LDAP Script Question

eiglesias has asked for the wisdom of the Perl Monks concerning the following question:

Hello, I've been asked to write a script that queries several LDAP servers in sequence. It starts with an HTML form that passes the variables to a longish PERL script that I have to customize. The part I need help with is figuring out how the credentials are passed to the script. This is an example script from a vendor so some of the intricacies are lost on me. The "fill in the blanks" part is not an issue. I just don't get how to store the values in

my $your_text = $incoming{'username'};
[download]

and

my $your_text = $incoming{'campus'};
[download]

Not to mention the password part I haven't added yet and store them for use by the rest of the script. Thanks for you help, igled

#!/iiidb/software/tpp/perl/bin/perl -w

use Net::LDAP;
use Net::LDAPS;
use strict;
use CGI qw(unescape);
use CGI::Carp qw(fatalsToBrowser);

#
#---------------------------------------------------------------------
+--
# This perl script is provided as an example for libraries that want t
+o
# employ Innovative's "plugin" model for External Patron Verification.
#
# The example script queries multiple LDAP servers depending on the ty
+pe 
# of user, e.g. staff/faculty vs. student; campus1 vs. campus2; etc.
#
# This script is not intended to be "standalone" but is instead called
+ by 
# the Innovative checkLDAP script.
#
# Innovative provides this example script as a courtesy to libraries t
+hat
# have multiple LDAP servers.  The library is responsible for customiz
+ing 
# this script with local values, enhanced functionality, etc. 
#---------------------------------------------------------------------
+--
#

my $debug = "yes";

open (DEBUG, ">>/tmp/checkLDAP_dlevy.log") if ($debug eq "yes");

#
# LDAP connection information is stored in arrays of size 2.
# The script assumes that the first location (0) in the array 
# contains the connection information for the student LDAP server, 
# i.e. the input extpatserver = student, if  extpatserver = staff the
# script uses the connection information from the second location (1)
# in the following arrays.
# If there is no value in extpatserver, the script queryies the studen
+t
# LDAP server.
# These arrays should be initialized here with the real values.
# To customize this script for you system, configure the following 
# arrays:
#
# m_sLDAPServer : contains the host domain name of the LDAP servers.
#
# m_nPort :  specifies the port used to connect to the LDAP server.
#
# m_bUseLDAPS : set to 1 if you use a secure connection i.e. port 636,
+ 
#         set to 0 if you use a non-secure connection.
# m_sBindBase : contains a string that defines which database to use 
#         on the LDAP server on the first bind command; 
#        if empty use anonymous bind.
#
# m_sBindPassword : contains the password of the administrator account
+ 
#                 you use to bind. Set the password unencrypted, 
#           i.e. use the string you received from the LDAP 
#           adminstartor as it is.  
# m_sBindUser : set the login of the administartor account, or an empt
+y string
#
# m_bUseOneBind: set to 1 if you use user's credentials to bind.
#
# m_sSearchAttribute : contains the primary search attribute to be use
+d 
#           (university ID, for example) when searching for 
#           a given patron on the LDAP server.
#
# m_sSearchBase : contains the search DN used to retrieve user records
+.
#
# m_sIDAttribute : contains the attribute in the data returned by the 
+LDAP
#                  server which is used as the patron search key on th
+e
#           Millennium server.    
#

sub from_form
{
my %incoming = &read_input;    # Read information into associated
                # array %incoming.
my $your_text = $incoming{'username'}; # Fetch the text from the array
+.
print $your_text;        # Print the text.

#inserting code to get Domain
my $your_text = $incoming{'campus'};
print $your_text;

}



sub read_input
{
    my @pairs;
    my $buffer;
    my $pair;
    my $name;
    my $value;
    my %FORM;
    # Read in text
    $ENV{'REQUEST_METHOD'} =~ tr/a-z/A-Z/;
    if ($ENV{'REQUEST_METHOD'} eq "POST")
    {
    read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
    } else
    {
    $buffer = $ENV{'QUERY_STRING'};
    }
    # Split information into name/value pairs
    @pairs = split(/&/, $buffer);
    foreach $pair (@pairs)
    {
    ($name, $value) = split(/=/, $pair);
    $value =~ tr/+/ /;
    $value =~ s/%(..)/pack("C", hex($1))/eg;
    $FORM{$name} = $value;
    }
    %FORM;
}

sub LDAP_CCSU {
my @m_sLDAPServer = ("","");
my @m_nPort = ("636","");
my @m_bUseLDAPS = ("1","");
my @m_sBindBase = ("BIND_BASE= dn=,dc=","");
my @m_sBindPassword = ("","");
my @m_sBindUser = ("","");
my @m_bUseOneBind = ("1");
my @m_sSearchAttribute = ("","");
#This is proboably going to need some work
my @m_sSearchBase = ("search_base =, DC=,DC=","");
my @m_sIDAttribute = ("","");

}

my $m_bUseLDAPPassword = 1;
my $m_bTryMillenniumAfterBadVerify = 0;

my @m_nTimeOut = (3,3);
my $m_sLDAPVersion = 3;

