#!/usr/bin/perl use Env; use CGI; use FileHandle; use IPC::Open2; use IPC::Open3; use Ldapp; use MIME::Base64; ############################################################################# # user configurable section begins here, changes at own risk and peril ############################################################################# # basic variables $tmphtml="/home/admin/aoe/html/ldap"; $baseurl="http://$ENV{HTTP_HOST}/~aoe/ldap/"; $defaultserver="$ENV{HTTP_HOST}"; $defaultport=389; $defaultbase="o=OeH Uni Wien, c=AT"; $defaultqueryattribute="cn"; $0 =~ /([^\/]*?)$/; $basename="$1"; $ldappath="/home/admin/aoe/bin"; # mandatory attributes (used for long form) @mand=(["Server:","text","server","$ENV{HTTP_HOST}"], ["LDAP Port:","text","port","389"], ["Base DN:","text","base","o=Oeh Uni Wien, c=AT"], ["Rootdn:","text",rootdn,"cn=Admin, o=oeh uni wien, c=at"], ["Rootpw:","password",rootpw,""], ["Suborganisation:","text","uo",""], ["Common Name:","text","cn",""], ["Other Cname:","text","cn1",""], ["Third Cname:","text","cn2",""], ["Fourth Cname:","text","cn3",""], ["Short Name:","text","sn",""], ["User ID:","text",uid,""], ["Objectclass:","text",objectclass,luser], ["Password:","password",userPassword,""], ["Password (confirmation):","password",userPassword1,""]); # compulsory attributes (used for long form) @comp=(["Mail Address:","text",mail,""], ["Description:","text",description,""], ["Mail-forward:","text",forward,""], ["Groups:","text",groups,"users"], ["Office:","text",office,"Oeh Uni Wien"], ["Phone:","text",ophone,""], ["Fax:","text",fax,""], ["Attitude:","text",attitude,"slightly non-technical"], ["Home:","text",home,""], ["Home Phone:","text",phone,""], ["Fax:","text",fax,""], ["Home Page:","text",url,""], ["lart:","text",lart,""]); # simple interface attributes (used for simple interface) @simple=(["","hidden","server","$ENV{HTTP_HOST}"], ["","hidden","base","o=Oeh Uni Wien, c=AT"], ["","hidden","port","389"], ["Common Name:","text","cn",""], ["Short Name:","text","sn",""], ["User ID:","text",uid,""], ["Objectclass:","text",objectclass,luser]); # options for adding fields (multiple allowed) (used for modify interface) @options=( ["Other Cname:","text","cn2",""], ["Short Name:","text","sn",""], ["User ID:","text",uid,""], ["Objectclass:","text",objectclass,luser], ["Mail Address:","text",mail,""], ["Description:","text",description,""], ["Mail-forward:","text",forward,""], ["Groups:","text",groups,"users"], ["Office:","text",office,"Oeh Uni Wien"], ["Phone:","text",ophone,""], ["Fax:","text",fax,""], ["Attitude:","text",attitude,"slightly non-technical"], ["Home:","text",home,""], ["Home Phone:","text",phone,""], ["Home Page:","text",url,""], ["lart:","text",lart,""]); $docfooter="LDAP Home - Complete Form - About LDAP

(c) 1998 aoe, gw

\n"; # empty value for modify form $bullet="ignore"; ############################################################################ # user configurable section ends here, changes farther below at own risk only! ############################################################################ # sheesh, netscape Ldapp uses different semantics ... $scope =~ s/^sub$/subtree/g; $scope =~ s/^base$/samelevel/g; $scope =~ s/^one$/onelevel/g; $scope =~ s/^$/subtree/g; Env::import(); $|=1; $query=new CGI; @fields = $query->param; foreach (@fields) { $$_=$query->param($_); chomp $$_; } $nofields="^(port|modifytype|scope|server|rootdn|rootpw|cn|userPassword|action|base|debug)"; # help for dummies if (!$server){$server="$defaultserver"}; if (!$port){$port=$defaultport}; if (!$base){$base="$defaultbase"}; # basename hack for help pages if ($action eq "") { $_=$basename; if (/longform/) {$action="longform" } elsif (/modify/) { $action="modifyform"; # $debug="on"; $cn="*Hacker*"; } elsif (($#fields eq 0) && ($fields[0] eq "keywords")){ $f=$fields[0]; $action="query"; $$defaultqueryattribute="*$$f*"; $$defaultqueryattribute =~ s/\*\*\*/\*/g; }; } print < EODOCHEAD chomp $base; for(sn,uid,cn3,cn2,cn1,cn){if($$_ ne ""){$i=$_;while(/[0-9]$/){chop}; $rdn="$_=$$i"}}; if ($uo ne "") { $rdn .= ", uo=$uo"; }; $dn=$rdn; if ($base ne "") { $dn .= ", $base"}; $uth="namechangetypevalue"; $th="namevalue"; $cncount=1; if ($action eq "query") { print"OeH Uni Wien LDAP Query Result Page

