my $rv = $dbh->search(
base => $prefix,
filter => '(objectClass='.$args->{'userclass'}.')',
- scope => 'one');
+ scope => 'sub');
if (!$rv || $rv->code) {
&error("Failed to search users : ".
($rv ? $rv->error : "Unknown error"));
my $rv = $dbh->search(
base => $prefix,
filter => '(objectClass='.$args->{'groupclass'}.')',
- scope => 'one');
+ scope => 'sub');
if (!$rv || $rv->code) {
&error("Failed to search groups : ".
($rv ? $rv->error : "Unknown error"));
base => $prefix,
filter => '(&(cn='.$username.')(objectClass='.
$args->{'userclass'}.'))',
- scope => 'one');
+ scope => 'sub');
if (!$rv || $rv->code) {
&error("Failed to find user : ".
($rv ? $rv->error : "Unknown error"));
my ($user) = $rv->all_entries;
if ($user) {
+ # Delete sub-objects
+ my $rv = $dbh->search(
+ base => $user->dn(),
+ filter => '(objectClass=*)',
+ scope => 'sub');
+ if (!$rv || $rv->code) {
+ &error("Failed to delete LDAP user : ".
+ ($rv ? $rv->error : "Unknown error"));
+ }
+ foreach my $so ($rv->all_entries) {
+ next if ($so->dn() eq $user->dn());
+ my $drv = $dbh->delete($so->dn());
+ if ($drv->code) {
+ &error("Failed to delete LDAP ".
+ "sub-object : ".$drv->error);
+ }
+ }
+
# Delete the user from LDAP
my $rv = $dbh->delete($user->dn());
if (!$rv || $rv->code) {
- &error("Failed to delete user : ".
+ &error("Failed to delete LDAP user : ".
($rv ? $rv->error : "Unknown error"));
}
}
base => $prefix,
filter => '(&(cn='.$groupname.')(objectClass='.
$args->{'groupclass'}.'))',
- scope => 'one');
+ scope => 'sub');
if (!$rv || $rv->code) {
&error("Failed to find group : ".
($rv ? $rv->error : "Unknown error"));
my ($group) = $rv->all_entries;
if ($group) {
+ # Delete sub-objects
+ my $rv = $dbh->search(
+ base => $group->dn(),
+ filter => '(objectClass=*)',
+ scope => 'sub');
+ if (!$rv || $rv->code) {
+ &error("Failed to delete LDAP group : ".
+ ($rv ? $rv->error : "Unknown error"));
+ }
+ foreach my $so ($rv->all_entries) {
+ next if ($so->dn() eq $group->dn());
+ my $drv = $dbh->delete($so->dn());
+ if ($drv->code) {
+ &error("Failed to delete LDAP ".
+ "sub-object : ".$drv->error);
+ }
+ }
+
# Delete the group from LDAP
my $rv = $dbh->delete($group->dn());
if (!$rv || $rv->code) {
- &error("Failed to delete group : ".
+ &error("Failed to delete LDAP group : ".
($rv ? $rv->error : "Unknown error"));
}
}
base => $prefix,
filter => '(&(cn='.$username.')(objectClass='.
$args->{'userclass'}.'))',
- scope => 'one');
+ scope => 'sub');
if (!$rv || $rv->code) {
print STDERR "Failed to lookup user : ",
($rv ? $rv->error : "Unknown error"),"\n";
}
elsif ($proto eq "ldap") {
# Lookup in LDAP
- # XXX
+ my $rv = $dbh->search(
+ base => $prefix,
+ filter => '(objectClass='.
