X-Git-Url: http://git.rot13.org/?p=virtual-ldap;a=blobdiff_plain;f=bin%2Fldap-rewrite.pl;h=8c35ebb94efc5561c698785cbd2fec942d3c6057;hp=9c57242be9c6ceec70908ec6c97443b5cc070804;hb=2b0deecf4e04a468229c83049ca0db5426a931fc;hpb=e48051e7f3498b10fe9c0f8e64dc7da5ecd01828

diff --git a/bin/ldap-rewrite.pl b/bin/ldap-rewrite.pl
index 9c57242..8c35ebb 100755
--- a/bin/ldap-rewrite.pl
+++ b/bin/ldap-rewrite.pl
@@ -3,6 +3,12 @@
 # This program is free software; you can redistribute it and/or
 # modify it under the same terms as Perl itself.
 
+# It's modified by Dobrica Pavlinusic <dpavlin@rot13.org> to include following:
+#
+# * rewrite LDAP bind request cn: username@domain.com -> uid=username,dc=domain,dc=com
+# * rewrite search responses:
+# ** expand key:value pairs from hrEduPersonUniqueNumber into hrEduPersonUniqueNumber_key
+# ** augment response with yaml/dn.yaml data (for external data import)
 
 use strict;
 use warnings;
@@ -14,23 +20,27 @@ use warnings;
 use Data::Dump qw/dump/;
 use Convert::ASN1 qw(asn_read);
 use Net::LDAP::ASN qw(LDAPRequest LDAPResponse);
-our $VERSION = '0.2';
+our $VERSION = '0.3';
 use fields qw(socket target);
 use YAML qw/LoadFile/;
 
+my $debug = 1;
+
 my $config = {
 	yaml_dir => './yaml/',
 	listen => shift @ARGV || 'localhost:1389',
 	upstream_ldap => 'ldap.ffzg.hr',
 	upstream_ssl => 1,
 	overlay_prefix => 'ffzg-',
-	log_file => 'log',
+#	log_file => 'log/ldap-rewrite.log',
 
 };
 
 my $log_fh;
 
 sub log {
+	return unless $config->{log_file};
+
 	if ( ! $log_fh ) {
 		open($log_fh, '>>', $config->{log_file}) || die "can't open ", $config->{log_file},": $!";
 		print $log_fh "# " . time;
@@ -56,9 +66,11 @@ sub handle {
 
 	# read from client
 	asn_read($clientsocket, my $reqpdu);
-	log_request($reqpdu);
-
-	return 1 unless $reqpdu;
+	if ( ! $reqpdu ) {
+		warn "WARNING no reqpdu\n";
+		return 1;
+	}
+	$reqpdu = log_request($reqpdu);
 
 	# send to server
 	print $serversocket $reqpdu or die "Could not send PDU to server\n ";
@@ -86,6 +98,20 @@ sub log_request {
 #	print "Request Perl:\n";
 	my $request = $LDAPRequest->decode($pdu);
 	warn "## request = ",dump($request);
+
+	if ( defined $request->{bindRequest} ) {
+		if ( $request->{bindRequest}->{name} =~ m{@} ) {
+			my $old = $request->{bindRequest}->{name};
+			$request->{bindRequest}->{name} =~ s/[@\.]/,dc=/g;
+			$request->{bindRequest}->{name} =~ s/^/uid=/;
+			warn "rewrite bind cn $old -> ", $request->{bindRequest}->{name};
+			Convert::ASN1::asn_hexdump(\*STDOUT,$pdu) if $debug;
+			$pdu = $LDAPRequest->encode($request);
+			Convert::ASN1::asn_hexdump(\*STDOUT,$pdu) if $debug;
+		}
+	}
+
+	return $pdu;
 }
 
 sub log_response {