ldap-client/check.cgi

   1 #!/usr/local/bin/perl
   2 # Check the user's LDAP settings
   3
   4 require './ldap-client-lib.pl';
   5 require './switch-lib.pl';
   6 &ui_print_unbuffered_header(undef, $text{'check_title'}, "");
   7
   8 # Get the user base
   9 print $text{'check_base'},"<br>\n";
  10 $conf = &get_config();
  11 $user_base = &find_svalue("nss_base_passwd", $conf) ||
  12              &find_svalue("base", $conf);
  13 if (!$user_base) {
  14         &print_problem(&text('check_ebase'));
  15         goto END;
  16         }
  17 else {
  18         print &text('check_based', "<tt>$user_base</tt>"),"<p>\n";
  19         }
  20
  21 # Attempt to connect to LDAP server
  22 print $text{'check_connect'},"<br>\n";
  23 $ldap = &ldap_connect(1);
  24 if (!ref($ldap)) {
  25         &print_problem(&text('check_econnect', $ldap));
  26         goto END;
  27         }
  28 else {
  29         local $ldaphost;
  30         eval { $ldaphost = $ldap->host(); };
  31         $ldaphost ||= &get_ldap_host();
  32         print &text('check_connected', $ldaphost),"<p>\n";
  33         }
  34
  35 # Work out the scope
  36 $scope = &find_svalue("scope", $conf);
  37 if ($user_base =~ s/\?([^\?]*)(\?([^\?]*))?$//) {
  38         $scope = $1;
  39         }
  40 $scope ||= "one";
  41
  42 # Look for some users
  43 print $text{'check_search'},"<br>\n";
  44 $rv = $ldap->search(base => $user_base,
  45                     filter => '(objectClass=posixAccount)',
  46                     scope => $scope);
  47 if ($rv->code) {
  48         # Search failed!
  49         &print_problem(&text('check_esearch', $rv->error));
  50         goto END;
  51         }
  52 if (!$rv->count) {
  53         &print_problem(&text('check_eusers', "<tt>$user_base</tt>"));
  54         goto END;
  55         }
  56 else {
  57         print &text('check_found', $rv->count),"<p>\n";
  58         }
  59
  60 # Check NSS configuration for users
  61 print $text{'check_nss'},"<br>\n";
  62 $nss = &get_nsswitch_config();
  63 ($passwd) = grep { $_->{'name'} eq 'passwd' } @$nss;
  64 ($ldapsrc) = grep { $_->{'src'} eq 'ldap' } @{$passwd->{'srcs'}};
  65 if (!$ldapsrc) {
  66         &print_problem($text{'check_enss'});
  67         goto END;
  68         }
  69 else {
  70         print $text{'check_nssok'},"<p>\n";
  71         }
  72
  73 # Make sure one of the users is a valid Unix user
  74 $first = $rv->entry(0);
  75 print &text('check_match', "<tt>".$first->get_value("uid")."</tt>"),"<br>\n";
  76 $uid = getpwnam($first->get_value("uid"));
  77 if (!$uid) {
  78         # Sometimes this fails due to nsswitch.conf caching .. so try forking
  79         # a separate command
  80         $uid = &backquote_command(
  81                 "id -a ".$first->get_value("uid")." 2>/dev/null");
  82         }
  83 if (!$uid) {
  84         &print_problem($text{'check_ematch'});
  85         goto END;
  86         }
  87 else {
  88         print $text{'check_matched'},"<p>\n";
  89
  90         print "<b>$text{'check_done'}</b><p>\n";
  91         }
  92
  93 END:
  94 &ui_print_footer("", $text{'index_return'});
  95
  96 sub print_problem
  97 {
  98 print "<font color=#ff0000>",@_,"</font><p>\n";
  99 }