/**
* Hook to add objectclasses and attributes for users that already exist, but have
* missing information.
*
* @static
* @param $auth
* @return bool
*/
static function LDAPSetNovaInfo( $auth ) {
global $wgMemc;
OpenStackNovaLdapConnection::connect();
$result = LdapAuthenticationPlugin::ldap_read( $auth->ldapconn, $auth->userInfo[0]['dn'], '(objectclass=*)', array( 'secretkey', 'accesskey', 'objectclass' ) );
$userInfo = LdapAuthenticationPlugin::ldap_get_entries( $auth->ldapconn, $result );
if ( !isset( $userInfo[0]['accesskey'] ) or !isset( $userInfo[0]['secretkey'] ) ) {
$objectclasses = $userInfo[0]['objectclass'];
# First entry is a count
array_shift( $objectclasses );
if ( !in_array( 'novauser', $objectclasses ) ) {
$values['objectclass'] = array();
# ldap_modify for objectclasses requires the array indexes be sequential.
# It is stupid, yes.
foreach ( $objectclasses as $objectclass ) {
$values['objectclass'][] = $objectclass;
}
$values['objectclass'][] = 'novauser';
}
$values['accesskey'] = OpenStackNovaUser::uuid4();
$values['secretkey'] = OpenStackNovaUser::uuid4();
$values['isnovaadmin'] = 'FALSE';
$success = LdapAuthenticationPlugin::ldap_modify( $auth->ldapconn, $auth->userdn, $values );
if ( $success ) {
$key = wfMemcKey( 'ldapauthentication', 'userinfo', $auth->userdn );
$wgMemc->delete( $key );
$auth->printDebug( "Successfully modified the user's nova attributes", NONSENSITIVE );
return true;
} else {
$auth->printDebug( "Failed to modify the user's nova attributes.", NONSENSITIVE );
# Always return true, other hooks should still run, even if this fails
return true;
}
} else {
$auth->printDebug( "User has accesskey and secretkey set.", NONSENSITIVE );
return true;
}
}
