X-Git-Url: http://git.rot13.org/?p=virtual-ldap;a=blobdiff_plain;f=lib%2FLDAP%2FKoha.pm;h=563c9685af5991c2c87c6bf73e19354ff039df5f;hp=b88475d60ce5aae15acbdc6511fd29cd9becb5cb;hb=ba8dc579a3496f2785ca5bc12cb291c1d489dc73;hpb=3a301eef1a3b4c05046e73aac3ddb0611ea57590 diff --git a/lib/LDAP/Koha.pm b/lib/LDAP/Koha.pm index b88475d..563c968 100644 --- a/lib/LDAP/Koha.pm +++ b/lib/LDAP/Koha.pm @@ -2,15 +2,20 @@ package LDAP::Koha; use strict; use warnings; -use Data::Dump qw/dump/; use lib '../lib'; + use Net::LDAP::Constant qw(LDAP_SUCCESS); use Net::LDAP::Server; use base 'Net::LDAP::Server'; use fields qw(); use DBI; +use File::Slurp; + +use Data::Dump qw/dump/; + +my $debug = 0; # XXX very slow # XXX test with: # @@ -22,46 +27,26 @@ our $database = 'koha'; our $user = 'unconfigured-user'; our $passwd = 'unconfigured-password'; -our $max_results = 3; # 100; # FIXME +our $max_results = $ENV{MAX_RESULTS} || 3000; # FIXME must be enough for all users +our $objectclass_default = 'hrEduPerson'; -require 'config.pl' if -e 'config.pl'; +our $objectclass; -my $dbh = DBI->connect($dsn . $database, $user,$passwd, { RaiseError => 1, AutoCommit => 0 }) || die $DBI::errstr; - -# Net::LDAP::Entry will lc all our attribute names anyway, so -# we don't really care about correctCapitalization for LDAP -# attributes which won't pass through DBI -my $sql_select = q{ - select - trim(userid) as uid, - firstname as givenName, - surname as sn, - concat(firstname,' ',surname) as cn, - - -- SAFEQ specific mappings from UMgr-LDAP.conf - surname as displayName, - cardnumber as pager, - email as mail, - categorycode as organizationalUnit, - borrowernumber as objectGUID, - concat('/home/',borrowernumber) as homeDirectory - from borrowers +$SIG{__DIE__} = sub { + warn "!!! DIE ", @_; + die @_; }; +require 'config.pl' if -e 'config.pl'; + # we need reverse LDAP -> SQL mapping for where clause + my $ldap_sql_mapping = { 'uid' => 'userid', - 'objectGUID' => 'borrowernumber', + 'objectGUID' => 'b.borrowernumber', 'displayName' => 'surname', 'sn' => 'surname', - 'pager' => 'cardnumber', -}; - -# attributes which are same for whole set, but somehow -# LDAP clients are sending they anyway and we don't -# have them in database -my $ldap_ignore = { - 'objectclass' => 1, + 'pager' => qq{replace(a.attribute, '\r','')}, # was: rfid_sid }; sub __sql_column { @@ -96,11 +81,14 @@ our @limits; sub __ldap_search_to_sql { my ( $how, $what ) = @_; - warn "### how $how\n"; + warn "### __ldap_search_to_sql $how ",dump( $what ),"\n"; if ( $how eq 'equalityMatch' && defined $what ) { my $name = $what->{attributeDesc} || warn "ERROR: no attributeDesc?"; my $value = $what->{assertionValue} || warn "ERROR: no assertionValue?"; - if ( ! $ldap_ignore->{ $name } ) { + + if ( lc $name eq 'objectclass' ) { + $objectclass = $value; + } else { push @limits, __sql_column($name) . ' = ?'; push @values, $value; } @@ -122,10 +110,38 @@ sub __ldap_search_to_sql { push @limits, "$name IS NOT NULL and length($name) > 1"; ## XXX length(foo) > 1 to avoid empty " " strings } else { - warn "UNSUPPORTED: how $how what ",dump( $what ); + warn "UNSUPPORTED: $how ",dump( $what ); } } + +# my ( $dn,$attributes ) = _dn_attributes( $row, $base ); + +sub _dn_attributes { + my ($row,$base) = @_; + + warn "## row = ",dump( $row ) if $debug; + + die "no objectClass column in ",dump( $row ) unless defined $row->{objectClass}; + + $row->{objectClass} = [ split(/\s+/, $row->{objectClass}) ] if $row->{objectClass} =~ m{\n}; + + warn "## row = ",dump( $row ) if $debug; + + my $dn = delete( $row->{dn} ) || die "no dn in ",dump( $row ); + + # this does some sanity cleanup for our data +# my $base_as_domain = $base; +# $base_as_domain =~ s{dn=}{.