📄 ldap-utils.lib
字号:
#!/usr/bin/perl## RA Server Management Utility ## (c) 1999 by Massimiliano Pala## All Rights Reserved#### Project Information:#### Current Version ..................... $VER## Project Started on .................. 17/12/1998## Last Modified on .................... 30/03/2001## Project Closed on ................... n/a#### Program currently tested with OpenLDAP v.1.2 on Linux, Solaris## and Sleepycat DB.#### DISC CLAIMER: THIS SOFTWARE IS GIVEN AS IS WITHOUT ANY WARRANTIES## ABOUT ANY DAMAGE DERIVED BY THE USE ( CORRECT OR NOT ) OF THIS## SOFTWARE. THE AUTHOR IS THEREFORE NOT RESPONSABLE IN ANY WAY OF## DAMAGES RELATED IN ANY WAY TO THIS OR SUPPORTED SOFTWARE AS WELL.#### If you want to contact me (the author) please use the e-mail## addresses listed below. Do not esitate in reporting bugs, enhancement## or anything seems useful in developing this software:#### madwolf@comune.modena.it## m.pala@mo.nettuno.it## digid@netscape.net#### Thank you for using this software, and remember that Open Projects## are the future of mankind. Do not sleep, partecipate to world wide## efforts to make life easier for all!sub addCertsUsers { my @keys = @_; ## Reserved Variables my ( @certsList ); my ( $filename, $tmp, $ID, $cert, $ldap, $ret ); ## Get Required parameter my $serverDir = getRequired( 'ServerDir' ); ## Debugging info my $DEBUG = 0; ## This file has the latest imported certificate's serials $filename = "$serverDir/stuff/lastImport.txt"; ## Let's open the stuff/lastImport.txt if( not -e "$filename" ) { configError( "File $filename not found!"); } $tmp = $query->getFile( "$filename"); if( $tmp eq "" ) { success( "Last Import file was empty."); } my @certsList = split( "\n", $tmp ); my $table = $query->buildRefs ( ELEMENTS =>, MAXITEMS =>); my $table .= $query->startTable (COLS=>[ "Cert.-No.", "DN", "adding dn", "adding certificate" ], WIDTH=>"100%", TITLE_BGCOLOR=>"#DDCCFF"); foreach $ID (@certsList) { my @line = (); my ( $filter, $serID, $parsed, $ret, $entry ); ( $serID ) = ( $ID =~ /([a-f0-9]+)/i ); ## Let's be sure it is in the right format $serID = uc( $serID ); $serID = "0$serID" if( length($serID) % 2 ); my $cert = $db->getItem ( DATATYPE => VALID_CERTIFICATE, KEY => $serID ); if( not $cert ) { $table .= $query->addTableLine( DATA => [ "<FONT COLOR=\"Red\">". "ERROR [$serID] : can't get certificate" . " from dB!\n</FONT>" ] ); next; } $parsed = $cert->getParsed(); push ( @line, $serID, $parsed->{DN}); $ret = addLDAPobject ( CERTIFICATE=>$cert ); my $text; $text .= "<FONT COLOR=\"Red\">" if ( not $ret->{STATUS} ); $text .= $ret->{DESC}; $text .= "</FONT>" if ( not $ret->{STATUS} ); push ( @line, $text); if( $ret->{STATUS} ) { $ret = addLDAPattribute ( CERTIFICATE => $cert , NOPRINT => true); if ($ret->{STATUS}) { push (@line, "success"); } else { push (@line, "Error : ".$ret->{CODE}); } } else { push (@line, "operation not performed"); } $table .= $query->addTableLine ( DATA => [ @line ]); } $table .= $query->endTable; print $table; return "Ok.";}sub addLDAPobject { ###################################################### ## only certs makes sense because a CRL can only be ## ## produced if a valid CA-cert exists ## ###################################################### my $keys = { @_ }; local ( $obj, $parsed, $serID, $ldap, $ret, $dn, $cn, $sn, $email ); my $DEBUG = 0; ## check the type of the attribute $obj = $keys->{CERTIFICATE}; return if ( not $obj ); ## get the needed data my $cert_dn = $obj->getParsed ()->{DN}; my $cert_cn = $obj->getParsed ()->{CN}; my $cert_serID = $obj->getParsed ()->{SERIAL}; my $cert_email = $obj->getParsed ()->{EMAIL}; my $cert_ou = $obj->getParsed ()->{OU}; my $cert_o = $obj->getParsed ()->{O}; my $cert_l = $obj->getParsed ()->{L}; my $cert_st = $obj->getParsed ()->{ST}; ## debugging print "Information of the Object:<br>\n" if ($DEBUG); print "dn ".$cert_dn."<br>\n" if ($DEBUG); print "cn ".$cert_cn."<br>\n" if ($DEBUG); print "serID ".$cert_serID."<br>\n" if ($DEBUG); print "email ".$cert_email."<br>\n" if ($DEBUG); print "ou ".$cert_ou."<br>\n" if ($DEBUG); print "o ".$cert_o."<br>\n" if ($DEBUG); print "l ".$cert_l."<br>\n" if ($DEBUG); print "st ".$cert_st."<br>\n" if ($DEBUG); print "End of the information of the Object.<br>\n" if ($DEBUG); ## here we could perform some operations with the data ## sn is not the real sn sometimes but you can find ## the person via a search with a wildcard my $cert_sn = $cert_cn; $cert_sn =~ s/^[^ ]* //; my $ou_counter = 0; my @ou_array = (); ## Get the Connection to the Server if ( not ( $ldap = LDAP_connect() )) { print "<FONT COLOR=\"Red\">"; print "LDAP [$serID]: Connection Refused by server!