+ $args->{'userclass'}.')',
+ scope => 'sub',
+ attrs => [ 'cn', 'webminAttr' ]);
+ if ($rv && !$rv->code) {
+ foreach my $u ($rv->all_entries) {
+ my @attrs = $u->get_value('webminAttr');
+ foreach my $la (@attrs) {
+ my ($attr, $value) = split(/=/, $la, 2);
+ if ($attr eq "cert" &&
+ ($value eq $peername ||
+ $value eq $peername2)) {
+ return $u->get_value('cn');
+ }
+ }
+ }
+ }
}
}
return undef;
if ($config{'userdb'}) {
# Update user DB
- my ($dbh, $proto) = &connect_userdb($config{'userdb'});
+ my ($dbh, $proto, $prefix, $args) = &connect_userdb($config{'userdb'});
if (!$dbh) {
return -1;
}
$cmd->finish() if ($cmd);
}
elsif ($proto eq "ldap") {
- # XXX update in LDAP
+ # Update LDAP object
+ my $rv = $dbh->modify($uinfo->{'id'},
+ replace => { 'webminPass' => '!'.$uinfo->{'pass'} });
+ if (!$rv || $rv->code) {
+ print STDERR "Failed to lock password : ",
+ ($rv ? $rv->error : "Unknown error"),"\n";
+ return -1;
+ }
}
&disconnect_userdb($config{'userdb'}, $dbh);
return 0;
}
elsif ($proto eq "ldap") {
# Find users in LDAP
- # XXX limit attrs?
my $rv = $dbh->search(
base => $prefix,
filter => '(objectClass='.
$args->{'userclass'}.')',
- scope => 'one');
+ scope => 'sub',
+ attrs => [ 'cn', 'webminModule' ]);
if ($rv && !$rv->code) {
foreach my $u ($rv->all_entries) {
my $user = $u->get_value('cn');
base => $prefix,
filter => '(&(cn='.$u.')(objectClass='.
$args->{'userclass'}.'))',
- scope => 'one');
+ scope => 'sub');
if (!$rv || $rv->code) {
&error(&text('euserdbacl',
$rv ? $rv->error : "Unknown error"));
base => $prefix,
filter => '(&(cn='.$g.')(objectClass='.
$args->{'groupclass'}.'))',
- scope => 'one');
+ scope => 'sub');
if (!$rv || $rv->code) {
&error(&text('egroupdbacl',
$rv ? $rv->error : "Unknown error"));
base => $prefix,
filter => '(&(cn='.$u.')(objectClass='.
$args->{'userclass'}.'))',
- scope => 'one');
+ scope => 'sub');
if (!$rv || $rv->code) {
&error(&text('euserdbacl',
$rv ? $rv->error : "Unknown error"));
base => $prefix,
filter => '(&(cn='.$g.')(objectClass='.
$args->{'groupclass'}.'))',
- scope => 'one');
+ scope => 'sub');
if (!$rv || $rv->code) {
&error(&text('egroupdbacl',
$rv ? $rv->error : "Unknown error"));
%remote_user_attrs = ( );
if ($remote_user_proto) {
my $userdb = &get_userdb_string();
- my ($dbh, $proto) = $userdb ? &connect_userdb($userdb) : ( );
+ my ($dbh, $proto, $prefix, $args) =
+ $userdb ? &connect_userdb($userdb) : ( );
if (ref($dbh)) {
if ($proto eq "mysql" || $proto eq "postgresql") {
# Read attrs from SQL
}
}
elsif ($proto eq "ldap") {
- # XXX read attrs from LDAP
+ # Read attrs from LDAP
+ my $rv = $dbh->search(
+ base => $prefix,
+ filter => '(&(cn='.$base_remote_user.')'.
+ '(objectClass='.
+ $args->{'userclass'}.'))',
+ scope => 'sub');
+ my ($u) = $rv && !$rv->code ? $rv->all_entries : ( );
+ if ($u) {
+ foreach $la ($u->get_value('webminAttr')) {
+ my ($attr, $value) = split(/=/, $la, 2);
+ $remote_user_attrs{$attr} = $value;
+ }
+ }
}
&disconnect_userdb($userdb, $dbh);
}