| 97 | | '''sub Authenticate :''' accepts credentials (UID or mailAlternateAddress and password) returns whether authenticated [Y|N] and if successful: null msg, UID, displayName and list of user's roles if unsuccessful: error msg, UID, null, null |
| 98 | | |
| 99 | | '''sub !CampusPickList : ''' generates generic HTML form element for campus picklist using ldap_uakEmployeeCampus.txt as input |
| 100 | | |
| 101 | | '''sub Credentials : ''' generates HTML form elements for LDAP credentials (id and password) |
| 102 | | |
| 103 | | '''sub UAclose : ''' generates closing HTML elements for standard window look and feel |
| 104 | | |
| 105 | | '''sub UAopen : ''' generates opening HTML elements for standard window look and feel |
| 106 | | |
| 107 | | '''sub abort : ''' uses mailx to send $body with $subject to $MAILTO |
| 108 | | |
| 109 | | '''sub appendMsg : ''' formats $msg_in according to $msg_type and appends to $MSG |
| 110 | | |
| 111 | | '''sub bldgCampusPickList : ''' generates HTML form element for building pick list for MAU |
| 112 | | |
| 113 | | '''sub bldgExists : ''' checks static file to determine if building code exists (issue: building codes are stored in registry and in static file but not in directory) |
| 114 | | |
| 115 | | '''sub bldgPicklist : ''' generates HTML form element for building pick list |
| 116 | | |
| 117 | | '''sub crypt : ''' simple encryption of strings; used to encrypt password before storing in LDAP cookie |
| 118 | | |
| 119 | | '''sub debug :''' utility used to record debugging information (utilizes debug runtime config parm) |
| 120 | | |
| 121 | | '''sub deptUnitPickList : ''' generates HTML form element for department picklist; elements of list taken from external file ldap_deptUnits.txt |
| 122 | | |
| 123 | | '''sub embeddedAttributes : ''' (may be obsolete; was formatting solution for uakPhonebookFlag attribute, the values of which could represent an unlimited number of MAU specific phonebook "attributes") |
| | 97 | '''sub Authenticate :''' accepts credentials (UID or mailAlternateAddress and password) returns whether authenticated [Y|N] and if successful: null msg, UID, displayName and list of user's roles if unsuccessful: error msg, UID, null, null |
| | 98 | |
| | 99 | '''sub !CampusPickList : ''' generates generic HTML form element for campus picklist using ldap_uakEmployeeCampus.txt as input |
| | 100 | |
| | 101 | '''sub Credentials : ''' generates HTML form elements for LDAP credentials (id and password) |
| | 102 | |
| | 103 | '''sub UAclose : ''' generates closing HTML elements for standard window look and feel |
| | 104 | |
| | 105 | '''sub UAopen : ''' generates opening HTML elements for standard window look and feel |
| | 106 | |
| | 107 | '''sub abort : ''' uses mailx to send $body with $subject to $MAILTO |
| | 108 | |
| | 109 | '''sub appendMsg : ''' formats $msg_in according to $msg_type and appends to $MSG |
| | 110 | |
| | 111 | '''sub bldgCampusPickList : ''' generates HTML form element for building pick list for MAU |
| | 112 | |
| | 113 | '''sub bldgExists : ''' checks static file to determine if building code exists (issue: building codes are stored in registry and in static file but not in directory) |
| | 114 | |
| | 115 | '''sub bldgPicklist : ''' generates HTML form element for building pick list |
| | 116 | |
| | 117 | '''sub crypt : ''' simple encryption of strings; used to encrypt password before storing in LDAP cookie |
| | 118 | |
| | 119 | '''sub debug :''' utility used to record debugging information (utilizes debug runtime config parm) |
| | 120 | |
| | 121 | '''sub deptUnitPickList : ''' generates HTML form element for department picklist; elements of list taken from external file ldap_deptUnits.txt |
| | 122 | |
| | 123 | '''sub embeddedAttributes : ''' (may be obsolete; was formatting solution for uakPhonebookFlag attribute, the values of which could represent an unlimited number of MAU specific phonebook "attributes") |
| 129 | | '''sub employeeDeptPickList : ''' generates generic HTML form element for campus picklist using ldap_uakEmployeeAffiliation.txt |
| 130 | | |