LDAP Search Interface Results page

\n"; $search=""; foreach (@fields) { if ((!/$nofields/) and ("$$_" ne "")) {$search = "$_=$$_"}; }; if ($sn ne "") { $search = "sn=$sn";} if ($uid ne "") { $search = "uid=$uid";} if ($cn3 ne "") { $search = "cn=$cn3";} if ($cn2 ne "") { $search = "cn=$cn2";} if ($cn1 ne "") { $search = "cn=$cn1";} if ($cn ne "") { $search = "cn=$cn";} if ($search eq "") { $search="objectclass=*"; }; if ($scope ne "") {$scope ="-s $scope"}; $search =~ s/=(.*)$/=*$1*/; while ($search =~ s/\*\*/\*/g){;}; # phonetic search doesn't work with short strings, substring # seems more important # $search =~ s/=(..+)$/~=$1/; ### $cmd="$ldappath/ldapsearch -p $port $scope -h $server -b \"$base\" \"$search\" " . '>&/dev/stdout'; print "

Query Result for $search

\n"; $ldap = new Ldapp("$server",$port,"$Rootdn","$Rootpw"); $entry = $ldap->search("$base","$scope","$search"); &printentry if $entry; push (@data,""); while($entry = $ldap->entry) { &printentry; } $ldap->close; } elsif ($action eq "addentry") { print "

LDAP Administrative Interface Results

\n"; $urlforthis = $dn; # $urlforthis =~ s/cn/cn1/g; $urlforthis =~ s/, /&/g; $urlforthis =~ s/,/&/g; # phonetic search, great -- but clashes with regex-starts # $urlforthis =~ s/=/~=/g; $urlforthis =~ s/$base//g; $_=$base; s/=/%3d/g; $urlforthis .= "&base=$_"; $urlforthis="$url&server=$server"; $urlforthis =~ s/ /+/g; print "Request: Add $dn\n"; $addentry{dn}="$dn"; foreach (@fields) { if ((!/$nofields/ || /^cn[0-9]/) and ("$$_" ne "")) { $attribute=$_; while (/[0-9]$/){chop}; $_=$addentry{$_}; push @$_,$$attribute; }; }; if ($userPassword ne $userPassword1) { print "

passwords don't match!

\n" } elsif ($userPassword ne "") { if ($debug) { print "

input to ldapadd command:

\n"; print "
\n$ldap";
			print "userPassword: not shown\n
\n"; }; $ldapcmd="$ldappath/ldapadd -p $port -h $server -D \"$rootdn\" -w \"$rootpw\" >&/dev/stdout"; $ldapprintcmd="$ldappath/ldapadd -p $port -h $server -D \"$rootdn\" -w \"\$rootpw\" >&/dev/stdout"; print "

result for ldapadd command:

\n"; if ($debug) { print "

$ldapprintcmd

\n"}; print "
\n";
		$pid = open2( \*Reader, \*Writer, $ldapcmd);
		Writer->autoflush(); # default here, actually
		print Writer $ldap;
		print Writer "userPassword: $userPassword\n";
		close Writer;
		while ($got=) {print "$got\n"};
		close Reader;
		print "\n
\n"; }; } elsif ($action =~ /modifyform/) { print "

LDAP Administrative Interface Results

\n"; $search=""; foreach (@fields) { if ((!/$nofields/) and ("$$_" ne "")) {$search = "$_=$$_"}; }; if ($sn ne "") { $search = "sn=$sn";} if ($uid ne "") { $search = "uid=$uid";} if ($cn3 ne "") { $search = "cn=$cn3";} if ($cn2 ne "") { $search = "cn=$cn2";} if ($cn1 ne "") { $search = "cn=$cn1";} if ($cn ne "") { $search = "cn=$cn";} if ($search eq "") { $search="objectclass=*"; }; # if ($scope ne "") {$scope ="-s $scope"}; $search =~ s/=(.*)$/=*$1*/; while ($search =~ s/\*\*/\*/g){;}; print "

Modify Form for $search

\n"; # first query db whether an entry exists ... # $cmd="$ldappath/ldapsearch -p $port -h $server -b \"$base\" \"$rdn\" "; $ldap = new Ldapp("$server",$port,"$Rootdn","$Rootpw"); $entry = $ldap->search("$base","$scope","$search"); if ($debug) { print "

getting data base entry for $search

\n"; }; $#data=-1; if ($entry) {&modifyentry} else {print "

Found No Entries to Modify!

