#!/usr/bin/perl use Env; use CGI; use FileHandle; use IPC::Open2; use IPC::Open3; ############################################################################# # user configurable section begins here, changes at own risk and peril ############################################################################# # basic variables $ldappath="/home/admin/aoe/bin"; $baseurl="http://$ENV{HTTP_HOST}/~aoe/ldap/"; $defaultserver="$ENV{HTTP_HOST}"; $defaultport=389; $defaultbase="o=OeH Uni Wien, c=AT"; $defaultqueryattribute="cn1"; $0 =~ /([^\/]*?)$/; $basename="$1"; # mandatory attributes (used for long form) @mand=(["Server:","text","server","$ENV{HTTP_HOST}"], ["LDAP Port:","text","port","389"], ["Base DN:","text","base","o=Oeh Uni Wien, c=AT"], ["Rootdn:","text",rootdn,"cn=Admin, o=oeh uni wien, c=at"], ["Rootpw:","password",rootpw,""], ["Suborganisation:","text","uo",""], ["Common Name:","text","cn1",""], ["Other Cname:","text","cn2",""], ["Third Cname:","text","cn3",""], ["Fourth Cname:","text","cn4",""], ["Short Name:","text","sn",""], ["User ID:","text",uid,""], ["Objectclass:","text",objectclass,luser], ["Password:","password",userPassword,""], ["Password (confirmation):","password",userPassword1,""]); # compulsory attributes (used for long form) @comp=(["Mail Address:","text",mail,""], ["Description:","text",description,""], ["Mail-forward:","text",forward,""], ["Groups:","text",groups,"users"], ["Office:","text",office,"Oeh Uni Wien"], ["Phone:","text",ophone,""], ["Fax:","text",fax,""], ["Attitude:","text",attitude,"slightly non-technical"], ["Home:","text",home,""], ["Home Phone:","text",phone,""], ["Fax:","text",fax,""], ["Home Page:","text",url,""], ["lart:","text",lart,""]); # simple interface attributes (used for simple interface) @simple=(["","hidden","server","$ENV{HTTP_HOST}"], ["","hidden","base","o=Oeh Uni Wien, c=AT"], ["","hidden","port","389"], ["Common Name:","text","cn1",""], ["Short Name:","text","sn",""], ["User ID:","text",uid,""], ["Objectclass:","text",objectclass,luser]); # options for adding fields (multiple allowed) (used for modify interface) @options=( ["Other Cname:","text","cn2",""], ["Short Name:","text","sn",""], ["User ID:","text",uid,""], ["Objectclass:","text",objectclass,luser], ["Mail Address:","text",mail,""], ["Description:","text",description,""], ["Mail-forward:","text",forward,""], ["Groups:","text",groups,"users"], ["Office:","text",office,"Oeh Uni Wien"], ["Phone:","text",ophone,""], ["Fax:","text",fax,""], ["Attitude:","text",attitude,"slightly non-technical"], ["Home:","text",home,""], ["Home Phone:","text",phone,""], ["Home Page:","text",url,""], ["lart:","text",lart,""]); $docfooter="LDAP Home - Complete Form - About LDAP

(c) 1998 aoe, gw

\n"; # empty value for modify form $bullet="ignore"; ############################################################################ # user configurable section ends here, changes farther below at own risk only! ############################################################################ Env::import(); $|=1; $query=new CGI; @fields = $query->param; foreach (@fields) { $$_=$query->param($_); chomp $$_; } $nofields="^(port|modifytype|scope|server|rootdn|rootpw|cn|userPassword|action|base|debug)"; # help for dummies if (!$server){$server="$defaultserver"}; if (!$port){$port=$defaultport}; if (!$base){$base="$defaultbase"}; # basename hack for help pages if ($action eq "") { $_=$basename; if (/longform/) {$action="longform" } elsif (/modify/) { $action="modifyform"; # $debug="on"; $cn1="*Hacker*"; } elsif (($#fields eq 0) && ($fields[0] eq "keywords")){ $f=$fields[0]; $action="query"; $$defaultqueryattribute="*$$f*"; $$defaultqueryattribute =~ s/\*\*\*/\*/g; }; } print < EODOCHEAD chomp $base; for(sn,uid,cn4,cn3,cn2,cn1){if($$_ ne ""){$i=$_;while(/[0-9]$/){chop}; $rdn="$_=$$i"}}; if ($uo ne "") { $rdn .= ", uo=$uo"; }; $dn=$rdn; if ($base ne "") { $dn .= ", $base"}; $uth="namechangetypevalue"; $th="namevalue"; $cncount=1; if ($action eq "query") { print"OeH Uni Wien LDAP Query Result Page

LDAP Search Interface Results page

\n"; $search=""; foreach (@fields) { if ((!/$nofields/) and ("$$_" ne "")) {$search = "$_=$$_"}; }; if ($sn ne "") { $search = "sn=$sn";} if ($uid ne "") { $search = "uid=$uid";} if ($cn4 ne "") { $search = "cn=$cn4";} if ($cn3 ne "") { $search = "cn=$cn3";} if ($cn2 ne "") { $search = "cn=$cn2";} if ($cn1 ne "") { $search = "cn=$cn1";} if ($search eq "") { $search="objectclass=*"; }; if ($scope ne "") {$scope ="-s $scope"}; $search =~ s/=(.*)$/=*$1*/; while ($search =~ s/\*\*/\*/g){;}; # phonetic search doesn't work with short strings, substring # seems more important # $search =~ s/=(..+)$/~=$1/; $cmd="$ldappath/ldapsearch -p $port $scope -h $server -b \"$base\" \"$search\" " . '>&/dev/stdout'; print "

Query Result for $search

\n"; if ($debug) {print "

$cmd

\n
\n"}; 
	$#data=-1;
	$pid = open3( \*Writer, \*Reader, \*Stderr, $cmd);
	Writer->autoflush(); # default here, actually
	while ($_=) {
		chomp;
		push @data, $_;
 		if ($debug) {print "$_\n"};
	};
	close Writer;
	close Reader;
 	if ($debug) {print "
\n"}; $out=""; while ($_=) { $out.=$_; }; close Stderr; while (chomp $out){;}; if ($out ne "") {print "

LDAP Search response

\n
\n$out\n
\n";}; for (@data) {if (/^([^=]*)=NOT ASCII$/) { $value=$_; print "$1="; $cmd="$ldappath/ldapsearch -p $port -t -h $server -b \"$base\" \"$search\" $1" . '>&/dev/stdout'; $_=`$cmd`; /(\/tmp\/ldapsearch.*[0-9]+)/; $time=time; system "mv $1 ./tmp-$time$imagecount.jpeg"; print "$1

\"$value\"

\n"; $imagecount++; } elsif (/^([^=]*)=([^=]*),/) { $dn=$_; $url = $_; $url =~ s/cn/cn1/g; $url =~ s/, /&/g; $url =~ s/,/&/g; # phonetic search, great -- but clashes with regex-starts # $url =~ s/=/~=/g; $url =~ s/$base//g; $_=$base; s/=/%3d/g; $url .= "&base=$_"; $url="$url&server=$server"; $url =~ s/ /+/g; print "

$dn

\n"; } else { print "$_
\n" }} } elsif ($action eq "addentry") { print "

LDAP Administrative Interface Results

\n"; print "

Request Type: Add

\n"; $ldap="dn: $dn\ncn: $cn1\n"; if ($cn2 ne "") { $ldap .= "cn: $cn2\n";} if ($cn3 ne "") { $ldap .= "cn: $cn3\n";} if ($cn4 ne "") { $ldap .= "cn: $cn4\n";} foreach (@fields) { if ((!/$nofields/) and ("$$_" ne "")) {$ldap .= "$_: $$_\n"}; }; if ($userPassword ne $userPassword1) { print "

passwords don't match!

\n" } else { if ($debug) { print "

input to ldapadd command:

\n"; print "
\n$ldap";
			print "userPassword: not shown\n
\n"; }; $ldapcmd="$ldappath/ldapadd -p $port -h $server -D \"$rootdn\" -w \"$rootpw\" >&/dev/stdout"; $ldapprintcmd="$ldappath/ldapadd -p $port -h $server -D \"$rootdn\" -w \"\$rootpw\" >&/dev/stdout"; print "

result for ldapadd command:

\n"; if ($debug) { print "

$ldapprintcmd

\n"}; print "
\n";
		$pid = open2( \*Reader, \*Writer, $ldapcmd);
		Writer->autoflush(); # default here, actually
		print Writer $ldap;
		print Writer "userPassword: $userPassword\n";
		close Writer;
		while ($got=) {print "$got\n"};
		close Reader;
		print "\n
\n"; }; } elsif ($action =~ /modifyform/) { print "

LDAP Administrative Interface Results

\n"; print "

