Commit f158c2df authored by Florian Vessaz's avatar Florian Vessaz

Move $*_BASE to LDAP.pm

parent 0c131d61
......@@ -25,6 +25,7 @@ use Encode qw(decode);
=cut
our $GROUPS_BASE = "ou=Groups,dc=gnugen,dc=epfl,dc=ch";
our $USERS_BASE = "ou=Users,dc=gnugen,dc=epfl,dc=ch";
our $URL = 'ldaps://gnusrv2.epfl.ch:636';
......
......@@ -16,8 +16,6 @@ use GnuGeneration::LDAP;
our $FIRST_UID = 5000; # Base for user and private groups
our $FIRST_GID = 10000; # Base for other groups
our $SHADOW_EXPIRE_DISABLED = 7304; # Account disabled (expired on 1990-01-01)
our $USERS_BASE = "ou=Users,dc=gnugen,dc=epfl,dc=ch";
our $GROUPS_BASE = "ou=Groups,dc=gnugen,dc=epfl,dc=ch";
=head1 NAME
......@@ -145,7 +143,7 @@ sub all_members {
my $ldap = GnuGeneration::LDAP->ldap;
my $res = $ldap->search(
base => "$USERS_BASE",
base => $GnuGeneration::LDAP::USERS_BASE,
filter => "(objectclass=gnugenMember)",
attrs => ['', '*']);
......@@ -192,8 +190,8 @@ sub create {
my $home = '/home/' . $args{username};
my $id = _next_uid();
my $userdn = 'cn=' . escape_dn_value($args{cn})
. ', $USERS_BASE';
my $userdn = 'cn=' . escape_dn_value($args{cn}) . ','
. $GnuGeneration::LDAP::USERS_BASE;
my @userattrs = [
cn => $args{cn},
objectclass => [
......@@ -214,8 +212,8 @@ sub create {
gnugenMemberSubscriptionPayedDate => 0,
gnugenMemberTermsOfUseAcceptedDate => 0,
];
my $groupdn = 'cn=' . escape_dn_value($args{username})
. '$GROUPS_BASE';
my $groupdn = 'cn=' . escape_dn_value($args{username}) . ','
. $GnuGeneration::LDAP::GROUPS_BASE;
my @groupattrs = (
'objectclass' => [ "posixGroup" ],
'cn' => $args{username},
......@@ -246,7 +244,7 @@ sub create {
# Unlike the uidNumber, there is no synchronisation issues for the
# group entries unless some other code or person is doings stupid things.
# Check anyway in case someone did bad things…
$mesg = $ldap->search(base => $GROUPS_BASE,
$mesg = $ldap->search(base => $GnuGeneration::LDAP::GROUPS_BASE,
filter => "(gidNumber=" . escape_filter_value($id) . ")",
attrs => ['dn']
);
......@@ -281,7 +279,7 @@ sub create {
sub _fixup_new_user_id {
my ($ldap, $dn) = @_;
my $mesg = $ldap->search(base => $USERS_BASE,
my $mesg = $ldap->search(base => $GnuGeneration::LDAP::USERS_BASE,
base => $dn,
scope => "base",
filter => "(objectclass=*)",
......@@ -293,7 +291,7 @@ sub _fixup_new_user_id {
my $unique = 0;
while (not $unique) {
$mesg = $ldap->search(base => $USERS_BASE,
$mesg = $ldap->search(base => $GnuGeneration::LDAP::USERS_BASE,
filter => "(uidNumber=" . escape_filter_value($id) . ")",
attrs => ['dn']
);
......@@ -373,7 +371,7 @@ sub _check_host_permissions {
sub _check_username_in_group {
my ($self, $ldap, $group) = @_;
$group = escape_filter_value($group);
my $mesg = $ldap->search(base => "$GROUPS_BASE",
my $mesg = $ldap->search(base => $GnuGeneration::LDAP::GROUPS_BASE,
filter => "cn=$group");
my $entry = $mesg->shift_entry;
if (defined $entry) {
......@@ -388,7 +386,7 @@ sub _add_host_permissions {
my ($ldap, $members, $host) = @_;
my $group = escape_filter_value($host . '-login');
my $res = $ldap->search(base => "$GROUPS_BASE",
my $res = $ldap->search(base => $GnuGeneration::LDAP::GROUPS_BASE,
filter => "cn=$group");
my $entry = $res->shift_entry;
for my $username ($entry->get_value("memberUid")) {
......@@ -397,7 +395,7 @@ sub _add_host_permissions {
}
$group = escape_filter_value($host . '-sudoers');
$res = $ldap->search(base => "$GROUPS_BASE",
$res = $ldap->search(base => $GnuGeneration::LDAP::GROUPS_BASE,
filter => "cn=$group");
$entry = $res->shift_entry;
for my $username ($entry->get_value("memberUid")) {
......@@ -411,7 +409,7 @@ sub _entry_for_username {
die "Missing username argument" unless defined $username;
my $safe_username = escape_filter_value($username);
my $mesg = $ldap->search(
base => "$USERS_BASE",
base => $GnuGeneration::LDAP::USERS_BASE,
filter => "(&(objectclass=gnugenMember)(uid=$safe_username))");
$mesg->code && warn "Can't find $username: " . $mesg->error;
return $mesg->shift_entry;
......@@ -435,7 +433,7 @@ sub _from_usernames {
. '))';
my $mesg = $ldap->search(
base => $USERS_BASE,
base => $GnuGeneration::LDAP::USERS_BASE,
filter => $filter);
$mesg->code && warn "Can't search users: " . $mesg->error;
......@@ -689,7 +687,7 @@ sub active {
sub _next_uid {
my $ldap = GnuGeneration::LDAP->ldap;
my $lst = $ldap->search(base => '$USERS_BASE',
my $lst = $ldap->search(base => $GnuGeneration::LDAP::USERS_BASE,
scope => 'subtree',
filter => "(objectclass=posixAccount)",
attrs => ['uidNumber']);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment