LDAP: Add deref option to specify how to dereference aliases

Author: ikedas

src/cgi/wwsympa.fcgi.in

@@ -3657,6 +3657,7 @@ sub is_ldap_user {
             base    => $ldap->{'suffix'},
             filter  => "$filter",
             scope   => $ldap->{'scope'},
+            deref   => $ldap->{'deref'},
             timeout => $ldap->{'timeout'}
         );
 
@@ -15492,7 +15493,8 @@ sub do_arc_download {
             my $string = $message->as_string =~ s/\r?\n/\r\n/gr;
             if ($Archive::Zip::SimpleZip::VERSION) {
                 $rv = $zip->addString($string,
-                    Name => sprintf('%s/%s.eml', $arc_dirname, $handle->basename)
+                    Name =>
+                        sprintf('%s/%s.eml', $arc_dirname, $handle->basename)
                 );
                 $az = $Archive::Zip::SimpleZip::SimpleZipError;
             } else {
@@ -16649,21 +16651,21 @@ sub do_invite {
     if ($in{'email'}) {
         @emails =
             grep {$_} map { Sympa::Tools::Text::canonic_email($_) }
-        split /\0/, $in{'email'};
-        $log->syslog('info', 'single invite "%s"', join(' ',@emails));
+            split /\0/, $in{'email'};
+        $log->syslog('info', 'single invite "%s"', join(' ', @emails));
         unless (@emails) {
             add_stash('user', 'no_email');
             return 'review';
         }
-    } else { # addresses for multiple users (from import.tt2) are $in{dump}
+    } else {    # addresses for multiple users (from import.tt2) are $in{dump}
         foreach (split /\r\n|\r|\n/, $in{'dump'}) {
             next unless /\S/;
             next if /\A\s*#/;    #FIXME: email address can contain '#'
 
             my ($email) = m{\A\s*(\S+)(?:\s+(.*))?\s*\z};
             push @emails, $email;
         }
-        $log->syslog('info', 'multiple invite "%s"', join(' ',@emails));
+        $log->syslog('info', 'multiple invite "%s"', join(' ', @emails));
         unless (@emails) {
             add_stash('user', 'no_email');
             return 'import';

src/lib/Conf.pm

@@ -685,12 +685,13 @@ sub _load_auth {
             'get_dn_by_uid_filter'   => '.+',
             'get_dn_by_email_filter' => '.+',
             'email_attribute'        => Sympa::Regexps::ldap_attrdesc(),
-            'alternative_email_attribute' => '.*',                 # Obsoleted
+            'alternative_email_attribute' => '.*',             # Obsoleted
             'scope'                       => 'base|one|sub',
-            'authentication_info_url'     => 'http(s)?:/.*',
-            'use_tls'                     => 'starttls|ldaps|none',
-            'use_ssl'                     => '1',                  # Obsoleted
-            'use_start_tls'               => '1',                  # Obsoleted
+            'deref'                   => 'never|search|find|always',
+            'authentication_info_url' => 'http(s)?:/.*',
+            'use_tls'                 => 'starttls|ldaps|none',
+            'use_ssl'       => '1',                            # Obsoleted
+            'use_start_tls' => '1',                            # Obsoleted
             'ssl_version' => 'sslv2/3|sslv2|sslv3|tlsv1|tlsv1_[123]',
             'ssl_ciphers' => '[\w:]+',
             'ssl_cert'    => '.+',
@@ -722,6 +723,7 @@ sub _load_auth {
             'timeout'       => '\d+',
             'suffix'        => '.+',
             'scope'         => 'base|one|sub',
+            'deref'         => 'never|search|find|always',
             'get_email_by_uid_filter' => '.+',
             'email_attribute'         => Sympa::Regexps::ldap_attrdesc(),
             'use_tls'                 => 'starttls|ldaps|none',
@@ -749,6 +751,7 @@ sub _load_auth {
             'timeout'       => '\d+',
             'suffix'        => '.+',
             'scope'         => 'base|one|sub',
+            'deref'         => 'never|search|find|always',
             'get_email_by_uid_filter' => '.+',
             'email_attribute'         => Sympa::Regexps::ldap_attrdesc(),
             'use_tls'                 => 'starttls|ldaps|none',
@@ -883,10 +886,12 @@ sub _load_auth {
                     ## Force the default scope because '' is interpreted as
                     ## 'base'
                     $current_paragraph->{'scope'} ||= 'sub';
+                    $current_paragraph->{'deref'} ||= 'find';
                 } elsif ($current_paragraph->{'auth_type'} eq 'generic_sso') {
                     ## Force the default scope because '' is interpreted as
                     ## 'base'
                     $current_paragraph->{'scope'} ||= 'sub';
+                    $current_paragraph->{'deref'} ||= 'find';
                     ## default value for http_header_value_separator is ';'
                     $current_paragraph->{'http_header_value_separator'} ||=
                         ';';
@@ -903,6 +908,7 @@ sub _load_auth {
                     ## Force the default scope because '' is interpreted as
                     ## 'base'
                     $current_paragraph->{'scope'} ||= 'sub';
+                    $current_paragraph->{'deref'} ||= 'find';
                 } elsif ($current_paragraph->{'auth_type'} eq 'user_table') {
                     ;
                 } elsif ($current_paragraph->{'auth_type'} eq 'cgi') {