| 131 | | '''sub formatAttributes : ''' function returning hash of attribute characteristics used to control formatting of HTML form elements; elements with exceptional (non-standard) formatting requirements are recorded here |
| 132 | | |
| 133 | | '''sub formatLabel : ''' formats field descriptions with or without accompanying comments |
| 134 | | |
| 135 | | '''sub formatValue : ''' formats attribute values, generating href tags for specific attribute types |
| 136 | | |
| 137 | | '''sub genClearCookie : ''' Generates Set-Cookie metadata that clears old cookie (where ldapstring is assumed to be the cookie being cleared) |
| 138 | | |
| 139 | | '''sub genClearSimpleCookie : ''' Generates Set-Cookie metadata that clears new simple cookie (where name/value are passed to funtion). |
| 140 | | |
| 141 | | '''sub genSetCookie : ''' Generates Set-Cookie metadata that establishes a specific cookie (new or old) |
| 142 | | |
| 143 | | '''sub getACL : ''' Returns hash of permissions for requested list of ACL names. |
| 144 | | |
| 145 | | '''sub getAttributes : ''' returns a hash of arrays for attributes meeting specified criteria the hash keys are LDAP attribute names each hash value is an array of attribute characteristics |
| 146 | | |
| 147 | | '''sub getEntityDisplayLabel : ''' function returning one of DISPLAY_NAME, TITLE_<something>, UNITDISPLAYNAME, UNITNAME or UID from an array of attributes passed to the function |
| 148 | | |
| 149 | | '''sub getUserAttributes : ''' returns array of attribute=value pairs for $filter |
| 150 | | |
| 151 | | '''sub getSecureAttributes : ''' returns array of attribute=value pairs for $filter (utilizes privileged credentials) |
| | 129 | '''sub employeeDeptPickList : ''' generates generic HTML form element for campus picklist using ldap_uakEmployeeAffiliation.txt |
| | 130 | |
| | 131 | '''sub formatAttributes : ''' function returning hash of attribute characteristics used to control formatting of HTML form elements; elements with exceptional (non-standard) formatting requirements are recorded here |
| | 132 | |
| | 133 | '''sub formatLabel : ''' formats field descriptions with or without accompanying comments |
| | 134 | |
| | 135 | '''sub formatValue : ''' formats attribute values, generating href tags for specific attribute types |
| | 136 | |
| | 137 | '''sub genClearCookie : ''' Generates Set-Cookie metadata that clears old cookie (where ldapstring is assumed to be the cookie being cleared) |
| | 138 | |
| | 139 | '''sub genClearSimpleCookie : ''' Generates Set-Cookie metadata that clears new simple cookie (where name/value are passed to funtion). |
| | 140 | |
| | 141 | '''sub genSetCookie : ''' Generates Set-Cookie metadata that establishes a specific cookie (new or old) |
| | 142 | |
| | 143 | '''sub getACL : ''' Returns hash of permissions for requested list of ACL names. |
| | 144 | |
| | 145 | '''sub getAttributes : ''' returns a hash of arrays for attributes meeting specified criteria the hash keys are LDAP attribute names each hash value is an array of attribute characteristics |
| | 146 | |
| | 147 | '''sub getEntityDisplayLabel : ''' function returning one of DISPLAY_NAME, TITLE_<something>, UNITDISPLAYNAME, UNITNAME or UID from an array of attributes passed to the function |
| | 148 | |
| | 149 | '''sub getUserAttributes : ''' returns array of attribute=value pairs for $filter |
| | 150 | |
| | 151 | '''sub getSecureAttributes : ''' returns array of attribute=value pairs for $filter (utilizes privileged credentials) |
| 155 | | '''sub is_emplAdmin : ''' function that determines if credentialed user is admin for people record |
| 156 | | |
| 157 | | '''sub lookUpParentUnit : ''' function that returns parent unit for department record |
| 158 | | |
| 159 | | '''sub pad : ''' returns string padded with character to specified length |
| 160 | | |
| 161 | | '''sub parseCookie : ''' parses old, complex cookie; returning the UID, password, name and role elements |
| 162 | | |
| 163 | | '''sub parseDN : ''' parses $dn and returns UID and OU elements |
| 164 | | |
| 165 | | '''sub parseSimpleCookie : ''' parses new simple cookie; returning a single string value |
| 166 | | |
| 167 | | '''sub post_admin : ''' executes HTTPS request to call ldap_bulk_admin CGI script as though from the web (utilizes directory_server_link runtime config parm) |
