X-Git-Url: http://git.rot13.org/?p=virtual-ldap;a=blobdiff_plain;f=lib%2FLDAP%2FKoha.pm;h=e0b70bf09b42216506ddb1faac64a5b856ebc991;hp=e8df9423e644a00ea38646c062cf461a555b3630;hb=5bb14e63038006514db929f1469080d318f8b832;hpb=4121f6924529c9792383b5c2484a3dc1be72c551

diff --git a/lib/LDAP/Koha.pm b/lib/LDAP/Koha.pm
index e8df942..e0b70bf 100644
--- a/lib/LDAP/Koha.pm
+++ b/lib/LDAP/Koha.pm
@@ -2,15 +2,18 @@ package LDAP::Koha;
 
 use strict;
 use warnings;
-use Data::Dump qw/dump/;
 
 use lib '../lib';
+
 use Net::LDAP::Constant qw(LDAP_SUCCESS);
 use Net::LDAP::Server;
 use base 'Net::LDAP::Server';
 use fields qw();
 
 use DBI;
+use File::Slurp;
+
+use Data::Dump qw/dump/;
 
 # XXX test with:
 #
@@ -22,49 +25,29 @@ our $database = 'koha';
 our $user     = 'unconfigured-user';
 our $passwd   = 'unconfigured-password';
 
-our $max_results = 3; # 100; # FIXME
+our $max_results = $ENV{MAX_RESULTS} || 3000; # FIXME must be enough for all users
+our $objectclass_default = 'hrEduPerson';
 
-require 'config.pl' if -e 'config.pl';
+our $objectclass;
 
-my $dbh = DBI->connect($dsn . $database, $user,$passwd, { RaiseError => 1, AutoCommit => 0 }) || die $DBI::errstr;
-
-# Net::LDAP::Entry will lc all our attribute names anyway, so
-# we don't really care about correctCapitalization for LDAP
-# attributes which won't pass through DBI
-my $sql_select = q{
-	select
-		trim(userid)					as uid,
-		firstname						as givenName,
-		surname							as sn,
-		concat(firstname,' ',surname)	as cn,
-
-		-- SAFEQ specific mappings from UMgr-LDAP.conf
-		concat(firstname,' ',surname)	as displayName,
-		cardnumber						as otherPager,
-		email							as mail,
-		categorycode					as organizationalUnit,
-		borrowernumber					as objectGUID,
-		concat('/home/',borrowernumber)	as homeDirectory
-	from borrowers
+$SIG{__DIE__} = sub {
+	warn "!!! DIE ", @_;
+	die @_;
 };
 
-# needed for where clause
-my $sql_ldap_mapping = {
-	'userid'			=> 'uid',
-	'borrowernumber'	=> 'objectGUID',
-};
+require 'config.pl' if -e 'config.pl';
 
-# attributes which are same for whole set, but somehow
-# LDAP clients are sending they anyway and we don't
-# have them in database
-my $ldap_ignore = {
-	'objectclass' => 1,
-};
+my $dbh = DBI->connect($dsn . $database, $user,$passwd, { RaiseError => 1, AutoCommit => 1 }) || die $DBI::errstr;
 
-my $ldap_sql_mapping;
-while ( my ($sql,$ldap) = each %$sql_ldap_mapping ) {
-	$ldap_sql_mapping->{ $ldap } = $sql;
-}
+# we need reverse LDAP -> SQL mapping for where clause
+
+my $ldap_sql_mapping = {
+	'uid'		=> 'userid',
+	'objectGUID'	=> 'borrowernumber',
+	'displayName'	=> 'surname',
+	'sn'		=> 'surname',
+	'pager'		=> 'rfid_sid',
+};
 
 sub __sql_column {
 	my $name = shift;
@@ -93,6 +76,72 @@ sub bind {
 	return RESULT_OK;
 }
 