src/lib/Sympa/CLI/test/ldap.pm

@@ -89,6 +89,7 @@ sub _run {
         base   => ($options->{suffix} // ''),
         filter => $filter,
         scope  => ($options->{scope} || 'sub'),
+        deref  => ($options->{deref} || 'find'),
         attrs =>
             ($options->{attrs} ? [split /\s*,\s*/, $options->{attrs}] : ['']),
     ) or die sprintf "Search  impossible: %s\n", $db->error;

src/lib/Sympa/Conf.pm-YETUSED

@@ -0,0 +1,38 @@
+package Sympa::Conf;
+
+use strict;
+use warnings;
+
+use Exporter qw(import);
+BEGIN { our @EXPORT = qw(Conf); }
+
+use Sympa::Constants;
+
+our %Conf;
+
+sub Conf ($@) {
+    my $that = shift || '*';
+    my @keys = map { split /[.]/ } @_;
+
+    _load() unless %Conf;
+    warn 'loaded';
+}
+
+sub _load {
+    die 'Cannot load';
+}
+
+1;
+__END__
+
+package Conf;
+
+use strict;
+use warnings;
+
+*Conf = *Sympa::Conf;
+# or
+#*Conf = 'Sympa::Conf';
+
+1;
+

src/lib/Sympa/Config/Schema.pm

@@ -348,7 +348,7 @@ our %pinfo = (
         gettext_id => 'Name of the database',
         gettext_comment =>
             "With SQLite, this must be the full path to database file.\nWith Oracle Database, this must be SID, net service name or easy connection identifier (to use net service name, db_host should be set to \"none\" and HOST, PORT and SERVICE_NAME should be defined in tnsnames.ora file).",
-        format => '.+',
+        format     => '.+',
         occurrence => '1',
     },
     db_user => {
@@ -1717,8 +1717,8 @@ our %pinfo = (
                 default    => 'owner',
             },
             quota => {
-                context => [qw(list domain site)],
-                order   => 3,
+                context      => [qw(list domain site)],
+                order        => 3,
                 gettext_id   => "quota",
                 gettext_unit => 'Kbytes',
                 format       => '\d+',
@@ -3418,6 +3418,15 @@ our %pinfo = (
                 occurrence => '1',
                 default    => 'sub'
             },
+            deref => {
+                context    => [qw(list)],
+                order      => 5.5,
+                gettext_id => "dereferencing aliases",
+                format     => ['never', 'search', 'find', 'always'],
+                occurrence => '1',
+                default    => 'find',
+                not_before => '6.2.74',
+            },
             timeout => {
                 context      => [qw(list)],
                 order        => 6,
@@ -3599,6 +3608,15 @@ our %pinfo = (
                 format     => ['base', 'one', 'sub'],
                 default    => 'sub'
             },
+            deref1 => {
+                context    => [qw(list)],
+                order      => 5.5,
+                gettext_id => "dereferencing aliases",
+                format     => ['never', 'search', 'find', 'always'],
+                occurrence => '1',
+                default    => 'find',
+                not_before => '6.2.74',
+            },
             timeout1 => {
                 context      => [qw(list)],
                 order        => 6,
@@ -3653,6 +3671,15 @@ our %pinfo = (
                 occurrence => '1',
                 default    => 'sub'
             },
+            deref2 => {
+                context    => [qw(list)],
+                order      => 12.5,
+                gettext_id => "dereferencing aliases",
+                format     => ['never', 'search', 'find', 'always'],