Modify Form

\n"; # first query db whether an entry exists ... $cmd="$ldappath/ldapsearch -p $port -h $server -b \"$base\" \"$rdn\" "; if ($debug) { print "

getting data base entry for $rdn

\n"; print "

$cmd

\n
\n";
	};
	$#data=-1;
	$pid = open3( \*Writer, \*Reader, \*Stderr, $cmd);
	Writer->autoflush(); # default here, actually
	while ($_=) {
		chomp;
		push @data, $_;
 		if ($debug) {print "$_\n"};
	};
	close Writer;
	close Reader;
 	if ($debug) {print "
\n"}; $out=""; while ($_=) { $out.=$_; }; close Stderr; while (chomp $out){;}; if ($out ne "") {print "

LDAP Search response

\n
\n$out\n
\n";}; if (@data < 0) { print "

Error

\n

No data set found for editing!

\n"; } else { $cncount=1; for (@data) { if (/^([^=]*)=[^=]*,/) { print <Edit Entry $_

$th $uth EOHEAD } elsif (!/^$/) { /^([^=]*)=(.*)$/; $count=""; $cn{count}=1; if ($$1{count} ne 0) {$count = $$1{count} }; $$1{count} ++; print < EOVALUE } else { &options; print < $options
Server:
Base DN:
Rootdn:
Rootpw:
$1:
userPassword:
userPassword (confirmation):

debug

Help for this Form

EOBREAK }; # if }; # for &options; print < userPassword: userPassword (confirmation): $options
debug

Help for this Form

EOFOOT }; # if @data == -1 } elsif ($action =~ /modifyscript/) { print "

LDAP Administrative Interface Results

\n"; print "

Request Type: Modify "; $url = $dn; $url =~ s/cn/cn1/g; $url =~ s/, /&/g; $url =~ s/,/&/g; # phonetic search, great -- but clashes with regex-starts # $url =~ s/=/~=/g; $url =~ s/$base//g; $_=$base; s/=/%3d/g; $url .= "&base=$_"; $url="$url&server=$server"; $url =~ s/ /+/g; print "$dn

\n"; # print "$_
\n"; # $ldap="dn: $dn\nchangetype: modify\n"; $ldap="$dn\n"; if ($cn2 ne "") { $ldap .= "$modify: cn\ncn: $cn2\n";} if ($cn3 ne "") { $ldap .= "$modify: cn\ncn: $cn3\n";} if ($cn4 ne "") { $ldap .= "$modify: cn\ncn: $cn4\n";} foreach $attribute (@fields) { $modifytype="modifytype$attribute"; if ($debug){print "$attribute: $$attribute ($$modifytype)
\n";}; $_=$$modifytype; if (/add/) { $_=$attribute; while (/[0-9]$/){chop}; $ldap .= "+$_=$$attribute\n" } elsif (/replace/) { $_=$attribute; while (/[0-9]$/){chop}; $ldap .= "$_=$$attribute\n" } elsif (/delete/) { $_=$attribute; $ldap .= "-$_=$$attribute\n"; }; }; if ($userPassword eq $userPassword1 && $userPassword ne "") { $ldap.="replace: userPassword\nuserPassword: $userPassword\n"; }; $ldapcmd="$ldappath/ldapmodify -p $port -v -h $server -D \"$rootdn\" -w \"$rootpw\" " . '>&/dev/stdout'; $ldapprintcmd="$ldappath/ldapmodify -p $port -v -h $server -D \"$rootdn\" -w \"\$rootpw\" " . '>&/dev/stdout'; if ($debug) { print "

$ldapprintcmd

\n"}; $pid = open2( \*Reader, \*Writer, $ldapcmd); Writer->autoflush(); # default here, actually print Writer $ldap; close Writer; print "

result for ldapmodify command:

\n"; print "
\n";
	while ($got=) {print "$got\n"};
	close Reader;
	print "
\n"; if ($debug ne "") { print "

ldapmodify input

\n"; print "
\n$ldap";
		print "
\n"; }; } elsif ($action eq "clearfield") { print "

LDAP Administrative Interface Results

\n"; print "

Request Type: Clear Field Value

\n"; $prefix="dn: $dn\nchangetype: modify\n"; $ldap=$prefix; if ($cn2 ne "") { $ldap .= "delete: cn\n";} if ($cn3 ne "") { $ldap .= "delete: cn\n";} if ($cn4 ne "") { $ldap .= "delete: cn\n";} foreach (@fields) { if ((!/$nofields/) and ("$$_" =~ /^[dD][eE][lL]/)) {$ldap .= "delete: $_\n"}; }; $ldapcmd="$ldappath/ldapmodify -p $port -v -h $server -D \"$rootdn\" -w \"$rootpw\" " . '>&/dev/stdout'; $ldapprintcmd="$ldappath/ldapmodify -p $port -v -h $server -D \"$rootdn\" -w \"\$rootpw\" " . '>&/dev/stdout'; if ($debug) { print "