| 168 | | |
| 169 | | '''sub post_updates : ''' executes HTTPS request to call ldap_bulk_update CGI script as though from the web (utilizes directory_server_link runtime config parm) |
| 170 | | |
| 171 | | '''sub returnIdentifierFilter : ''' used to return a generic filter that can be used to search for a people record by name or any identifier accepted during AUTHSERV authentication (see ldap_dlevelx CGI script) |
| 172 | | |
| 173 | | '''sub studentDeptPickList : ''' generates generic HTML form element for student department picklist using ldap_uakStudentAffiliation.txt |
| 174 | | |
| 175 | | '''sub uidLDAPlookup : ''' returns (last) $attribute value for matching $filter where query executed by credentialed user or default gateway user (weak - utilized currently only by ldap_lib.pm) |
| | 155 | '''sub is_emplAdmin : ''' function that determines if credentialed user is admin for people record |
| | 156 | |
| | 157 | '''sub lookUpParentUnit : ''' function that returns parent unit for department record |
| | 158 | |
| | 159 | '''sub pad : ''' returns string padded with character to specified length |
| | 160 | |
| | 161 | '''sub parseCookie : ''' parses old, complex cookie; returning the UID, password, name and role elements |
| | 162 | |
| | 163 | '''sub parseDN : ''' parses $dn and returns UID and OU elements |
| | 164 | |
| | 165 | '''sub parseSimpleCookie : ''' parses new simple cookie; returning a single string value |
| | 166 | |
| | 167 | '''sub post_admin : ''' executes HTTPS request to call ldap_bulk_admin CGI script as though from the web (utilizes directory_server_link runtime config parm) |
| | 168 | |
| | 169 | '''sub post_updates : ''' executes HTTPS request to call ldap_bulk_update CGI script as though from the web (utilizes directory_server_link runtime config parm) |
| | 170 | |
| | 171 | '''sub returnIdentifierFilter : ''' used to return a generic filter that can be used to search for a people record by name or any identifier accepted during AUTHSERV authentication (see ldap_dlevelx CGI script) |
| | 172 | |
| | 173 | '''sub studentDeptPickList : ''' generates generic HTML form element for student department picklist using ldap_uakStudentAffiliation.txt |
| | 174 | |
| | 175 | '''sub uidLDAPlookup : ''' returns (last) $attribute value for matching $filter where query executed by credentialed user or default gateway user (weak - utilized currently only by ldap_lib.pm) |
| 184 | | '''sub connect :''' establishes ORACLE_HOME and executes DBI->connect utilizing $eff_login to establish $dbh |
| 185 | | |
| 186 | | '''sub copy_to_oitdest :''' copies LDIF processed by process_admin_request to location identified in runtime parameter oitdest, if runtime parameter defined |
| 187 | | |
| 188 | | '''sub directory_update :''' executes ldapmodify statements to update LDAP directory |
| 189 | | |
| 190 | | '''sub evaluate :''' executes $dbh->prepare on $sql to establishes $sth |
| 191 | | |
| 192 | | '''sub execute :''' performs $sth->execute which executes sql statement in Oracle database |
| 193 | | |
| 194 | | '''sub getSecureAttributes :''' returns array of attribute=value pairs for $filter (utilizes privileged credentials) |
| 195 | | |
| 196 | | '''sub getSecureAttributes :''' process that utilizes privileged application credentials to obtain secure attribute values when needed for processing (don't rely on credentials of requester which might not have needed access) |
| 197 | | |
| 198 | | '''sub kerberos_change :''' process by which a kerberos principal *changes* his known kerberos password to a new value |
| 199 | | |
| 200 | | '''sub kerberos_create :''' process by which a kerberos principal is created |
| 201 | | |
| 202 | | '''sub kerberos_date_to_time :''' process by which a kerberos date/time stamp is converted Perl date/time |
| 203 | | |
| 204 | | '''sub kerberos_directory :''' Principal process which returns kerberos principal associated with given UID |
| 205 | | |
| 206 | | '''sub kerberos_getprinc :''' process which executes kadmin getprinc command |
| 207 | | |
| 208 | | '''sub kerberos_inactivate :''' process which inactivates a kerberos principal (creates random preexpired password) |
