scheme => $scheme,
port => $port,
timeout => 10,
- onerror => 'die',
);
my $hosts = [];
$ldap_opts{$opt} = $opts->{$opt} if $opts->{$opt};
}
- my $ldap = Net::LDAP->new($hosts, %ldap_opts) || die $@;
+ my $ldap = Net::LDAP->new($hosts, %ldap_opts) || die "$@\n";
if ($start_tls) {
- $ldap->start_tls(%$opts);
+ my $res = $ldap->start_tls(%$opts);
+ die $res->error . "\n" if $res->code;
}
return $ldap;
filter => "$attr=$name",
attrs => ['dn']
);
+ die $result->error . "\n" if $result->code;
return undef if !$result->entries;
my @entries = $result->entries;
return $entries[0]->dn;
sub auth_user_dn {
my ($ldap, $dn, $pw, $noerr) = @_;
+
+ if (!$dn) {
+ return undef if $noerr;
+ die "user dn is empty\n";
+ }
+
my $res = $ldap->bind($dn, password => $pw);
my $code = $res->code;
if ($code) {
return undef if $noerr;
- die $err;
+ die "$err\n";
}
return 1;
}
sub query_users {
- my ($ldap, $filter, $attributes, $base_dn) = @_;
+ my ($ldap, $filter, $attributes, $base_dn, $classes) = @_;
# build filter from given filter and attribute list
my $tmp = "(|";
}
$tmp .= ")";
+ if ($classes) {
+ $tmp = "(&$tmp(|";
+ for my $class (@$classes) {
+ $tmp .= "(objectclass=$class)";
+ }
+ $tmp .= "))";
+ }
+
if ($filter) {
$filter = "($filter)" if $filter !~ m/^\(.*\)$/;
$filter = "(&${filter}${tmp})"
$err = "LDAP user query unsuccessful" if !$err;
}
- die $err if $err;
+ die "$err\n" if $err;
return $users;
}
sub query_groups {
- my ($ldap, $base_dn, $classes, $filter) = @_;
+ my ($ldap, $base_dn, $classes, $filter, $group_name_attr) = @_;
my $tmp = "(|";
for my $class (@$classes) {
my $page = Net::LDAP::Control::Paged->new(size => 100);
+ my $attrs = [ 'member', 'uniqueMember' ];
+ push @$attrs, $group_name_attr if $group_name_attr;
my @args = (
base => $base_dn,
scope => "subtree",
filter => $filter,
control => [ $page ],
- attrs => [ 'member', 'uniqueMember' ],
+ attrs => $attrs,
);
my $cookie;
$members = [$entry->get_value('uniqueMember')];
}
$group->{members} = $members;
+ if ($group_name_attr && (my $name = $entry->get_value($group_name_attr))) {
+ $group->{name} = $name;
+ }
push @$groups, $group;
}
$err = "LDAP group query unsuccessful" if !$err;
}
- die $err if $err;
+ die "$err\n" if $err;
return $groups;
}