#
# Input variables are stored in the following variables
#
my $m_sUserName = "";
my $m_sUserId = "";
my $m_sPassword = "";
my $m_sServer= "";

my $m_hLDAP;
my $m_whichServer = 0; #Identifies which server to query by index, eit
+her 0 or 1
my $m_hSearchMessage;
my $m_bVerbose = 0;
#my $m_bVerbose = 1;
my $m_nTimeOut = 3;


my $m_sOriginalUserId;
my $m_sResult = "Failed";
my $m_sLogMessage = "";
my $m_sIIIDB = "";
[download]

Comment on LDAP Script Question Select or Download Code

Replies are listed 'Best First'.
Re: LDAP Script Question by kennethk (Abbot) on Nov 09, 2010 at 16:18 UTC
You can determine where values come from just by following the assignments. The cited lines both reference `%incoming`. `%incoming` is initialized on the line `my %incoming = &read_input;`. The subroutine `read_input` pulls key/value pairs out of some splits performed on either `STDIN` or `$ENV{'QUERY_STRING'}` depending on the content of `$ENV{'REQUEST_METHOD'}`. It seems odd to me that the script manually parses the parameters rather than using CGI's `param` method.	[reply] [d/l] [select]
Re^2: LDAP Script Question by eiglesias (Initiate) on Nov 09, 2010 at 17:28 UTC
Thank you. It is my lack of perl skills that is to blame. I will try rewriting it with CGI param.	[reply]
Re^3: LDAP Script Question by eiglesias (Initiate) on Nov 11, 2010 at 15:49 UTC
Thanks to kennethk I rewrote the script using CGI params. It is much cleaner now but I am struggling with how to call the subroutines. Can someone tell me if I am doing this correctly? Thanks, EI #!/iiidb/software/tpp/perl/bin/perl -wT use Net::LDAP; use Net::LDAPS; use strict; use CGI qw(unescape); use CGI::Carp qw(fatalsToBrowser); #This subroutine gets the data from the form sub from_form { my $data = param('username'); my $password = param('password'); my $campus = param('campus'); } #This checks the domain. Still need to get it to invoke the right ser +ver. sub domain { if ($campus = param('campus') =~ m/ccsu/) { return &LDAP_CCSU } elsif ($campus = param('campus') =~ m/ecsu/) { return &LDAP_ECSU } elsif ($campus = param('campus') =~ m/wcsu/) { return &LDAP_WCSU } elsif ($campus = param('campus') =~ m/southernct/) { return &LDAP_SCSU } else { print "Not a valid domain \n."; } } sub LDAP_CCSU { my @m_sLDAPServer = ("",""); my @m_nPort = ("",""); my @m_bUseLDAPS = ("1",""); my @m_sBindBase = ("BIND_BASE= ",""); my @m_sBindPassword = ("",""); my @m_sBindUser = ("",""); my @m_bUseOneBind = ("1"); my @m_sSearchAttribute = ("",""); my @m_sSearchBase = ("",""); my @m_sIDAttribute = ("",""); } sub LDAP_ECSU { my @m_sLDAPServer = ("",""); my @m_nPort = ("",""); my @m_bUseLDAPS = ("1",""); my @m_sBindBase = ("BIND_BASE= ",""); my @m_sBindPassword = ("",""); my @m_sBindUser = ("",""); my @m_bUseOneBind = ("1"); my @m_sSearchAttribute = ("",""); my @m_sSearchBase = ("",""); my @m_sIDAttribute = ("",""); } sub LDAP_SCSU { my @m_sLDAPServer = ("",""); my @m_nPort = ("",""); my @m_bUseLDAPS = ("1",""); my @m_sBindBase = ("BIND_BASE= ",""); my @m_sBindPassword = ("",""); my @m_sBindUser = ("",""); my @m_bUseOneBind = ("1"); my @m_sSearchAttribute = ("",""); my @m_sSearchBase = ("",""); my @m_sIDAttribute = ("",""); } sub LDAP_WCSU { my @m_sLDAPServer = ("",""); my @m_nPort = ("",""); my @m_bUseLDAPS = ("1",""); my @m_sBindBase = ("BIND_BASE= ",""); my @m_sBindPassword = ("",""); my @m_sBindUser = ("",""); my @m_bUseOneBind = ("1"); my @m_sSearchAttribute = ("",""); my @m_sSearchBase = ("",""); my @m_sIDAttribute = ("",""); } my $m_bUseLDAPPassword = 1; my $m_bTryMillenniumAfterBadVerify = 0; my @m_nTimeOut = (3,3); my $m_sLDAPVersion = 3; # # Input variables are stored in the following variables # my $m_sUserName = "$username$campus"; my $m_sUserId = "$password"; my $m_sPassword = ""; my $m_sServer= ""; my $m_hLDAP; my $m_whichServer = 0; #Identifies which server to query by index, eit +her 0 or 1 my $m_hSearchMessage; my $m_bVerbose = 0; #my $m_bVerbose = 1; my $m_nTimeOut = 3; my $m_sOriginalUserId; my $m_sResult = "Failed"; my $m_sLogMessage = ""; my $m_sIIIDB = ""; [download]	[reply] [d/l]