| 209 | | |
| 210 | | '''sub kerberos_initialize :''' process which activates a kerberos principal (establishes the default password with 14 day password expiration) |
| 211 | | |
| 212 | | '''sub kerberos_lock :''' process which locks a kerberos account (establishes a known expiration date/time on account) |
| 213 | | |
| 214 | | '''sub kerberos_reset :''' process which resets a kerberos password to its default value |
| 215 | | |
| 216 | | '''sub kerberos_unlock :''' process which removes the expiration date/time from an account |
| 217 | | |
| 218 | | '''sub kerberos_update :''' process which determines if a password update request is a non-owner reset or an owner change; also directs conversion processing steps (which entails a reset followed by a change) |
| 219 | | |
| 220 | | |
| 221 | | '''sub lock_account :''' executes iPlanet ns[in]activate command to disable/enable account |
| 222 | | |
| 223 | | '''sub log_admin_update :''' logs admin updates for historical reference |
| 224 | | |
| 225 | | '''sub log_error :''' writes $msg to $ERRORLOG |
| 226 | | |
| 227 | | '''sub log_history :''' logs normal gatewway updates |
| 228 | | |
| 229 | | '''sub log_update :''' writes $msg to $UPDATELOG using flock in coordination with gateway_move_logs.pl to get a file lock before performing an action calls report_fatal if fails to write update to $UPDATELOG |
| | 184 | '''sub connect :''' establishes ORACLE_HOME and executes DBI->connect utilizing $eff_login to establish $dbh |
| | 185 | |
| | 186 | '''sub copy_to_oitdest :''' copies LDIF processed by process_admin_request to location identified in runtime parameter oitdest, if runtime parameter defined |
| | 187 | |
| | 188 | '''sub directory_update :''' executes ldapmodify statements to update LDAP directory |
| | 189 | |
| | 190 | '''sub evaluate :''' executes $dbh->prepare on $sql to establishes $sth |
| | 191 | |
| | 192 | '''sub execute :''' performs $sth->execute which executes sql statement in Oracle database |
| | 193 | |
| | 194 | '''sub getSecureAttributes :''' returns array of attribute=value pairs for $filter (utilizes privileged credentials) |
| | 195 | |
| | 196 | '''sub getSecureAttributes :''' process that utilizes privileged application credentials to obtain secure attribute values when needed for processing (don't rely on credentials of requester which might not have needed access) |
| | 197 | |
| | 198 | '''sub kerberos_change :''' process by which a kerberos principal *changes* his known kerberos password to a new value |
| | 199 | |
| | 200 | '''sub kerberos_create :''' process by which a kerberos principal is created |
| | 201 | |
| | 202 | '''sub kerberos_date_to_time :''' process by which a kerberos date/time stamp is converted Perl date/time |
| | 203 | |
| | 204 | '''sub kerberos_directory :''' Principal process which returns kerberos principal associated with given UID |
| | 205 | |
| | 206 | '''sub kerberos_getprinc :''' process which executes kadmin getprinc command |
| | 207 | |
| | 208 | '''sub kerberos_inactivate :''' process which inactivates a kerberos principal (creates random preexpired password) |
| | 209 | |
| | 210 | '''sub kerberos_initialize :''' process which activates a kerberos principal (establishes the default password with 14 day password expiration) |
| | 211 | |
| | 212 | '''sub kerberos_lock :''' process which locks a kerberos account (establishes a known expiration date/time on account) |
| | 213 | |
| | 214 | '''sub kerberos_reset :''' process which resets a kerberos password to its default value |
| | 215 | |
| | 216 | '''sub kerberos_unlock :''' process which removes the expiration date/time from an account |
| | 217 | |
| | 218 | '''sub kerberos_update :''' process which determines if a password update request is a non-owner reset or an owner change; also directs conversion processing steps (which entails a reset followed by a change) |
| | 219 | |
| | 220 | |
| | 221 | '''sub lock_account :''' executes iPlanet ns[in]activate command to disable/enable account |
| | 222 | |
| | 223 | '''sub log_admin_update :''' logs admin updates for historical reference |
| | 224 | |
| | 225 | '''sub log_error :''' writes $msg to $ERRORLOG |