\n"}; while($entry = $ldap->entry) { &modifyentry; } $ldap->close; } elsif ($action =~ /modifyscript/) { print "

LDAP Administrative Interface Results

\n"; print "

Request Type: Modify "; $urlforthis = $dn; $urlforthis =~ s/$base//g; # $urlforthis =~ s/cn/cn1/g; $urlforthis =~ s/,\s*/&/g; # phonetic search, great -- but clashes with regex-starts # $urlforthis =~ s/=/~=/g; $_=$base; s/=/%3d/g; $urlforthis .= "&base=$_"; $urlforthis .= "&server=$server"; $urlforthis =~ s/ /+/g; print "$dn

\n"; # print "$_
\n"; # $ldap="dn: $dn\nchangetype: modify\n"; $ldap="$dn\n"; if ($cn1 ne "") { $ldap .= "$modify: cn\ncn: $cn1\n";} if ($cn2 ne "") { $ldap .= "$modify: cn\ncn: $cn2\n";} if ($cn3 ne "") { $ldap .= "$modify: cn\ncn: $cn3\n";} foreach $attribute (@fields) { $modifytype="modifytype$attribute"; if ($debug){print "$attribute: $$attribute ($$modifytype)
\n";}; $_=$$modifytype; if (/add/) { $attribute=$_; while (/[0-9]$/){chop}; $ldap .= "+$_=$$attribute\n" } elsif (/replace/) { $attribute=$_; while (/[0-9]$/){chop}; $ldap .= "$_=$$attribute\n" } elsif (/delete/) { $attribute=$_; $ldap .= "-$_=$$attribute\n"; }; }; chomp $userPassword; chomp $userPassword1; if ($userPassword ne $userPassword1) { print "

passwords don't match, not changed!

\n"; } elsif ($userPassword ne "") { $ldap.="userPassword=$userPassword\n"; }; $ldapcmd="$ldappath/ldapmodify -p $port -v -h $server -D \"$rootdn\" -w \"$rootpw\" " . '>&/dev/stdout'; $ldapprintcmd="$ldappath/ldapmodify -p $port -v -h $server -D \"$rootdn\" -w \"\$rootpw\" " . '>&/dev/stdout'; if ($debug) { print "

$ldapprintcmd

\n"}; $pid = open2( \*Reader, \*Writer, $ldapcmd); Writer->autoflush(); # default here, actually print Writer $ldap; close Writer; print "

result for ldapmodify command:

\n"; print "
\n";
	while ($got=) {print "$got\n"};
	close Reader;
	print "
\n"; if ($debug ne "") { print "

ldapmodify input

\n"; print "
\n$ldap";
		print "
\n"; }; } elsif ($action eq "clearfield") { print "

LDAP Administrative Interface Results

\n"; print "

Request Type: Clear Field Value

\n"; $prefix="dn: $dn\nchangetype: modify\n"; $ldap=$prefix; if ($cn1 ne "") { $ldap .= "delete: cn\n";} if ($cn2 ne "") { $ldap .= "delete: cn\n";} if ($cn3 ne "") { $ldap .= "delete: cn\n";} foreach (@fields) { if ((!/$nofields/) and ("$$_" =~ /^[dD][eE][lL]/)) {$ldap .= "delete: $_\n"}; }; $ldapcmd="$ldappath/ldapmodify -p $port -v -h $server -D \"$rootdn\" -w \"$rootpw\" " . '>&/dev/stdout'; $ldapprintcmd="$ldappath/ldapmodify -p $port -v -h $server -D \"$rootdn\" -w \"\$rootpw\" " . '>&/dev/stdout'; if ($debug) { print "

LDAP call and data

$ldapprintcmd

$ldap"; 
		print "
\n"; }; $pid = open2( \*Reader, \*Writer, $ldapcmd); Writer->autoflush(); # default here, actually print Writer $ldap; close Writer; print "

LDAP reply

\n
\n";
	while ($got=) {print "$got\n"};
	close Reader;
	print "
\n"; $cmd="$ldappath/ldapsearch -p $port -h $server -b \"$base\" \"cn=$cn\" " . '>&/dev/stdout'; print "

New Values

\n"; if ($debug) {print "

$cmd

\n"}; print ("
\n" . `$cmd` . "\n
\n"); } elsif ($action eq "deleteentry") { print "

