[otrs-cvs] CVS: otrs/Kernel/System/Auth LDAP.pm,1.22,1.23
cvs-log at otrs.org
cvs-log at otrs.org
Wed Aug 2 16:53:24 CEST 2006
Update of /home/cvs/otrs/Kernel/System/Auth
In directory lancelot:/tmp/cvs-serv6150/Kernel/System/Auth
Modified Files:
LDAP.pm
Log Message:
add ldap attribute to groups/roles sync
Index: LDAP.pm
===================================================================
RCS file: /home/cvs/otrs/Kernel/System/Auth/LDAP.pm,v
retrieving revision 1.22
retrieving revision 1.23
diff -C2 -r1.22 -r1.23
*** LDAP.pm 24 Jul 2006 08:12:09 -0000 1.22
--- LDAP.pm 2 Aug 2006 13:53:22 -0000 1.23
***************
*** 360,364 ****
$Self->{LogObject}->Log(
Priority => 'notice',
! Message => "User: '$Param{User}' sync ldap groups $GroupDN groups!",
);
# search if we're allowed to
--- 360,364 ----
$Self->{LogObject}->Log(
Priority => 'notice',
! Message => "User: '$Param{User}' sync ldap groups $GroupDN to groups!",
);
# search if we're allowed to
***************
*** 506,509 ****
--- 506,655 ----
}
}
+ # sync ldap attribute 2 otrs group permissions
+ if ($Self->{ConfigObject}->Get('UserSyncLDAPAttibuteGroupsDefination')) {
+ if (!$LDAP->bind(dn => $Self->{SearchUserDN}, password => $Self->{SearchUserPw})) {
+ $Self->{LogObject}->Log(
+ Priority => 'error',
+ Message => "Sync bind failed!",
+ );
+ # take down session
+ $LDAP->unbind;
+ return $Param{User};
+ }
+ # get current user data
+ my %UserData = $Self->{UserObject}->GetUserData(User => $Param{User});
+ # system permissions
+ my %PermissionsEmpty = ();
+ foreach (@{$Self->{ConfigObject}->Get('System::Permission')}) {
+ $PermissionsEmpty{$_} = 0;
+ }
+ # remove all group permissions
+ my %SystemGroups = $Self->{GroupObject}->GroupList();
+ foreach my $GID (keys %SystemGroups) {
+ $Self->{GroupObject}->GroupMemberAdd(
+ GID => $GID,
+ UID => $UserData{UserID},
+ Permission => {
+ %PermissionsEmpty,
+ },
+ UserID => 1,
+ );
+ }
+ # build filter
+ my $Filter = "($Self->{UID}=$Param{User})";
+ # perform search
+ my $Result = $LDAP->search (
+ base => $Self->{BaseDN},
+ filter => $Filter,
+ );
+
+ my %SyncConfig = %{$Self->{ConfigObject}->Get('UserSyncLDAPAttibuteGroupsDefination')};
+ foreach my $Attribute (keys %SyncConfig) {
+ my %AttributeValues = %{$SyncConfig{$Attribute}};
+ foreach my $AttributeValue (keys %AttributeValues) {
+ foreach my $Entry ($Result->all_entries) {
+ if ($Entry->get_value($Attribute) &&
+ $Entry->get_value($Attribute) eq $AttributeValue
+ ) {
+ my %Groups = %{$AttributeValues{$AttributeValue}};
+ foreach my $Group (keys %Groups) {
+ # get group id
+ my $GroupID = 0;
+ foreach (keys %SystemGroups) {
+ if ($SystemGroups{$_} eq $Group) {
+ $GroupID = $_;
+ last;
+ }
+ }
+ if ($GroupID) {
+ # just in case for debug
+ $Self->{LogObject}->Log(
+ Priority => 'notice',
+ Message => "User: '$Param{User}' sync ldap attribute $Attribute=$AttributeValue in $Group group!",
+ );
+ $Self->{GroupObject}->GroupMemberAdd(
+ GID => $GroupID,
+ UID => $UserData{UserID},
+ Permission => {
+ %PermissionsEmpty,
+ %{$Groups{$Group}},
+ },
+ UserID => 1,
+ );
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ # sync ldap attribute 2 otrs role permissions
+ if ($Self->{ConfigObject}->Get('UserSyncLDAPAttibuteRolesDefination')) {
+ if (!$LDAP->bind(dn => $Self->{SearchUserDN}, password => $Self->{SearchUserPw})) {
+ $Self->{LogObject}->Log(
+ Priority => 'error',
+ Message => "Sync bind failed!",
+ );
+ # take down session
+ $LDAP->unbind;
+ return $Param{User};
+ }
+ # get current user data
+ my %UserData = $Self->{UserObject}->GetUserData(User => $Param{User});
+ # remove all role permissions
+ my %SystemRoles = $Self->{GroupObject}->RoleList();
+ foreach my $RID (keys %SystemRoles) {
+ $Self->{GroupObject}->GroupUserRoleMemberAdd(
+ UID => $UserData{UserID},
+ RID => $RID,
+ Active => 0,
+ UserID => 1,
+ );
+ }
+ # build filter
+ my $Filter = "($Self->{UID}=$Param{User})";
+ # perform search
+ my $Result = $LDAP->search (
+ base => $Self->{BaseDN},
+ filter => $Filter,
+ );
+
+ my %SyncConfig = %{$Self->{ConfigObject}->Get('UserSyncLDAPAttibuteRolesDefination')};
+ foreach my $Attribute (keys %SyncConfig) {
+ my %AttributeValues = %{$SyncConfig{$Attribute}};
+ foreach my $AttributeValue (keys %AttributeValues) {
+ foreach my $Entry ($Result->all_entries) {
+ if ($Entry->get_value($Attribute) &&
+ $Entry->get_value($Attribute) eq $AttributeValue
+ ) {
+ my %Roles = %{$AttributeValues{$AttributeValue}};
+ foreach my $Role (keys %Roles) {
+ # get role id
+ my $RoleID = 0;
+ foreach (keys %SystemRoles) {
+ if ($SystemRoles{$_} eq $Role) {
+ $RoleID = $_;
+ last;
+ }
+ }
+ if ($RoleID && $Roles{$Role} eq 1) {
+ # just in case for debug
+ $Self->{LogObject}->Log(
+ Priority => 'notice',
+ Message => "User: '$Param{User}' sync ldap attribute $Attribute=$AttributeValue in $Role role!",
+ );
+ $Self->{GroupObject}->GroupUserRoleMemberAdd(
+ UID => $UserData{UserID},
+ RID => $RoleID,
+ Active => 1,
+ UserID => 1,
+ );
+ }
+ }
+ }
+ }
+ }
+ }
+ }
# take down session
$LDAP->unbind;
More information about the cvs-log
mailing list