| | 226 | |
| | 227 | '''sub log_history :''' logs normal gatewway updates |
| | 228 | |
| | 229 | '''sub log_update :''' writes $msg to $UPDATELOG using flock in coordination with gateway_move_logs.pl to get a file lock before performing an action calls report_fatal if fails to write update to $UPDATELOG |
| 233 | | '''sub process_admin_request :''' main routine for processing admin updates; like process_request only restricted to EDIR administrator use to add/delete entities (results in creation or removal of a DN). Gets EDIRrole values from directory and looks for acceptable role before proceeding. First line of file input *must* reference a supported action (add or delete). Returns output from ldif processing which the calling program is expected to parse to determine result. |
| 234 | | |
| 235 | | '''sub process_request :''' main routine for processing updates; checks process type ($action) and performs rudimentary error checking, then attempts to update the Oracle registry. if successful, calls directory_update to update directory. returns success (1) or failure (0) and $return_msg generated by either the registry update or the directory update |
| 236 | | |
| 237 | | '''sub registry_update :''' executes $sql in registry, capturing success (1) or failure (0), $sql_msg and $sql_row_count resulting from sql execution; returns success or failure and $sql_msg. [[br]][[br]] |
| | 233 | '''sub process_admin_request :''' main routine for processing admin updates; like process_request only restricted to EDIR administrator use to add/delete entities (results in creation or removal of a DN). Gets EDIRrole values from directory and looks for acceptable role before proceeding. First line of file input *must* reference a supported action (add or delete). Returns output from ldif processing which the calling program is expected to parse to determine result. |
| | 234 | |
| | 235 | '''sub process_request :''' main routine for processing updates; checks process type ($action) and performs rudimentary error checking, then attempts to update the Oracle registry. if successful, calls directory_update to update directory. returns success (1) or failure (0) and $return_msg generated by either the registry update or the directory update |
| | 236 | |
| | 237 | '''sub registry_update :''' executes $sql in registry, capturing success (1) or failure (0), $sql_msg and $sql_row_count resulting from sql execution; returns success or failure and $sql_msg. [[br]][[br]] |
| 241 | | '''sub report_error :''' utilizes mailx to send $body with $subject to $MAILTO without disabling updates |
| 242 | | |
| 243 | | '''sub report_fatal :''' utilizes mailx to send $body with $subject to $MAILTO generates $ldap_lib::LOCKFILE (gateway_updates_disabled) to disable updates until problem resovled |
| 244 | | |
| 245 | | '''sub special_logging :''' (obsoleted; discarded method of providing UAA with record of EDIR updates) |
| 246 | | |
| 247 | | '''sub uakEmployeeLocatorSubProcessing :''' process by which individual attributes underlying uakEmployeeLocator (office, telephonenumber, facsimiletelephonenumber) are maintained as a byproduct of uakEmployeeLocator maintenance |
| 248 | | |
| 249 | | '''sub user_notification :''' routine for notifying account holders of events (assuming they are not a UAA student or staff member) |
| | 241 | '''sub report_error :''' utilizes mailx to send $body with $subject to $MAILTO without disabling updates |
| | 242 | |
| | 243 | '''sub report_fatal :''' utilizes mailx to send $body with $subject to $MAILTO generates $ldap_lib::LOCKFILE (gateway_updates_disabled) to disable updates until problem resovled |
| | 244 | |
| | 245 | '''sub special_logging :''' (obsoleted; discarded method of providing UAA with record of EDIR updates) |
| | 246 | |
| | 247 | '''sub uakEmployeeLocatorSubProcessing :''' process by which individual attributes underlying uakEmployeeLocator (office, telephonenumber, facsimiletelephonenumber) are maintained as a byproduct of uakEmployeeLocator maintenance |
| | 248 | |
| | 249 | '''sub user_notification :''' routine for notifying account holders of events (assuming they are not a UAA student or staff member) |