LDAP Administrative Interface Results

\n"; print "

Request Type: Delete Entry

\n"; $ldap="dn: $dn\ncn: $cn\n"; $search=""; if ($sn ne "") { $search = "sn=$sn";} if ($uid ne "") { $search = "uid=$uid";} if ($cn3 ne "") { $search = "cn=$cn3";} if ($cn2 ne "") { $search = "cn=$cn2";} if ($cn1 ne "") { $search = "cn=$cn1";} if ($cn ne "") { $search = "cn=$cn";} if ($search eq "") { $search="objecttype=*"}; $cmd="$ldappath/ldapsearch -p $port -h $server -b \"$base\" \"$search\" " . '>&/dev/stdout'; if ($debug) {print "

searching thru data base for viable entries

\n"; print "

$cmd

\n
";
	};
	open DELS, "$cmd |"; 
	while ($_=) {
		if (/,/) { 
			chomp;
			push @dels, $_;
 			if ($debug) {print $_};
		}; 
	};
	close DELS;
	if (@dels < 0) { 
		print "No data set found to be deleted!\n" 
	} elsif ($dels == 0) {
		$ldapcmd="$ldappath/ldapdelete -p $port -v -h $server -D \"$rootdn\" -w \"$rootpw\" \"$dels[0]\" " .'>&/dev/stdout';
		$ldapprintcmd="$ldappath/ldapdelete -p $port -h $server -D \"$rootdn\" -w \"\$rootpw\" \"$dels[0]\" " . '>&/dev/stdout';
		print "
result for ldapdelete command:
\n";
		if ($debug) { print "
$ldapprintcmd
\n"}; 
		print ("
\n" . `$ldapcmd` . "\n
\n");
	
	} else {
		print "
ldapdelete not executed, more than one possible data sets:
\n
\n";
		foreach (@dels) {print $_ };
		print "\n
\n
pleasy try being more specific and mind your spelling!
\n";
	};
} elsif ($action eq "longform") { ####### long interface form ##############

print <Long Access Form for Oeh Uni Wien LDAP Service


LDAP Directory Access Form


  • 

    

Search Scope: 



$th
EODOC
for  (@mand) {
($desc, $input, $name, $value)=@$_;
print ("\n");};
print "\n$th\n";
for  (@comp) {
($desc, $input, $name, $value)=@$_;
print ("\n");};

print <

     debug

     



    Help for this form
    
EODOC
} else { ############################### simple interface form ############
print <Access Form for Oeh Uni Wien LDAP Service


    LDAP Directory Access Form
    

  • 

    





    • 

    Mandatory Attributes
    $desc
    Compulsory Attributes
    $desc
    
$th
EODOC
for  (@simple) {
($desc, $input, $name, $value)=@$_;
print ("\n");};

print <

     debug

     



    Help Page for this form
    
EODOC
};
print $docfooter;
close STDOUT;
close STDERR;
close STDIN;
exit 0;

sub options {
	$options="    \n$uth\n";
	for  (@options) {
		($desc, $input, $name, $value)=@$_;
		/^([^=]*)=(.*)$/;
		$count="";
		$cn{count}=1;
		if ($$name{count} ne 0) {$count = $$name{count} };
		$$name{count} ++;
		$options .= "
\n";
	};
};
sub printentry {
	  $dn=join(' ',@$entry{dn});
	  $url=$dn;
#	  $url =~ s/cn/cn1/g;
	  $url =~ s/, /&/g;
	  $url =~ s/,/&/g;
#    phonetic search, great -- but clashes with regex-stars
#    $url =~ s/=/~=/g;
	  $url =~ s/$base//g;
	  $_=$base;
	  s/=/%3d/g;
	  $url .= "&base=$_";
	  $url="$url&server=$server";
	  $url =~ s/ /+/g;
	  
	  print "
    dn: $dn
    \n
    \n";  
	  for $i (@$entry{ocorder}) {
	    for $j (@$i) {
	      print "$j: ";
	      for $k (@$entry{$j}) {
		$binarycount=0;
		for $l (@$k) {
		  if ($l =~ /[\200-\377]/ and $binarycount == 0) {
		    $binarycount=1;
	# fucking ldapp has some strcpy that terminates at null bytes. sheesh ...
		    $l=`$ldappath/ldapsearch -t -p $port $scope -h $server -b \"$base\" \"$search\" \"$j\" >&/dev/stdout`;
		    if ($debug) {print "
    \n$l\n\n"};
		    while ( $l =~ s/.*$j=(.*[0-9])$//m) {
		    
