X-Git-Url: http://git.rot13.org/?p=virtual-ldap;a=blobdiff_plain;f=lib%2FLDAP%2FKoha.pm;h=540d2783fdef3875e183e4e85cf4a8be1ac888e2;hp=de6b9ca96321b8683edc23d0fbf7510479d63807;hb=455a72f2613cd8b182b03972cdd1160a40198dc6;hpb=ddf1a6ced4b8f36bd24ada69c27ce8f6870241af diff --git a/lib/LDAP/Koha.pm b/lib/LDAP/Koha.pm index de6b9ca..540d278 100644 --- a/lib/LDAP/Koha.pm +++ b/lib/LDAP/Koha.pm @@ -2,15 +2,20 @@ package LDAP::Koha; use strict; use warnings; -use Data::Dump qw/dump/; use lib '../lib'; + use Net::LDAP::Constant qw(LDAP_SUCCESS); use Net::LDAP::Server; use base 'Net::LDAP::Server'; use fields qw(); use DBI; +use File::Slurp; + +use Data::Dump qw/dump/; + +my $debug = 0; # XXX very slow # XXX test with: # @@ -22,49 +27,26 @@ our $database = 'koha'; our $user = 'unconfigured-user'; our $passwd = 'unconfigured-password'; -our $max_results = 10; # 100; # FIXME +our $max_results = $ENV{MAX_RESULTS} || 3000; # FIXME must be enough for all users +our $objectclass_default = 'hrEduPerson'; -require 'config.pl' if -e 'config.pl'; +our $objectclass; -my $dbh = DBI->connect($dsn . $database, $user,$passwd, { RaiseError => 1, AutoCommit => 1 }) || die $DBI::errstr; - -# Net::LDAP::Entry will lc all our attribute names anyway, so -# we don't really care about correctCapitalization for LDAP -# attributes which won't pass through DBI -my $sql_select = q{ - select - trim(userid) as uid, - firstname as givenName, - surname as sn, - concat(firstname,' ',surname) as cn, - - -- SAFEQ specific mappings from UMgr-LDAP.conf - surname as displayName, - rfid_sid as pager, - email as mail, - categorycode as ou, - categorycode as organizationalUnit, - categorycode as memberOf, - categorycode as department, - borrowernumber as objectGUID, - concat('/home/',borrowernumber) as homeDirectory - from borrowers +$SIG{__DIE__} = sub { + warn "!!! DIE ", @_; + die @_; }; +require 'config.pl' if -e 'config.pl'; + # we need reverse LDAP -> SQL mapping for where clause + my $ldap_sql_mapping = { 'uid' => 'userid', - 'objectGUID' => 'borrowernumber', + 'objectGUID' => 'b.borrowernumber', 'displayName' => 'surname', 'sn' => 'surname', - 'pager' => 'rfid_sid', -}; - -# attributes which are same for whole set, but somehow -# LDAP clients are sending they anyway and we don't -# have them in database -my $ldap_ignore = { - 'objectclass' => 1, + 'pager' => 'a.attribute', # was: rfid_sid }; sub __sql_column { @@ -103,11 +85,12 @@ sub __ldap_search_to_sql { if ( $how eq 'equalityMatch' && defined $what ) { my $name = $what->{attributeDesc} || warn "ERROR: no attributeDesc?"; my $value = $what->{assertionValue} || warn "ERROR: no assertionValue?"; - if ( ! $ldap_ignore->{ $name } ) { + + if ( lc $name eq 'objectclass' ) { + $objectclass = $value; + } else { push @limits, __sql_column($name) . ' = ?'; push @values, $value; - } else { - warn "IGNORED: $name = $value"; } } elsif ( $how eq 'substrings' ) { foreach my $substring ( @{ $what->{substrings} } ) { @@ -131,6 +114,34 @@ sub __ldap_search_to_sql { } } + +# my ( $dn,$attributes ) = _dn_attributes( $row, $base ); + +sub _dn_attributes { + my ($row,$base) = @_; + + warn "## row = ",dump( $row ) if $debug; + + die "no objectClass column in ",dump( $row ) unless defined $row->{objectClass}; + + $row->{objectClass} = [ split(/\s+/, $row->{objectClass}) ] if $row->{objectClass} =~ m{\n}; + + warn "## row = ",dump( $row ) if $debug; + + my $dn = delete( $row->{dn} ) || die "no dn in ",dump( $row ); + + # this does some sanity cleanup for our data +# my $base_as_domain = $base; +# $base_as_domain =~ s{dn=}{.