$self->{port} = $args{port};
$self->{groupbasedn} = $args{groupbasedn};
$self->{filter} = $args{filter};
+ $self->{verify} = $args{verify};
+ $self->{cafile} = $args{cafile};
if ($args{syncmode} == 1) {
# read local data only
my $opts = { timeout => 10, onerror => 'die' };
$opts->{port} = $self->{port} if $self->{port};
- $opts->{schema} = $self->{mode};
+ if ($self->{mode} eq 'ldaps') {
+ $opts->{scheme} = 'ldaps';
+ $opts->{verify} = 'require' if $self->{verify};
+ if ($self->{cafile}) {
+ $opts->{cafile} = $self->{cafile};
+ } else {
+ $opts->{capath} = '/etc/ssl/certs/';
+ }
+ } else {
+ $opts->{scheme} = 'ldap';
+ }
return Net::LDAP->new($hosts, %$opts);
}
my ($self) = @_;
my $ldap = $self->ldap_connect() ||
- die "Can't bind to ldap server '$self->{id}': $!\n";
+ die "Can't bind to ldap server '$self->{id}': " . ($@ // "unknown error") . "\n";
my $mesg;
+ if ($self->{mode} eq 'ldap+starttls') {
+ my $opts = {
+ verify => $self->{verify} ? 'require' : 'none',
+ };
+
+ if ($self->{cafile}) {
+ $opts->{cafile} = $self->{cafile};
+ } else {
+ $opts->{capath} = '/etc/ssl/certs/';
+ }
+
+ $ldap->start_tls(%$opts);
+ }
+
if ($self->{binddn}) {
$mesg = $ldap->bind($self->{binddn}, password => $self->{bindpw});
} else {
}
}
-sub list_groups {
+sub get_groups {
my ($self) = @_;
- my $res = [];
+ my $res = {};
my $dbh = $self->{dbstat}->{groups}->{dbh};
my $key = 0 ;
my $value = "" ;
my $status = $dbh->seq($key, $value, R_FIRST());
- my $keys;
while ($status == 0) {
- push @$res, {
- dn => $key,
- };
+ $res->{$value} = $key;
$status = $dbh->seq($key, $value, R_NEXT());
}
return $res;
}
-sub list_users {
+sub get_users {
my ($self) = @_;
- my $res = [];
+ my $res = {};
my $dbh = $self->{dbstat}->{users}->{dbh};
while ($status == 0) {
my ($pmail, $account, $dn) = unpack('n/a* n/a* n/a*', $value);
- push @$res, {
+ $res->{$key} = {
pmail => $pmail,
account => $account,
dn => $dn,
return $res;
}
+sub get_gid_uid_map {
+ my ($self) = @_;
+
+ my $dbh = $self->{dbstat}->{memberof}->{dbh};
+
+ return [] if !$dbh;
+
+ my $key = 0 ;
+ my $value = "" ;
+
+ my $map = {};
+
+ if($dbh->seq($key, $value, R_FIRST()) == 0) {
+ do {
+ push @{$map->{$value}}, $key;
+ } while($dbh->seq($key, $value, R_NEXT()) == 0);
+ }
+
+ return $map;
+}
+
+sub list_groups {
+ my ($self) = @_;
+
+ my $res = [];
+
+ my $groups = $self->get_groups();
+
+ for my $gid (sort keys %$groups) {
+ push @$res, {
+ dn => $groups->{$gid},
+ gid => $gid,
+ };
+ }
+
+ return $res;
+}
+
+sub list_users {
+ my ($self, $gid) = @_;
+
+ my $res = [];
+
+ my $users = $self->get_users();
+
+ if (!defined($gid)) {
+ $res = [values %$users];
+ } else {
+ my $gid_uid_map = $self->get_gid_uid_map();
+ my $groups = $self->get_groups();
+ die "No such Group ID\n"
+ if !defined($groups->{$gid});
+ my $memberuids = $gid_uid_map->{$gid};
+ for my $uid (@$memberuids) {
+ next if !defined($users->{$uid});
+ push @$res, $users->{$uid};
+ }
+ }
+
+ return $res;
+}
+
sub list_addresses {
my ($self, $mail) = @_;