		      $tmpname="tmp-ldap-".time.$imagecount;
		      $imagecount++;
		      system("find $tmphtml -name \"tmp-*\" -amin +5 -exec rm \\{\\} \\; ; mv $1 $tmphtml/$tmpname.file");
		      $_=`file $tmphtml/$tmpname.file`;
		      if (/JPEG/) {
			system("mv $tmphtml/$tmpname.file $tmphtml/$tmpname.jpeg");
			print "\"JPEG ";
		      } elsif (/GIF/) {
			system("mv $tmphtml/$tmpname.file $tmphtml/$tmpname.gif");
			print "\"GIF ";
		      } elsif (/Sun\/NeXT/) {
			system("mv $tmphtml/$tmpname.file $tmphtml/$tmpname.au");
			print "Sun Audio File ";
		      } elsif (/MIDI/) {
			system("mv $tmphtml/$tmpname.file $tmphtml/$tmpname.midi");
			print "MIDI File ";
		      } elsif (/MP3/) {
			system("mv $tmphtml/$tmpname.file $tmphtml/$tmpname.mp3");
			print "MP3 audio file ";
		      } else {
			print "Unknown binary file ";
		      };
		    };
		  } elsif ($binarycount == 0) {
		    print "$l ";  
		  };
		};
		print "
    \n";
	      };
	    };
	  }
	print "
    \n";
};
sub modifyentry {
	  $dn=join(' ',@$entry{dn});
	  $url=$dn;
#	  $url =~ s/cn/cn1/g;
	  $url =~ s/, /&/g;
	  $url =~ s/,/&/g;
#    phonetic search, great -- but clashes with regex-stars
#    $url =~ s/=/~=/g;
	  $url =~ s/$base//g;
	  $_=$base;
	  s/=/%3d/g;
	  $url .= "&base=$_";
	  $url="$url&server=$server";
	  $url =~ s/ /+/g;
	  print <dn: $dn\n
      

    



     


    

    Search Attributes
    $desc
    additional attributes
     $desc 




    
$th

$uth
EOHEAD
	  for $i (@$entry{ocorder}) {
	    for $j (@$i) {
#	      print "$j: ";
	      for $k (@$entry{$j}) {
		$binarycount=0;
		for $l (@$k) {
		  if ($l =~ /[\200-\377]/ and $binarycount == 0) {
		    print "\n";
		  } elsif ($binarycount == 0) {
                    $count="";
# ?????             $cn{count}=1;
                    if ($$j{count} ne 0) {$count = $$j{count} };
                    $$j{count} ++;
		    print <
EOVALUE
		  };
		};
#		print "
    \n";
	      };
	    };
	  }
	  &options;
print <
$options

     Server: 


     Base DN:    


     Rootdn:    


     Rootpw:    


     $j: \n";
		    $binarycount=1;
# fucking ldapp has some strcpy that terminates at null bytes. sheesh ...
		    $l="$ldappath/ldapsearch -t -p $port -h $server -b \"$base\" \"$search\" \"$j\" >&/dev/stdout";
		    if ($debug) {print "
    \n$l\n\n"};
		    $l=`$l`;
		    if ($debug) {print "
    \n$l\n\n"};
		    while ( $l =~ s/.*$j=(.*[0-9])$//m) {
		    
		      $tmpname="tmp-ldap-".time.$imagecount;
		      $imagecount++;
		      system("find $tmphtml -name \"tmp-*\" -amin +5 -exec rm \\{\\} \\; ; mv $1 $tmphtml/$tmpname.file");
		      $_=`file $tmphtml/$tmpname.file`;
		      if (/JPEG/) {
			system("mv $tmphtml/$tmpname.file $tmphtml/$tmpname.jpeg");
			print "\"JPEG ";
		      } elsif (/GIF/) {
			system("mv $tmphtml/$tmpname.file $tmphtml/$tmpname.gif");
			print "\"GIF ";
		      } elsif (/Sun\/NeXT/) {
			system("mv $tmphtml/$tmpname.file $tmphtml/$tmpname.au");
			print "Sun Audio File ";
		      } elsif (/MIDI/) {
			system("mv $tmphtml/$tmpname.file $tmphtml/$tmpname.midi");
			print "MIDI File ";
		      } elsif (/MP3/) {
			system("mv $tmphtml/$tmpname.file $tmphtml/$tmpname.mp3");
			print "MP3 audio file ";
		      } else {
			print "Unknown binary file ";
		      };
		    };
		    print "
     $j: 




     userPassword: 


     userPassword (confirmation): 


    

     debug

     



    Help for this Form
    
EOFOOT
	print "
    \n";
};