wiki-archive/twiki/lib/TWiki/Users/LdapTdwgUserMapping.pm

326 lines
8.8 KiB
Perl
Raw Normal View History

# Module of TWiki Enterprise Collaboration Platform, http://TWiki.org/
#
# Copyright (C) 2007 Sven Dowideit, SvenDowideit@home.org.au
# and TWiki Contributors. All Rights Reserved. TWiki Contributors
# are listed in the AUTHORS file in the root of this distribution.
# NOTE: Please extend that file, not this notice.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version. For
# more details read LICENSE in the root of this distribution.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
#
# As per the GPL, removal of this notice is prohibited.
=begin twiki
---+ package TWiki::Users::LdapTdwgUserMapping
User mapping is the process by which TWiki maps from a username (a login name) to a wikiname and back. It is also
where groups are maintained.
By default TWiki maintains user topics and group topics in the %MAINWEB% that
define users and group. These topics are
* !TWikiUsers - stores a mapping from usernames to TWiki names
* !WikiName - for each user, stores info about the user
* !GroupNameGroup - for each group, a topic ending with "Group" stores a list of users who are part of that group.
Many sites will want to override this behaviour, for example to get users and groups from a corporate database.
This class implements the basic TWiki behaviour using topics to store users, but is also designed to be subclassed
so that other services can be used.
Subclasses should be named 'XxxxUserMapping' so that configure can find them.
*All* methods in this class should be implemented by subclasses.
=cut
package TWiki::Users::LdapTdwgUserMapping;
use strict;
use strict;
use Assert;
use TWiki::User;
use TWiki::Time;
use Net::LDAP;
use Error qw( :try );
#@TWiki::Users::LdapTdwgUserMapping::ISA = qw( TWiki::Users::TWikiUserMapping );
=pod
---++ ClassMethod new( $session ) -> $object
Constructs a new user mapping handler of this type, referring to $session
for any required TWiki services.
=cut
sub new {
my( $class, $session ) = @_;
my $this = bless( {}, $class );
$this->{session} = $session;
%{$this->{U2W}} = ();
%{$this->{W2U}} = ();
return $this;
}
=pod
---++ ObjectMethod finish
Complete processing after the client's HTTP request has been responded
to.
1 breaking circular references to allow garbage collection in persistent
environments
=cut
sub finish {
my $this = shift;
}
# callback for search function to collate results
sub _collateGroups {
my $ref = shift;
my $group = shift;
return unless $group;
my $groupObject = $ref->{users}->findUser( $group );
push (@{$ref->{list}}, $groupObject) if $groupObject;
}
# get a list of groups defined in this TWiki
=pod
---++ ObjectMethod getListOfGroups( ) -> @listOfUserObjects
Get a list of groups defined by the mapping manager. By default,
TWiki defines groups using topics in the Main web. Subclasses should
override this to list groups from their own databases.
Returns a list of TWiki::User objects, one per group.
=cut
sub getListOfGroups {
my $this = shift;
ASSERT($this->isa( 'TWiki::Users::LdapTdwgUserMapping')) if DEBUG;
my @list;
my $users = $this->{session}->{users};
$this->{session}->{search}->searchWeb
(
_callback => \&_collateGroups,
_cbdata => { list => \@list, users => $users },
inline => 1,
search => "Set GROUP =",
web => $TWiki::cfg{UsersWebName},
topic => "*Group",
type => 'regex',
nosummary => 'on',
nosearch => 'on',
noheader => 'on',
nototal => 'on',
noempty => 'on',
format => '$web.$topic',
separator => '',
);
return @list;
}
=pod
---++ ObjectMethod addUserToMapping( $user, $addingUser ) -> $topicName
RSP: extended from parent class.
Add a user to the persistant mapping that maps from usernames to wikinames
and vice-versa. The default implementation uses a special topic called
"TWikiUsers" in the users web. Subclasses will provide other implementations
(usually stubs if they have other ways of mapping usernames to wikinames).
Group names must be acceptable to $TWiki::cfg{NameFilter}
$user is the user being added. $addingUser is the user doing the adding.
=cut
sub addUserToMapping {
# this is handled by TDWG Typo3 instance
return;
}
=pod
---++ ObjectMethod lookupLoginName($username) -> $wikiName
Map a username to the corresponding wikiname. This is used for lookups during
user resolution, and should be as fast as possible.
