📄 ldap-utils.lib
字号:
push @attr, 'l' => $cert_l if ($cert_l and $add_dn =~ /\s*l\s*=/i); } elsif ($add_dn =~ /^\s*ou\s*=.*$/i) { return undef if (not scalar @ou_array); push @attr, 'ou' => [ @ou_array ]; push @attr, 'authorityRevocationList;binary' => ''; push @attr, 'certificateRevocationList;binary' => ''; push @attr, 'cACertificate;binary' => ''; push @attr, 'objectclass' => [ 'top', 'organizationalUnit', 'certificationAuthority' ]; push @attr, 'st' => $cert_st if ($cert_st and $add_dn =~ /\s*st\s*=/i); push @attr, 'l' => $cert_l if ($cert_l and $add_dn =~ /\s*l\s*=/i); } elsif ($add_dn =~ /^\s*o\s*=.*$/i) { return undef if (not $cert_o); push @attr, 'o' => $cert_o; push @attr, 'authorityRevocationList;binary' => ''; push @attr, 'certificateRevocationList;binary' => ''; push @attr, 'cACertificate;binary' => ''; push @attr, 'objectclass' => [ 'top', 'organization', 'certificationAuthority' ]; push @attr, 'st' => $cert_st if ($cert_st and $add_dn =~ /\s*st\s*=/i); push @attr, 'l' => $cert_l if ($cert_l and $add_dn =~ /\s*l\s*=/i); } elsif ($add_dn =~ /^\s*c\s*=.*$/i) { return undef if (not $cert_c); push @attr, 'c' => $cert_c; push @attr, 'objectclass' => [ 'top', 'country' ]; } elsif ($type =~ /^st$/i) { return undef if (not $cert_st); push @attr, 'st' => $cert_st; push @attr, 'objectclass' => [ 'top', 'locality' ]; } elsif ($type =~ /^l$/i) { return undef if (not $cert_l); push @attr, 'st' => $cert_l; push @attr, 'objectclass' => [ 'top', 'locality' ]; } else { return undef; } print "Attributes for the insertion:<br>\n" if ($DEBUG); foreach $h (keys %{$attr}) { print "$h = $attr->{$h}<br>\n" if ($DEBUG); } $ldapadd_result = $ldap->add ( $add_dn , attr => [ @attr ] ); print "The resultcode of the nodeinsertion was ". $ldapadd_result->code.".<br>\n" if ($DEBUG); last if ($ldapadd_result->code); } if ($use_ldap_add) { if( $ldapadd_result->code ) { ## print "<FONT COLOR=\"Red\">"; ## print "Error Adding DN [$serID]: " . $ldapadd_result->code ."<BR>\n"; ## print "</FONT>"; LDAP_disconnect ( $ldap ); return { STATUS => 0 , DESC => "Error ( code " . $ldapadd_result->code . " )", CODE => $ldapadd_result->code }; } } LDAP_disconnect ( $ldap ); return { STATUS => 1, CODE => 0, DESC => "Success" };}## this function add certificates and CRLs to the directorysub addLDAPattribute { my $keys = { @_ }; my $obj; local $ret; my $ldap; my $noprint; my $dn; my $attr; my $DEBUG = 0; ## check the type of the attribute if ( $keys->{CERTIFICATE} ) { $obj = $keys->{CERTIFICATE}; $attr = "userCertificate"; } elsif ( $keys->{AUTHORITY_CERTIFICATE} ) { $obj = $keys->{AUTHORITY_CERTIFICATE}; $attr = "cACertificate"; } elsif ( $keys->{CRL} ) { $obj = $keys->{CRL}; $attr = "certificateRevocationList"; } elsif ( $keys->{AUTHORITY_CRL} ) { $obj = $keys->{AUTHORITY_CRL}; $attr = "authorityRevocationList"; } $attr .= ";binary"; return if ( not $obj ); ## set output mode $noprint = $keys->{NOPRINT}; $noprint = 0 if ($DEBUG); ## Initializing Connection to LDAP Server if ( not ( $ldap = LDAP_connect() )) { return; } ## Let's bind for a predetermined User $ret = LDAP_bind( LDAP => $ldap ); if ( not $ret->{STATUS} ) { LDAP_disconnect ( LDAP => $ldap ); return; } ## get dn if ( $attr =~ /CERTIFICATE/i ) { $dn = $obj->getParsed()->{DN}; } elsif ( $type =~ /revocationList/i ) { $dn = $obj->getParsed()->{ISSUER}; } $dn =~ s/\//,/g; $dn =~ s/^ *,* *//g; ## fix problems with big letters $dn =~ s/email=/email=/i; $dn =~ s/cn=/cn=/i; $dn =~ s/c=/c=/i; $dn =~ s/ou=/ou=/i; $dn =~ s/o=/o=/i; $dn =~ s/st=/st=/i; $dn =~ s/l=/l=/i; ## $serID = $cert->getParsed()->{SERIAL}; print "addLDAPattribute: DN= ".$dn."<br>\n" if ($DEBUG); print "attr: ".$attr."