+our @values;
+our @limits;
+
+sub __ldap_search_to_sql {
+	my ( $how, $what ) = @_;
+	warn "### __ldap_search_to_sql $how ",dump( $what ),"\n";
+	if ( $how eq 'equalityMatch' && defined $what ) {
+		my $name = $what->{attributeDesc} || warn "ERROR: no attributeDesc?";
+		my $value = $what->{assertionValue} || warn "ERROR: no assertionValue?";
+
+		if ( lc $name eq 'objectclass' ) {
+			$objectclass = $value;
+		} else {
+			push @limits, __sql_column($name) . ' = ?';
+			push @values, $value;
+		}
+	} elsif ( $how eq 'substrings' ) {
+		foreach my $substring ( @{ $what->{substrings} } ) {
+			my $name = $what->{type} || warn "ERROR: no type?";
+			while ( my($op,$value) = each %$substring ) {
+				push @limits, __sql_column($name) . ' LIKE ?';
+				if ( $op eq 'any' ) {
+					$value = '%' . $value . '%';
+				} else {
+					warn "UNSUPPORTED: op $op - using plain $value";
+				}
+				push @values, $value;
+			}
+		}
+	} elsif ( $how eq 'present' ) {
+		my $name = __sql_column( $what );
+		push @limits, "$name IS NOT NULL and length($name) > 1";
+		## XXX length(foo) > 1 to avoid empty " " strings
+	} else {
+		warn "UNSUPPORTED: $how ",dump( $what );
+	}
+}
+
+
+# my ( $dn,$attributes ) = _dn_attributes( $row, $base );
+
+sub _dn_attributes {
+	my ($row,$base) = @_;
+
+	warn "## row = ",dump( $row );
+
+	die "no objectClass column in ",dump( $row ) unless defined $row->{objectClass};
+
+	$row->{objectClass} = [ split(/\s+/, $row->{objectClass}) ] if $row->{objectClass} =~ m{\n};
+
+	warn "## row = ",dump( $row );
+
+	my $dn = delete( $row->{dn} ) || die "no dn in ",dump( $row );
+
+	# this does some sanity cleanup for our data
+#	my $base_as_domain = $base;
+#	$base_as_domain =~ s{dn=}{.};
+#	$base_as_domain =~ s{^\.}{@};
+#	$dn =~ s{$base_as_domain$}{};
+#
+#	$dn .= ',' . $base unless $dn =~ m{,}; # add base if none present
+
+	return ($dn, $row);
+}
+
+
 # the search operation
 sub search {
 	my $self = shift;
@@ -107,76 +156,99 @@ sub search {
 	if ( $reqData->{'filter'} ) {
 
 		my $sql_where = '';
-		my @values;
+		@values = ();
+		$objectclass = '';
 
-		foreach my $join_with ( keys %{ $reqData->{'filter'} } ) {
+		foreach my $filter ( keys %{ $reqData->{'filter'} } ) {
 
-			warn "## join_with $join_with\n";
+			warn "## filter $filter ", dump( $reqData->{'filter'}->{ $filter } ), "\n";
 
-			my @limits;
+			@limits = ();
 