+                occurrence => '1',
+                default    => 'find',
+                not_before => '6.2.74',
+            },
             timeout2 => {
                 context      => [qw(list)],
                 order        => 13,
@@ -3821,8 +3848,8 @@ our %pinfo = (
                 order   => 9,
                 gettext_id =>
                     "Directory where the database is stored (used for DBD::CSV only)",
-                format => '.+',
-                obsolete => 'db_name',
+                format    => '.+',
+                obsolete  => 'db_name',
                 not_after => '6.2.70',
             },
             nosync_time_ranges => {
@@ -3987,6 +4014,15 @@ our %pinfo = (
                 occurrence => '1',
                 default    => 'sub'
             },
+            deref => {
+                context    => [qw(list)],
+                order      => 5.5,
+                gettext_id => "dereferencing aliases",
+                format     => ['never', 'search', 'find', 'always'],
+                occurrence => '1',
+                default    => 'find',
+                not_before => '6.2.74',
+            },
             timeout => {
                 context      => [qw(list)],
                 order        => 6,
@@ -4164,6 +4200,15 @@ our %pinfo = (
                 occurrence => '1',
                 default    => 'sub'
             },
+            deref1 => {
+                context    => [qw(list)],
+                order      => 5.5,
+                gettext_id => "dereferencing aliases",
+                format     => ['never', 'search', 'find', 'always'],
+                occurrence => '1',
+                default    => 'find',
+                not_before => '6.2.74',
+            },
             timeout1 => {
                 context      => [qw(list)],
                 order        => 6,
@@ -4218,6 +4263,15 @@ our %pinfo = (
                 occurrence => '1',
                 default    => 'sub'
             },
+            deref2 => {
+                context    => [qw(list)],
+                order      => 12.5,
+                gettext_id => "dereferencing aliases",
+                format     => ['never', 'search', 'find', 'always'],
+                occurrence => '1',
+                default    => 'find',
+                not_before => '6.2.74',
+            },
             timeout2 => {
                 context      => [qw(list)],
                 order        => 13,
@@ -4381,8 +4435,8 @@ our %pinfo = (
                 order   => 9,
                 gettext_id =>
                     "Directory where the database is stored (used for DBD::CSV only)",
-                format => '.+',
-                obsolete => 'db_name',
+                format    => '.+',
+                obsolete  => 'db_name',
                 not_after => '6.2.70',
             },
             email_entry => {

src/lib/Sympa/DataSource/LDAP.pm

@@ -46,10 +46,12 @@ sub _open {
     $self->{_db} = $db;
 
     my $pagesize = $options{pagesize} || $self->{pagesize};
-    if ($pagesize and $db->__dbh->root_dse->supported_control(
+    if ($pagesize
+        and $db->__dbh->root_dse->supported_control(
             Net::LDAP::Constant::LDAP_CONTROL_PAGED()
-        )) {
-        $self->{_page} = Net::LDAP::Control::Paged->new( size => $pagesize );
+        )
+    ) {
+        $self->{_page} = Net::LDAP::Control::Paged->new(size => $pagesize);
     }
 