}; +# $base_as_domain =~ s{^\.}{@}; +# $dn =~ s{$base_as_domain$}{}; +# +# $dn .= ',' . $base unless $dn =~ m{,}; # add base if none present + + return ($dn, $row); +} + + # the search operation sub search { my $self = shift; @@ -146,6 +157,7 @@ sub search { my $sql_where = ''; @values = (); + $objectclass = ''; foreach my $filter ( keys %{ $reqData->{'filter'} } ) { @@ -167,46 +179,79 @@ sub search { } } - $sql_where .= ' ' . join( " $filter ", @limits ); - } else { __ldap_search_to_sql( $filter, $reqData->{'filter'}->{$filter} ); } + $sql_where .= ' ' . join( " $filter ", @limits ) if @limits; + } + $objectclass ||= $objectclass_default; + + my $sql_select = read_file( lc "sql/$objectclass.sql" ); if ( $sql_where ) { - $sql_where = " where $sql_where"; + if ( $sql_select !~ m{where}i ) { + $sql_where = " where $sql_where"; + } else { + $sql_where = " and $sql_where"; + } } - warn "# SQL:\n$sql_select\n$sql_where\n# DATA: ",dump( @values ); - my $sth = $dbh->prepare( $sql_select . $sql_where . " LIMIT $max_results" ); # XXX remove limit? + + my $sql + = $sql_select + . $sql_where +# . ( $objectclass =~ m{person}i ? " LIMIT $max_results" : '' ) # add limit just for persons + ; + + warn "# SQL:\n$sql\n# DATA: ",dump( @values ); + my $dbh = DBI->connect_cached($dsn . $database, $user,$passwd, { RaiseError => 1, AutoCommit => 1 }) || die $DBI::errstr; + my $sth = $dbh->prepare( $sql ); $sth->execute( @values ); warn "# ", $sth->rows, " results for ",dump( $reqData->{'filter'} ); + my $last_dn = '?'; + my $entry; + while (my $row = $sth->fetchrow_hashref) { - warn "## row = ",dump( $row ); + my ( $dn, $attributes ) = _dn_attributes( $row, $base ); - my $dn = 'uid=' . $row->{uid} || die "no uid"; - $dn =~ s{[@\.]}{,dc=}g; - $dn .= ',' . $base unless $dn =~ m{dc}i; + warn "# dn $last_dn ... $dn\n"; - my $entry = Net::LDAP::Entry->new; - $entry->dn( $dn ); - $entry->add( objectClass => [ - "person", - "organizationalPerson", - "inetOrgPerson", - "hrEduPerson", - ] ); - $entry->add( %$row ); + if ( $dn ne $last_dn ) { - #$entry->changetype( 'modify' ); + if ( $entry ) { + #$entry->changetype( 'modify' ); + warn "### entry ",$entry->dump( \*STDERR ); + push @entries, $entry; + undef $entry; + } + + $dn =~ s{@[^,]+}{}; + + $entry = Net::LDAP::Entry->new; + $entry->dn( $dn ); - warn "### entry ",$entry->dump( \*STDERR ); + $entry->add( %$attributes ); + + } else { + foreach my $n ( keys %$attributes ) { + my $v = $attributes->{$n}; + warn "# attr $n = $v\n"; + $entry->add( $n, $v ) if $entry->get_value( $n ) ne $v; + } + } + + + $last_dn = $dn; + + } + if ( $entry ) { + warn "### last entry ",$entry->dump( \*STDERR ); push @entries, $entry; }