From f3b120eb62948e1c6ebccd3ba879a59cb95b5756 Mon Sep 17 00:00:00 2001 From: Emmanuel Garette Date: Tue, 5 Jan 2021 11:27:02 +0100 Subject: [PATCH 1/2] =?UTF-8?q?patch=20lemonldap=20pour=20corriger=20le=20?= =?UTF-8?q?probl=C3=A8me=20des=20attributs=20avec=20la=20valeur=200=20(ref?= =?UTF-8?q?=20#31384)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Makefile | 2 +- eole-lemonldap-ng.mk | 2 + eole-lemonldap.mk | 1 - lemonldap-ng/LDAP.pm | 102 ++++++++++++++++++++++++++++++++ lemonldap-ng/LDAP.pm.patch | 20 +++++++ posttemplate/70-lemonldap-patch | 12 ++++ 6 files changed, 137 insertions(+), 2 deletions(-) create mode 100644 eole-lemonldap-ng.mk delete mode 100644 eole-lemonldap.mk create mode 100644 lemonldap-ng/LDAP.pm create mode 100644 lemonldap-ng/LDAP.pm.patch create mode 100755 posttemplate/70-lemonldap-patch diff --git a/Makefile b/Makefile index fd9c34a..655b480 100644 --- a/Makefile +++ b/Makefile @@ -2,7 +2,7 @@ # Makefile pour XXX-XXX ################################ -SOURCE=eole-lemonldap +SOURCE=eole-lemonldap-ng VERSION=2.8.0 EOLE_VERSION=2.8 EOLE_RELEASE=2.8.0 diff --git a/eole-lemonldap-ng.mk b/eole-lemonldap-ng.mk new file mode 100644 index 0000000..25693df --- /dev/null +++ b/eole-lemonldap-ng.mk @@ -0,0 +1,2 @@ +creolefuncs_DATA_DIR := $(DESTDIR)/usr/share/creole/funcs +lemonldap-ng_DATA_DIR := $(eole_DIR)/lemonldap-ng diff --git a/eole-lemonldap.mk b/eole-lemonldap.mk deleted file mode 100644 index b152d43..0000000 --- a/eole-lemonldap.mk +++ /dev/null @@ -1 +0,0 @@ -creolefuncs_DATA_DIR := $(DESTDIR)/usr/share/creole/funcs diff --git a/lemonldap-ng/LDAP.pm b/lemonldap-ng/LDAP.pm new file mode 100644 index 0000000..e62ad43 --- /dev/null +++ b/lemonldap-ng/LDAP.pm @@ -0,0 +1,102 @@ +package Lemonldap::NG::Portal::UserDB::LDAP; + +use strict; +use Mouse; +use utf8; +use Lemonldap::NG::Portal::Main::Constants qw(PE_OK); + +extends 'Lemonldap::NG::Portal::Lib::LDAP'; + +our $VERSION = '2.0.6'; + +has ldapGroupAttributeNameSearch => ( + is => 'rw', + lazy => 1, + builder => sub { + my $attributes = []; + @$attributes = + split( /\s+/, $_[0]->{conf}->{ldapGroupAttributeNameSearch} ) + if $_[0]->{conf}->{ldapGroupAttributeNameSearch}; + push( @$attributes, $_[0]->{conf}->{ldapGroupAttributeNameGroup} ) + if ( $_[0]->{conf}->{ldapGroupRecursive} + and $_[0]->{conf}->{ldapGroupAttributeNameGroup} ne "dn" ); + return $attributes; + } +); + +# RUNNING METHODS +# +# getUser is provided by Portal::Lib::LDAP + +# Load all parameters included in exportedVars parameter. +# Multi-value parameters are loaded in a single string with +# a separator (param multiValuesSeparator) +# @return Lemonldap::NG::Portal constant +sub setSessionInfo { + my ( $self, $req ) = @_; + $req->{sessionInfo}->{_dn} = $req->data->{dn}; + + my %vars = ( %{ $self->conf->{exportedVars} }, + %{ $self->conf->{ldapExportedVars} } ); + while ( my ( $k, $v ) = each %vars ) { + + # getLdapValue returns an empty string for missing attribute + # but we really want to return undef so they don't get stored in session + $req->sessionInfo->{$k} = + $self->ldap->getLdapValue( $req->data->{ldapentry}, $v ) || undef; + } + + PE_OK; +} + +# Load all groups in $groups. +# @return Lemonldap::NG::Portal constant +sub setGroups { + my ( $self, $req ) = @_; + my $groups = $req->{sessionInfo}->{groups}; + my $hGroups = $req->{sessionInfo}->{hGroups}; + + if ( $self->conf->{ldapGroupBase} ) { + + # Get value for group search + my $group_value = $self->ldap->getLdapValue( $req->data->{ldapentry}, + $self->conf->{ldapGroupAttributeNameUser} ); + + if ( $self->conf->{ldapGroupDecodeSearchedValue} ) { + utf8::decode($group_value); + } + + $self->logger->debug( "Searching LDAP groups in " + . $self->conf->{ldapGroupBase} + . " for $group_value" ); + + # Call searchGroups + my $ldapGroups = $self->ldap->searchGroups( + $self->conf->{ldapGroupBase}, + $self->conf->{ldapGroupAttributeName}, + $group_value, + $self->ldapGroupAttributeNameSearch, + $req->{ldapGroupDuplicateCheck} + ); + + foreach ( keys %$ldapGroups ) { + my $groupName = $_; + $hGroups->{$groupName} = $ldapGroups->{$groupName}; + my $groupValues = []; + foreach ( @{ $self->ldapGroupAttributeNameSearch } ) { + next if $_ =~ /^name$/; + my $firstValue = $ldapGroups->{$groupName}->{$_}->[0]; + push @$groupValues, $firstValue; + } + $groups .= $self->conf->{multiValuesSeparator} if $groups; + $groups .= join( '|', @$groupValues ); + } + + } + + $req->{sessionInfo}->{groups} = $groups; + $req->{sessionInfo}->{hGroups} = $hGroups; + PE_OK; +} + +1; diff --git a/lemonldap-ng/LDAP.pm.patch b/lemonldap-ng/LDAP.pm.patch new file mode 100644 index 0000000..e2c7456 --- /dev/null +++ b/lemonldap-ng/LDAP.pm.patch @@ -0,0 +1,20 @@ +--- /usr/share/perl5/Lemonldap/NG/Portal/UserDB/LDAP.pm.old 2019-12-11 12:05:54.000000000 +0100 ++++ /usr/share/perl5/Lemonldap/NG/Portal/UserDB/LDAP.pm 2021-01-05 10:54:19.188732119 +0100 +@@ -40,10 +40,15 @@ + %{ $self->conf->{ldapExportedVars} } ); + while ( my ( $k, $v ) = each %vars ) { + ++ my $value = $self->ldap->getLdapValue( $req->data->{ldapentry}, $v ); ++ + # getLdapValue returns an empty string for missing attribute + # but we really want to return undef so they don't get stored in session +- $req->sessionInfo->{$k} = +- $self->ldap->getLdapValue( $req->data->{ldapentry}, $v ) || undef; ++ # This has to be a string comparison because "0" is a valid attribute ++ # value. See #2403 ++ $value = undef if ( $value eq "" ); ++ ++ $req->sessionInfo->{$k} = $value; + } + + PE_OK; diff --git a/posttemplate/70-lemonldap-patch b/posttemplate/70-lemonldap-patch new file mode 100755 index 0000000..ede0e0e --- /dev/null +++ b/posttemplate/70-lemonldap-patch @@ -0,0 +1,12 @@ +#!/bin/bash + +# vérifie si le patch est déjà appliqué +grep -q 2403 /usr/share/perl5/Lemonldap/NG/Portal/UserDB/LDAP.pm && exit 0 + +# copie de sauvegarde +cp -a /usr/share/perl5/Lemonldap/NG/Portal/UserDB/LDAP.pm /usr/share/eole/lemonldap-ng/ + +# application du patch +patch -d / -p 0 < /usr/share/eole/lemonldap-ng/LDAP.pm.patch + +exit 0 From adea10270dfa687bea7d6eca98cc8d69998f501e Mon Sep 17 00:00:00 2001 From: Philippe Caseiro Date: Wed, 3 Feb 2021 15:44:14 +0100 Subject: [PATCH 2/2] Fix LDAP/CAS/Exported attributes bug --- tmpl/lmConf-1.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tmpl/lmConf-1.json b/tmpl/lmConf-1.json index 39e2589..6b5081c 100644 --- a/tmpl/lmConf-1.json +++ b/tmpl/lmConf-1.json @@ -2,9 +2,11 @@ %set %%ssoFilters = %%getSSOFilters %set %%exported_vars = ['"UA": "HTTP_USER_AGENT"'] %set %%cas_attributes = [] +%set %%ldap_attributes = ['"uid": "uid"', '"mail": "mail"','"cn":"cn"'] %for %%attr in %%casAttribute - %silent %%exported_vars.append('"' + %%attr + '": "' + %%attr + '.casLDAPAttribute"') - %silent %%cas_attributes.append('"' + %%attr + '": "' + %%attr + '.casLDAPAttribute"') + %silent %%exported_vars.append('"' + %%attr + '": "' + %%attr.casLDAPAttribute + '"') + %silent %%cas_attributes.append('"' + %%attr + '": "' + %%attr.casLDAPAttribute + '"') + %silent %%ldap_attributes.append('"' + %%attr + '": "' + %%attr.casLDAPAttribute + '"') %end for %for %%key, %%value in %%ssoFilters %silent %%exported_vars.append('"' + %%key + '": "' + %%value + '"') @@ -173,9 +175,7 @@ "ldapSearchDeref": "find", "ldapBase": "%%ldapUserBaseDN", "ldapExportedVars": { - "cn": "cn", - "mail": "mail", - "uid": "uid" + %%custom_join(%%ldap_attributes, ',\n ') }, "ldapGroupAttributeName": "memberUid", "ldapGroupAttributeNameGroup": "dn",