/** * @param $userdn string * @return array|null */ function getUserInfoStateless($userdn) { global $wgMemc; $key = wfMemcKey('ldapauthentication', 'userinfo', $userdn); $userInfo = $wgMemc->get($key); if (!is_array($userInfo)) { $entry = LdapAuthenticationPlugin::ldap_read($this->ldapconn, $userdn, "objectclass=*", array('*', 'memberof')); $userInfo = LdapAuthenticationPlugin::ldap_get_entries($this->ldapconn, $entry); if ($userInfo["count"] < 1) { return null; } $wgMemc->set($key, $userInfo, 3600 * 24); } return $userInfo; }
/** * Hook to add objectclasses and attributes for users that already exist, but have * missing information. * * @static * @param $auth * @return bool */ static function LDAPSetNovaInfo( $auth ) { global $wgMemc; OpenStackNovaLdapConnection::connect(); $result = LdapAuthenticationPlugin::ldap_read( $auth->ldapconn, $auth->userInfo[0]['dn'], '(objectclass=*)', array( 'secretkey', 'accesskey', 'objectclass' ) ); $userInfo = LdapAuthenticationPlugin::ldap_get_entries( $auth->ldapconn, $result ); if ( !isset( $userInfo[0]['accesskey'] ) or !isset( $userInfo[0]['secretkey'] ) ) { $objectclasses = $userInfo[0]['objectclass']; # First entry is a count array_shift( $objectclasses ); if ( !in_array( 'novauser', $objectclasses ) ) { $values['objectclass'] = array(); # ldap_modify for objectclasses requires the array indexes be sequential. # It is stupid, yes. foreach ( $objectclasses as $objectclass ) { $values['objectclass'][] = $objectclass; } $values['objectclass'][] = 'novauser'; } $values['accesskey'] = OpenStackNovaUser::uuid4(); $values['secretkey'] = OpenStackNovaUser::uuid4(); $values['isnovaadmin'] = 'FALSE'; $success = LdapAuthenticationPlugin::ldap_modify( $auth->ldapconn, $auth->userdn, $values ); if ( $success ) { $key = wfMemcKey( 'ldapauthentication', 'userinfo', $auth->userdn ); $wgMemc->delete( $key ); $auth->printDebug( "Successfully modified the user's nova attributes", NONSENSITIVE ); return true; } else { $auth->printDebug( "Failed to modify the user's nova attributes.", NONSENSITIVE ); # Always return true, other hooks should still run, even if this fails return true; } } else { $auth->printDebug( "User has accesskey and secretkey set.", NONSENSITIVE ); return true; } }