-			foreach my $filter ( @{ $reqData->{'filter'}->{ $join_with } } ) {
-				warn "### filter ",dump($filter),$/;
-				foreach my $how ( keys %$filter ) {
-					warn "### how $how\n";
-					if ( $how eq 'equalityMatch' && defined $filter->{$how} ) {
-						my $name = $filter->{$how}->{attributeDesc} || warn "ERROR: no attributeDesc?";
-						my $value = $filter->{$how}->{assertionValue} || warn "ERROR: no assertionValue?";
-						if ( ! $ldap_ignore->{ $name } ) {
-								push @limits, __sql_column($name) . ' = ?';
-								push @values, $value;
-						}
-					} elsif ( $how eq 'substrings' ) {
-						foreach my $substring ( @{ $filter->{$how}->{substrings} } ) {
-							my $name = $filter->{$how}->{type} || warn "ERROR: no type?";
-							while ( my($op,$value) = each %$substring ) {
-								push @limits, __sql_column($name) . ' LIKE ?';
-								if ( $op eq 'any' ) {
-									$value = '%' . $value . '%';
-								} else {
-									warn "UNSUPPORTED: op $op - using plain $value";
-								}
-								push @values, $value;
-							}
+			if ( ref $reqData->{'filter'}->{ $filter } eq 'ARRAY' ) {
+
+				foreach my $filter ( @{ $reqData->{'filter'}->{ $filter } } ) {
+					warn "### filter ",dump($filter),$/;
+					foreach my $how ( keys %$filter ) {
+						if ( $how eq 'or' ) {
+							__ldap_search_to_sql( %$_ ) foreach ( @{ $filter->{$how} } );
+						} else {
+							__ldap_search_to_sql( $how, $filter->{$how} );
 						}
-					} elsif ( $how eq 'present' ) {
-						my $name = __sql_column( $filter->{$how} );
-						push @limits, "$name IS NOT NULL and length($name) > 1";
-						## XXX length(foo) > 1 to avoid empty " " strings
-					} else {
-						warn "UNSUPPORTED: how $how ",dump( $filter );
+						warn "## limits ",dump(@limits), " values ",dump(@values);
 					}
-					warn "## limits ",dump(@limits), " values ",dump(@values);
 				}
+
+			} else {
+				__ldap_search_to_sql( $filter, $reqData->{'filter'}->{$filter} );
 			}
 
-			$sql_where .= ' ' . join( " $join_with ", @limits );
+			$sql_where .= ' ' . join( " $filter ", @limits ) if @limits;
 
 		}
 
+		$objectclass ||= $objectclass_default;
+
+		my $sql_select = read_file( lc "sql/$objectclass.sql" );
 		if ( $sql_where ) {
-			$sql_where = " where $sql_where";
+			if ( $sql_select !~ m{where}i ) {
+				$sql_where = " where $sql_where";
+			} else {
+				$sql_where = " and $sql_where";
+			}
 		}
 
-		warn "# SQL:\n$sql_select $sql_where\n# DATA: ",dump( @values );
-		my $sth = $dbh->prepare( $sql_select . $sql_where . " LIMIT $max_results" ); # XXX remove limit?
+
+		my $sql
+			= $sql_select
+			. $sql_where
+			. ( $objectclass =~ m{person}i ? " LIMIT $max_results" : '' ) # add limit just for persons
+			;
+
+		warn "# SQL:\n$sql\n# DATA: ",dump( @values );
+		my $sth = $dbh->prepare( $sql );
 		$sth->execute( @values );
 
 		warn "# ", $sth->rows, " results for ",dump( $reqData->{'filter'} );
 
+		my $last_dn = '?';
+		my $entry;
+
 		while (my $row = $sth->fetchrow_hashref) {
 
-			warn "## row = ",dump( $row );
+			my ( $dn, $attributes ) = _dn_attributes( $row, $base );
+
+			warn "# dn $last_dn ... $dn\n";
+
+			if ( $dn ne $last_dn ) {
+
+				if ( $entry ) {
+					#$entry->changetype( 'modify' );
+					warn "### entry ",$entry->dump( \*STDERR );
+					push @entries, $entry;
+					undef $entry;
+				}
+
+				$entry = Net::LDAP::Entry->new;
+				$entry->dn( $dn );
+
+				$entry->add( %$attributes );
+
+			} else {
+				foreach my $n ( keys %$attributes ) {
+					my $v = $attributes->{$n};
+					warn "# attr $n = $v\n";
+					$entry->add( $n, $v ) if $entry->get_value( $n ) ne $v;
+				}
+			}
 
-			my $dn = 'uid=' . $row->{uid} || die "no uid";
-			$dn =~ s{[@\.]}{,dc=}g;
 
-			my $entry = Net::LDAP::Entry->new;
-			$entry->dn( $dn . $base );
-			$entry->add( %$row );
+			$last_dn = $dn;
 
-			#warn "### entry ",dump( $entry );
+		}
 
+		if ( $entry ) {
+			warn "### last entry ",$entry->dump( \*STDERR );
 			push @entries, $entry;
 		}