}; +# $base_as_domain =~ s{^\.}{@}; +# $dn =~ s{$base_as_domain$}{}; +# +# $dn .= ',' . $base unless $dn =~ m{,}; # add base if none present + + return ($dn, $row); +} + + # the search operation sub search { my $self = shift; @@ -141,16 +157,17 @@ sub search { my $sql_where = ''; @values = (); + $objectclass = ''; - foreach my $join_with ( keys %{ $reqData->{'filter'} } ) { + foreach my $filter ( keys %{ $reqData->{'filter'} } ) { - warn "## join_with $join_with\n"; + warn "## filter $filter ", dump( $reqData->{'filter'}->{ $filter } ), "\n"; @limits = (); - if ( ref $reqData->{'filter'}->{ $join_with } ) { + if ( ref $reqData->{'filter'}->{ $filter } eq 'ARRAY' ) { - foreach my $filter ( @{ $reqData->{'filter'}->{ $join_with } } ) { + foreach my $filter ( @{ $reqData->{'filter'}->{ $filter } } ) { warn "### filter ",dump($filter),$/; foreach my $how ( keys %$filter ) { if ( $how eq 'or' ) { @@ -162,46 +179,79 @@ sub search { } } - $sql_where .= ' ' . join( " $join_with ", @limits ); - } else { - __ldap_search_to_sql( $join_with, $reqData->{'filter'}->{$join_with} ); + __ldap_search_to_sql( $filter, $reqData->{'filter'}->{$filter} ); } + $sql_where .= ' ' . join( " $filter ", @limits ) if @limits; + } + $objectclass ||= $objectclass_default; + + my $sql_select = read_file( lc "sql/$objectclass.sql" ); if ( $sql_where ) { - $sql_where = " where $sql_where"; + if ( $sql_select !~ m{where}i ) { + $sql_where = " where $sql_where"; + } else { + $sql_where = " and $sql_where"; + } } - warn "# SQL:\n$sql_select $sql_where\n# DATA: ",dump( @values ); - my $sth = $dbh->prepare( $sql_select . $sql_where . " LIMIT $max_results" ); # XXX remove limit? + + my $sql + = $sql_select + . $sql_where +# . ( $objectclass =~ m{person}i ? " LIMIT $max_results" : '' ) # add limit just for persons + ; + + warn "# SQL:\n$sql\n# DATA: ",dump( @values ); + my $dbh = DBI->connect_cached($dsn . $database, $user,$passwd, { RaiseError => 1, AutoCommit => 1 }) || die $DBI::errstr; + my $sth = $dbh->prepare( $sql ); $sth->execute( @values ); warn "# ", $sth->rows, " results for ",dump( $reqData->{'filter'} ); + my $last_dn = '?'; + my $entry; + while (my $row = $sth->fetchrow_hashref) { - warn "## row = ",dump( $row ); + my ( $dn, $attributes ) = _dn_attributes( $row, $base ); - my $dn = 'uid=' . $row->{uid} || die "no uid"; - $dn =~ s{[@\.]}{,dc=}g; - $dn .= ',' . $base unless $dn =~ m{dc}i; + warn "## dn $last_dn ... $dn\n" if $debug; - my $entry = Net::LDAP::Entry->new; - $entry->dn( $dn ); - $entry->add( objectClass => [ - "person", - "organizationalPerson", - "inetOrgPerson", - "hrEduPerson", - ] ); - $entry->add( %$row ); + if ( $dn ne $last_dn ) { - #$entry->changetype( 'modify' ); + if ( $entry ) { + #$entry->changetype( 'modify' ); + warn "### entry ",$entry->dump( \*STDERR ) if $debug; + push @entries, $entry; + undef $entry; + } + + $dn =~ s{@[^,]+}{}; + + $entry = Net::LDAP::Entry->new; + $entry->dn( $dn ); - warn "### entry ",$entry->dump( \*STDERR ); + $entry->add( %$attributes ); + + } else { + foreach my $n ( keys %$attributes ) { + my $v = $attributes->{$n}; + warn "## attr $n = $v\n" if $debug; + $entry->add( $n, $v ) if $entry->get_value( $n ) ne $v; + } + } + + + $last_dn = $dn; + + } + if ( $entry ) { + warn "### last entry ",$entry->dump( \*STDERR ) if $debug; push @entries, $entry; }