<br>\n" if ($DEBUG); ## search the attribute my $search_filter = $dn; $search_filter =~ s/,.*$//g; $search_filter =~ s/^email=/mail=/i; $search_filter = "(".$search_filter.")"; print "LDAP Searchfilter: ".$search_filter."<br>\n" if ($DEBUG); my $mesg = $ldap->search ( base => $dn, scope => "base", filter => $search_filter); print "LDAP Search Mesg-Code ".$mesg->code."<br>\n" if ($DEBUG); print "LDAP Search Mesg-Count ".$mesg->count."<br>\n" if ($DEBUG); ## I stop the insertion because of a searcherror too if ( not $mesg or $mesg->code or not $mesg->count) { ## search failed if (!$noprint) { print "Search for the attribute failed.\n"; } if ($mesg) { $code = $mesg->code; } else { $code = 1; } LDAP_disconnect( LDAP => $ldap ); return { STATUS => 0 , CODE => $code }; } ## we can get only one entry because scope is set to "base"a ## load values my @values = $mesg->entry (0)->get_value ( $attr); push @values, $obj->getDER(); ## remove doubles @values = sort @values; for (my $i=1; $i < scalar @values; $i++) { if ($values[$i] eq $values[$i-1]) { splice @values, $i; $i--; } } ## insert into ldap $mesg = $ldap->modify ($dn, replace => {$attr => [ @values ]}); if( $mesg->code ) { $txt = "Unknown Error ( " . $mesg->code . " )"; if (!$noprint) { print "$txt\n"; } LDAP_disconnect( LDAP => $ldap ); return { STATUS => 0 , CODE => $mesg->code }; } else { $txt = "Attribute successfully inserted." } LDAP_disconnect( LDAP => $ldap ); if (!$noprint) { # print "LDAP Result [$serID]: Success ( " . $mesg->code ." )<BR>\n"; print "Success (".$txt.")\n"; } return { STATUS => 1, DESC => "Success (".$txt.")", CODE => 0 };}sub LDAPsearch { my $keys = { @_ }; my ( $mseg, $ldap, $limit, $ldapBase, $serID, $filter, $ret ); $filter = $keys->{FILTER}; $serID = $keys->{SERIAL}; return if ( not $filter ); ## Get required configuration keys $ldapBase = getRequired( 'basedn' ); ## Initializing Connection to LDAP Server if ( not ( $ldap = LDAP_connect() )) { print "<FONT COLOR=\"Red\">"; print "LDAP [$serID]: Connection Refused by server!\n"; print "</FONT><BR>\n"; return; }; ## Let's bind for a predetermined User $ret = LDAP_bind( LDAP => $ldap ); if( not $ret->{STATUS} ) { print "Failed in Bind: " . $ret->{CODE} . "\n"; LDAP_disconnect( LDAP => $ldap ); return $ret->{CODE}; }; $mesg = $ldap->search ( base => "$ldapBase", filter => "$filter" ); if ( $mesg->code ) { LDAP_disconnect( LDAP => $ldap ); return; } return { COUNT => $mesg->count, ENTRIES => $mesg->entries };};sub LDAP_connect { my $keys = { @_ }; my ( $ldap, $ldapSrv, $port, $ldapUsr, $ldapBase, $ldaplim, $ldapPwd, $filter, @attrs, $ret ); ## Initializing Connection to LDAP Server $ldapSrv = getRequired( 'ldapserver' ); $port = getRequired('ldapport'); $ldaplim = getRequired('ldaplimit'); ## if no initialization found, get defaults $port = 389 unless $LDAP_Port; ## Get the Connection to the Server $ldap = Net::LDAP->new ("$ldapSrv", port => "$port", async => 0 ); return if( not $ldap ); return $ldap;}sub LDAP_disconnect { $keys => {@_}; my $ldap = $keys->{LDAP}; return {STATUS => 0 } if ( not $ldap ); $ldap->unbind; return {STATUS => 1};}sub LDAP_bind { my $keys = {@_}; ## Get Required Parameters my $ldapUsr = getRequired('ldaproot'); my $ldapPwd = getRequired('ldappwd'); ## Get ldap passed ref my $ldap = $keys->{LDAP}; ## Return if no object passed return if( not $ldap ); ## Try to bind to selected user my $mesg = $ldap->bind( "$ldapUsr", 'password' => "$ldapPwd" ); ## if got an error, return it if ( $mesg->code ) { LDAP_disconnect( LDAP => $ldap ); return { STATUS => 0, CODE => $mesg->code }; }; return { STATUS => 1 };}1;___END___;⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -