( $how eq 'or' ) {
+ __ldap_search_to_sql( %$_ ) foreach ( @{ $filter->{$how} } );
+ } else {
+ __ldap_search_to_sql( $how, $filter->{$how} );
+ }
+ warn "## limits ",dump(@limits), " values ",dump(@values);
+ }
+ }
+
+ } else {
+ __ldap_search_to_sql( $filter, $reqData->{'filter'}->{$filter} );
+ }
+
+ $sql_where .= ' ' . join( " $filter ", @limits );
+
+ }
+
+ if ( $sql_where ) {
+ $sql_where = " where $sql_where";
+ }
+
+ my $sql_select = read_file( lc "sql/$objectclass.sql" );
+
+ warn "# SQL:\n$sql_select\n", $sql_where ? $sql_where : '-- no where', "\n# DATA: ",dump( @values );
+ my $sth = $dbh->prepare( $sql_select . $sql_where . " LIMIT $max_results" ); # XXX remove limit?
+ $sth->execute( @values );
+
+ warn "# ", $sth->rows, " results for ",dump( $reqData->{'filter'} );
+
+ my $last_dn = '?';
+ my $entry;
while (my $row = $sth->fetchrow_hashref) {
- warn "## row = ",dump( $row );
+ my ( $dn, $attributes ) = _dn_attributes( $row, $base );
- my $dn = 'uid=' . $row->{uid} || die "no uid";
- $dn =~ s{[@\.]}{,dc=}g;
+ warn "# dn $last_dn ... $dn\n";
- my $entry = Net::LDAP::Entry->new;
- $entry->dn( $dn );
- $entry->add( %$row );
+ if ( $dn ne $last_dn ) {
- #warn "## entry ",dump( $entry );
+ if ( $entry ) {
+ #$entry->changetype( 'modify' );
+ warn "### entry ",$entry->dump( \*STDERR );
+ push @entries, $entry;
+ undef $entry;
+ }
+
+ $entry = Net::LDAP::Entry->new;
+ $entry->dn( $dn );
+
+ $entry->add( %$attributes );
+
+ } else {
+ foreach my $n ( keys %$attributes ) {
+ my $v = $attributes->{$n};
+ warn "# attr $n = $v\n";
+ $entry->add( $n, $v ) if $entry->get_value( $n ) ne $v;
+ }
+ }
+
+
+ $last_dn = $dn;
- push @entries, $entry;
}
+ warn "### last entry ",$entry->dump( \*STDERR );
+ push @entries, $entry;
+
} else {
warn "UNKNOWN request: ",dump( $reqData );
}