LDAP call and data

$ldapprintcmd

$ldap"; 
		print "
\n"; }; $pid = open2( \*Reader, \*Writer, $ldapcmd); Writer->autoflush(); # default here, actually print Writer $ldap; close Writer; print "

LDAP reply

\n
\n";
	while ($got=) {print "$got\n"};
	close Reader;
	print "
\n"; $cmd="$ldappath/ldapsearch -p $port -h $server -b \"$base\" \"cn=$cn1\" " . '>&/dev/stdout'; print "

New Values

\n"; if ($debug) {print "

$cmd

\n"}; print ("
\n" . `$cmd` . "\n
\n"); } elsif ($action eq "deleteentry") { print "

LDAP Administrative Interface Results

\n"; print "

Request Type: Delete Entry

\n"; $ldap="dn: $dn\ncn: $cn1\n"; $search=""; if ($sn ne "") { $search = "sn=$sn";} if ($uid ne "") { $search = "uid=$uid";} if ($cn4 ne "") { $search = "cn=$cn4";} if ($cn3 ne "") { $search = "cn=$cn3";} if ($cn2 ne "") { $search = "cn=$cn2";} if ($cn1 ne "") { $search = "cn=$cn1";} if ($search eq "") { $search="objecttype=*"}; $cmd="$ldappath/ldapsearch -p $port -h $server -b \"$base\" \"$search\" " . '>&/dev/stdout'; if ($debug) {print "

searching thru data base for viable entries

\n"; print "

$cmd

\n
";
	};
	open DELS, "$cmd |"; 
	while ($_=) {
		if (/,/) { 
			chomp;
#			$_ =~ s/, $base//;
			push @dels, $_;
 			if ($debug) {print $_};
		}; 
	};
	close DELS;
	if (@dels < 0) { 
		print "No data set found to be deleted!\n" 
	} elsif ($dels == 0) {
		$ldapcmd="$ldappath/ldapdelete -p $port -v -h $server -D \"$rootdn\" -w \"$rootpw\" \"$dels[0]\" " .'>&/dev/stdout';
		$ldapprintcmd="$ldappath/ldapdelete -p $port -h $server -D \"$rootdn\" -w \"\$rootpw\" \"$dels[0]\" " . '>&/dev/stdout';
		print "
result for ldapdelete command:
\n";
		if ($debug) { print "
$ldapprintcmd
\n"}; 
		print ("
\n" . `$ldapcmd` . "\n
\n");
	
	} else {
		print "
ldapdelete not executed, more than one possible data sets:
\n
\n";
		foreach (@dels) {print $_ };
		print "\n
\n
pleasy try being more specific and mind your spelling!
\n";
	};
} elsif ($action eq "longform") { ####### long interface form ##############

print <Long Access Form for Oeh Uni Wien LDAP Service


LDAP Directory Access Form


  • 

    

Search Scope: 



$th
EODOC
for  (@mand) {
($desc, $input, $name, $value)=@$_;
print ("\n");};
print "\n$th\n";
for  (@comp) {
($desc, $input, $name, $value)=@$_;
print ("\n");};

print <

     debug

     



    Help for this form
    
EODOC
} else { ############################### simple interface form ############
print <Access Form for Oeh Uni Wien LDAP Service


    LDAP Directory Access Form
    

  • 

    





    • 

    Mandatory Attributes
    $desc
    Compulsory Attributes
    $desc
    
$th
EODOC
for  (@simple) {
($desc, $input, $name, $value)=@$_;
print ("\n");};

print <

     debug

     



    Help Page for this form
    
EODOC
};
print $docfooter;
close STDOUT;
close STDERR;
close STDIN;
exit 0;

sub options {
	$options="    \n$uth\n";
	for  (@options) {
		($desc, $input, $name, $value)=@$_;
		/^([^=]*)=(.*)$/;
		$count="";
		$cn{count}=1;
		if ($$name{count} ne 0) {$count = $$name{count} };
		$$name{count} ++;
	$options .= "
\n";
	};
};

    

    Search Attributes
    $desc
    additional attributes
     $desc