     my $mesg = $self->_open_operation(%options);
@@ -69,13 +71,15 @@ sub _open_operation {
     my $ldap_filter = $options{filter} || $self->{filter};
     my $ldap_attrs  = $options{attrs}  || $self->{attrs};
     my $ldap_scope  = $options{scope}  || $self->{scope};
+    my $ldap_deref  = $options{deref}  || $self->{deref};
 
     my @args = (
-        base   => $ldap_suffix,
-        filter => $ldap_filter,
-        attrs  => [split /\s*,\s*/, $ldap_attrs],
-        scope  => $ldap_scope,
-        control=> $self->{_page} ? [$self->{_page}] : []
+        base    => $ldap_suffix,
+        filter  => $ldap_filter,
+        attrs   => [split /\s*,\s*/, $ldap_attrs],
+        scope   => $ldap_scope,
+        deref   => $ldap_deref,
+        control => $self->{_page} ? [$self->{_page}] : []
     );
 
     my $mesg = $self->{_db}->do_operation('search', @args);
@@ -133,8 +137,7 @@ sub _load_next {
         # second page, or later one (but not post-last) of a paged search:
         # load next page
         $mesg = $self->_open_operation(%options);
-    }
-    else {
+    } else {
         $mesg = $self->__dsh;
     }
     while (my $entry = $mesg->shift_entry) {
@@ -180,10 +183,9 @@ sub _load_next {
     }
 
     if ($self->{_page} and $mesg) {
-        my $cookie = $mesg->control(
-            Net::LDAP::Constant::LDAP_CONTROL_PAGED
-        )->cookie;
-        $self->{_page}->cookie( $cookie );
+        my $cookie =
+            $mesg->control(Net::LDAP::Constant::LDAP_CONTROL_PAGED)->cookie;
+        $self->{_page}->cookie($cookie);
     }
 
     return [@retrieved];

src/lib/Sympa/ListOpt.pm

@@ -106,6 +106,14 @@ our %list_option = (
     'one'  => {'gettext_id' => 'one level'},
     'sub'  => {'gettext_id' => 'subtree'},
 
+    # include_ldap_2level_query.deref2, include_ldap_2level_query.deref1,
+    # include_ldap_query.deref
+    'never' => {'gettext_id' => 'never'},
+    'search' =>
+        {'gettext_id' => 'in searching subordinates of the base object'},
+    'find'   => {'gettext_id' => 'in locating the base object'},
+    'always' => {'gettext_id' => 'always'},
+
     # include_ldap_query.use_tls, include_ldap_2level_query.use_tls,
     # include_ldap_ca.use_tls, include_ldap_2level_ca.use_tls
     'starttls' => {'gettext_id' => 'use STARTTLS'},

src/lib/Sympa/Scenario.pm

@@ -1401,6 +1401,7 @@ sub do_search {
             base   => "$ldap_conf{'suffix'}",
             filter => "$filter",
             scope  => "$ldap_conf{'scope'}",
+            deref  => "$ldap_conf{'deref'}",
             attrs  => ['1.1']
         );
         unless ($mesg) {
@@ -1580,7 +1581,8 @@ sub _load_ldap_configuration {
         return;
     }
 
-    my @valid_options = qw(host suffix filter scope bind_dn bind_password
+    my @valid_options =
+        qw(host suffix filter scope deref bind_dn bind_password
         use_tls ssl_version ssl_ciphers ssl_cert ssl_key
         ca_verify ca_path ca_file);
     my @required_options = qw(host suffix filter);
@@ -1593,6 +1595,7 @@ sub _load_ldap_configuration {
         'suffix'        => undef,
         'filter'        => undef,
         'scope'         => 'sub',
+        'deref'         => 'find',
         'bind_dn'       => undef,
         'bind_password' => undef
     );