=cut
sub lookupLoginName {
my ($this, $loginUser) = @_;
$this->_loadMapping();
return $this->{U2W}{$loginUser};
}
=pod
---++ Objectmethod lookupWikiName($wikiname) -> $username
Map a wikiname to the corresponding username. This is used for lookups during
user resolution, and should be as fast as possible.
=cut
sub lookupWikiName {
my ($this, $wikiName) = @_;
$this->_loadMapping();
return $this->{W2U}{$wikiName};
}
=pod
---++ ObjectMethod getListOfAllWikiNames() -> @wikinames
Returns a list of all wikinames of users known to the mapping manager.
=cut
sub getListOfAllWikiNames {
my ( $this ) = @_;
ASSERT($this->isa( 'TWiki::Users::LdapTdwgUserMapping')) if DEBUG;
$this->_loadMapping();
return keys(%{$this->{W2U}});
}
# Build hash to translate between username (e.g. jsmith)
# and WikiName (e.g. Main.JaneSmith).
#
# RSP: extended from parent class.
sub _loadMapping {
my $this = shift;
ASSERT($this->isa( 'TWiki::Users::LdapTdwgUserMapping')) if DEBUG;
return if $this->{CACHED};
$this->{CACHED} = 1;
# load all non-blocked users from LDAP directory
my $ldap = Net::LDAP->new($TWiki::cfg{LdapPasswd}{Host});
$ldap->bind(
$TWiki::cfg{LdapPasswd}{AdminDN},
password => $TWiki::cfg{LdapPasswd}{AdminPwd}
);
# perform a search
my $entries = $ldap->search(
base => $TWiki::cfg{LdapPasswd}{BaseDN},
filter => "(!(employeeType=*Disabled*))"
);
my @entries = $entries->entries();
foreach my $entry ( @entries ) {
my $wikiname = $entry->get_value("uid");
# user name and login name are the same in TDWG user database
$this->_cacheUser(undef, $wikiname, $wikiname) if $wikiname;
}
$ldap->unbind; # take down session
}
sub _cacheUser {
my($this, $web, $wUser, $lUser) = @_;
$web ||= $TWiki::cfg{UsersWebName};
$lUser ||= $wUser;# userid
# FIXME: Should filter in for security...
# SMELL: filter prevents use of password managers with wierd usernames,
# like the DOMAIN\username used in the swamp of despair.
$lUser =~ s/$TWiki::cfg{NameFilter}//go;
my $wwn = $web.'.'.$wUser;
$this->{U2W}{$lUser} = $wwn;
$this->{W2U}{$wwn} = $lUser;
}
=pod
---++ ObjectMethod groupMembers($group) -> @members
Return a list of user objects that are members of this group. Should only be
called on groups.
Note that groups may be defined recursively, so a group may contain other
groups. This method should *only* return users i.e. all contained groups
should be fully expanded.
=cut
sub groupMembers {
my $this = shift;
my $group = shift;
ASSERT($this->isa( 'TWiki::Users::LdapTdwgUserMapping')) if DEBUG;
my $store = $this->{session}->{store};
if( !defined $group->{members} &&
$store->topicExists( $group->{web}, $group->{wikiname} )) {
my $text =
$store->readTopicRaw( undef,
$group->{web}, $group->{wikiname},
undef );
foreach( split( /\r?\n/, $text ) ) {
if( /$TWiki::regex{setRegex}GROUP\s*=\s*(.+)$/ ) {
next unless( $1 eq 'Set' );
# Note: if there are multiple GROUP assignments in the
# topic, only the last will be taken.
$group->{members} =
$this->{session}->{users}->expandUserList( $2 );
}
}
# backlink the user to the group
foreach my $user ( @{$group->{members}} ) {
push( @{$user->{groups}}, $group );
}
}
return $group->{members};
}
=pod
---++ ObjectMethod isGroup($user) -> boolean
Establish if a user object refers to a user group or not.
The default implementation is to check if the wikiname of the user ends with
'Group'. Subclasses may override this behaviour to provide alternative
interpretations. The $TWiki::cfg{SuperAdminGroup} is recognized as a
group no matter what it's name is.
=cut
sub isGroup {
my ($this, $user) = @_;
ASSERT($user->isa( 'TWiki::User')) if DEBUG;
return $user->wikiName() =~ /Group$/;
}
1;