\n"; print "</FONT><BR>\n"; return; }; ## Let's bind for a predetermined User $ret = LDAP_bind( LDAP => $ldap ); if( not $ret->{STATUS} ) { print "Failed in Bind: " . $ret->{CODE} . "\n"; LDAP_disconnect( LDAP => $ldap ); return $ret->{CODE}; }; ## build the array from the LDAP root my $basedn = getRequired ('basedn'); my @basedn_array = (); my $h_attribute; while ($basedn) { ## get the last element $h_attribute = $basedn; $basedn =~ s/^[^,]*,//; $h_attribute = substr ($h_attribute, 0, length ($h_attribute) - length ($basedn)); if ( not $h_attribute ) { $h_attribute = $basedn; $basedn = ""; } $h_attribute =~ s/,//; $h_attribute =~ s/(^ )|( $)//g; print "element of baseDN: ".$h_attribute."<br>\n" if ($DEBUG); if ($h_attribute =~ /^\s*ou\s*=.*$/i) { $ou_array [$ou_counter] = $h_attribute; $ou_array [$ou_counter] =~ s/^\s*ou\s*=\s*//i; $ou_counter++; } push (@basedn_array, $h_attribute); } ## build the array from the DN my $h_dn = $cert_dn; my @dn_array = (); my $h_attribute; while ($h_dn) { ## get the last element $h_attribute = $h_dn; $h_dn =~ s/^[^\/,]*\///; $h_attribute = substr ($h_attribute, 0, length ($h_attribute) - length ($h_dn)); if ( not $h_attribute ) { $h_attribute = $h_dn; $h_dn = ""; } $h_attribute =~ s/\///; $h_attribute =~ s/(^ )|( $)//g; print "element of the inserted DN: ".$h_attribute."<br>\n" if ($DEBUG); push (@dn_array, $h_attribute); } ## verify that the root in the DN is ok print "Checking RootDN of Certificate ...<br>\n" if ($DEBUG); print "Inserted DN\t\t\tBaseDN<br>\n" if ($DEBUG); while (scalar (@basedn_array) and scalar (@dn_array)) { my $h_basedn = pop (@basedn_array); my $h_dn = pop (@dn_array); print $h_dn."\t\t".$h_basedn."<br>\n" if ($DEBUG); ## this dn cannot be added under the root-dn if ( (uc $h_basedn) ne (uc $h_dn) ) { LDAP_disconnect ( $ldap ); return { STATUS => 0 , DESC => "Error ( dn conflicts with basedn )", CODE => -1 }; } } ## dn which should be inserted is shorter then the root-dn print "Checking the length of the DN of the Certificate ...<br>\n" if ($DEBUG); if ( scalar (@basedn_array) ) { LDAP_disconnect ( $ldap ); return { STATUS => 0 , DESC => "Error ( dn is shorter then basedn )", CODE => -2 }; } ## if dn == basedn then their is no error because this can ## be the CA-dn return { STATUS => 1, CODE => 0, DESC => "Success" } if (!scalar (@dn_array)); ## setup the tree for the DN ## attention only the last ldapadd must be successful !!! print "Building the missing nodes of the LDAP-tree ...<br>\n" if ($DEBUG); my $add_dn = getRequired ('basedn'); my $actual_element; my $use_ldap_add = 0; while (scalar (@dn_array)) { $actual_element = pop @dn_array; if ($actual_element =~ /^\s*ou\s*=.*$/i) { $ou_array [$ou_counter] = $actual_element; $ou_array [$ou_counter] =~ s/^\s*ou\s*=\s*//i; $ou_counter++; } ## prepare the needed strings $add_dn = $actual_element.",".$add_dn; print "Try to add $add_dn ...<br>\n" if ($DEBUG); ## check that the entry not exist in the LDAP-tree my $base = $add_dn; #$base =~ s/^[^,]*,//; my $search_filter = $add_dn; $search_filter =~ s/,.*$//g; $search_filter =~ s/^email=/mail=/i; $search_filter = "(".$search_filter.")"; print "LDAP Searchfilter: ".$search_filter."<br>\n" if ($DEBUG); print "LDAP Base: ".$base."<br>\n" if ($DEBUG); my $ldap_search_mesg = $ldap->search ( base => $base, scope => "sub", filter => $search_filter); print "LDAP Search Mesg-Code ".$ldap_search_mesg->code."<br>\n" if ($DEBUG); print "LDAP Search Mesg-Count ".$ldap_search_mesg->count."<br>\n" if ($DEBUG); ## I stop the insertion because of a searcherror too if ( not $ldap_search_mesg or #$ldap_search_mesg->code or $ldap_search_mesg->count) { ## node/leaf exists print "node exists<br>\n" if ($DEBUG); next; } $use_ldap_add = 1; ## insert the different types ## attention: I don't insert here a CA!!! ## this most be done otherwise because I cannot declare ## any o and ou to be a (sub)CA my @attr; if ($add_dn =~ /^\s*(cn|email|serialNumber)\s*=.*$/i) { return undef if (not $cert_sn or not $cert_cn); push @attr, 'cn' => $cert_cn; push @attr, 'sn' => $cert_sn; push @attr, 'objectclass' => [ 'top', 'person', 'organizationalPerson', 'inetOrgPerson' ]; push @attr, 'ou' => [ @ou_array ] if (scalar @ou_array); push @attr, 'o' => $cert_o if ($cert_o); push @attr, 'mail' => $cert_email if ($cert_email); push @attr, 'st' => $cert_st if ($cert_st and $add_dn =~ /\s*st\s*=/i);⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -