package FS::part_export::ldap;
-use vars qw(@ISA);
+use vars qw(@ISA @saltset);
use FS::Record qw( dbh );
use FS::part_export;
@ISA = qw(FS::part_export);
+@saltset = ( 'a'..'z' , 'A'..'Z' , '0'..'9' , '.' , '/' );
+
sub rebless { shift; }
sub _export_insert {
}
}
$crypt_password = ''; #surpress "used only once" warnings
- $crypt_password = crypt( $svc_acct->_password,
+ $crypt_password = '{crypt}'. crypt( $svc_acct->_password,
$saltset[int(rand(64))].$saltset[int(rand(64))] );
-
- my %attrib = map { /^\s*(\w+)\s+(.*\S)\s*$/; ( $1 => eval(qq("$2")) ); }
+ my $username_attrib;
+ my %attrib = map { /^\s*(\w+)\s+(.*\S)\s*$/;
+ $username_attrib = $1 if $2 eq '$username';
+ ( $1 => eval(qq("$2")) ); }
grep { /^\s*(\w+)\s+(.*\S)\s*$/ }
split("\n", $self->option('attributes'));
- if ( $self->option('radius') {
+ if ( $self->option('radius') ) {
foreach my $table (qw(reply check)) {
my $method = "radius_$table";
my %radius = $svc_acct->$method();
my $err_or_queue = $self->ldap_queue( $svc_acct->svcnum, 'insert',
#$svc_acct->username,
+ $username_attrib,
%attrib );
return $err_or_queue unless ref($err_or_queue);
$self->machine,
$self->option('dn'),
$self->option('password'),
+ $self->option('userdn'),
@_,
) or $queue;
}
sub ldap_insert { #subroutine, not method
- my $dn = ldap_connect(shift, shift, shift);
- my %attrib = @_;
+ my $ldap = ldap_connect(shift, shift, shift);
+ my( $userdn, $username_attrib, %attrib ) = @_;
+
+ $userdn = "$username_attrib=$attrib{$username_attrib}, $userdn"
+ if $username_attrib;
+ #icky hack, but should be unsurprising to the LDAPers
+ foreach my $key ( grep { $attrib{$_} =~ /,/ } keys %attrib ) {
+ $attrib{$key} = [ split(/,/, $attrib{$key}) ];
+ }
- my $status = $ldap->add( $dn, attrs => [ %attrib ] );
- die $status->error if $status->is_error;
+ my $status = $ldap->add( $userdn, attrs => [ %attrib ] );
+ die 'LDAP error: '. $status->error. "\n" if $status->is_error;
$ldap->unbind;
}
sub ldap_connect {
my( $machine, $dn, $password ) = @_;
+ my %bind_options;
+ $bind_options{password} = $password if length($password);
eval "use Net::LDAP";
die $@ if $@;
- my $ldap = Net::LDAP->net($machine) or die $@;
- my $status = $ldap->bind( $dn, password=>$password );
- die $status->error if $status->is_error;
+ my $ldap = Net::LDAP->new($machine) or die $@;
+ my $status = $ldap->bind( $dn, %bind_options );
+ die 'LDAP error: '. $status->error. "\n" if $status->is_error;
- $dn;
+ $ldap;
}