通过 CGI 将对象添加到 LDAP

发布于 2024-08-26 23:45:08 字数 1180 浏览 5 评论 0原文

我有一个 Web 表单，用于收集信息并将其提交给尝试将数据插入 LDAP 的 cgi。问题是我试图将变量与 ::ldap::add 一起使用，但它不起作用。代码如下：

if {[string length env(QUERY_STRING)] != 0} {
    set handle [::ldap::connect localhost]
    set dn "cn=admin,dc=mycompany,dc=com"
    set pw "myPassword"

    ::ldap::bind $handle $dn $pw

    set dn "cn=[ncgi::value givenName] [ncgi::value sn],ou=people,dc=mycompany,dc=com"

    set formValues [
            puts "cn        {{[ncgi::value givenName] [ncgi::value sn]}}"
            puts "displayName       [ncgi::value givenName] [ncgi::value sn]"
            foreach {key value} [ncgi::nvlist] {
                    if {[string length $value] != 0} {
                            puts "$key      $value"
                    }
            }
            puts "objectClass       top"
            puts "objectClass       person"
            puts "objectClass       organizationalPerson"
            puts "objectClass       inetOrgPerson"
    ]

    ::ldap::add $handle $dn {
            $formValues
    }

    ldap::unbind $handle

}

但是，如果我将 $formValues 替换为我想要插入到 LDAP 中的实际条目，它们就会被很好地添加。

我是 TCL 的新手，所以如果这段代码中存在一些明显的错误，我不会感到惊讶。

提前致谢！

原文

I have a web form that collects information and submits it to a cgi that attempts to insert the data into LDAP. The problem is that I'm trying to use a variable with ::ldap::add and it's just not working. Here's the code:

if {[string length env(QUERY_STRING)] != 0} {
    set handle [::ldap::connect localhost]
    set dn "cn=admin,dc=mycompany,dc=com"
    set pw "myPassword"

    ::ldap::bind $handle $dn $pw

    set dn "cn=[ncgi::value givenName] [ncgi::value sn],ou=people,dc=mycompany,dc=com"

    set formValues [
            puts "cn        {{[ncgi::value givenName] [ncgi::value sn]}}"
            puts "displayName       [ncgi::value givenName] [ncgi::value sn]"
            foreach {key value} [ncgi::nvlist] {
                    if {[string length $value] != 0} {
                            puts "$key      $value"
                    }
            }
            puts "objectClass       top"
            puts "objectClass       person"
            puts "objectClass       organizationalPerson"
            puts "objectClass       inetOrgPerson"
    ]

    ::ldap::add $handle $dn {
            $formValues
    }

    ldap::unbind $handle

}

However, if I replace $formValues with the actual entries that I want to insert into LDAP, they get added just fine.

I'm new to TCL so I wouldn't be surprised if there were some glaring errors in this snippet.

Thanks in advance!

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

在风中等你 2024-09-02 23:45:08

最大的错误：

方括号替换了其中脚本的结果，而不是它的输出。
puts 命令将字符串发送到 stdout（或文件），并且不会保存它们以供以后处理。
大括号完全取消了其中的所有替换。

修复方法是使用列表命令来构建与 ldap::add 一起使用的描述。例如：

set formValues {}
lappend formValues cn          "[ncgi::value givenName] [ncgi::value sn]"
### Might need this instead; it depends on how you want to do the construction
# lappend formValues cn        [list [ncgi::value givenName] [ncgi::value sn]]
lappend formValues displayName "[ncgi::value givenName] [ncgi::value sn]"
foreach {key value} [ncgi::nvlist] {
    ### Could also use {$value ne ""} here
    if {[string length $value] != 0} {
        lappend formValues $key $value
    }
}
lappend formValues objectClass top
lappend formValues objectClass person
lappend formValues objectClass organizationalPerson
lappend formValues objectClass inetOrgPerson

::ldap::add $handle $dn $formValues

此外，如果这些密钥来自表单，您应该添加更多验证以阻止恶意用户添加意外的额外内容，例如额外的 objectClasses。一盎司的预防胜过一英担的治疗。

The big mistakes:

The square brackets substitute the result of the script inside it and not its output.
The puts commands sends strings to stdout (or a file) and doesn't save them for processing later.
The curly braces totally quash all substitutions inside them.

The fixes are to use list commands to build the description to use with ldap::add. For example:

set formValues {}
lappend formValues cn          "[ncgi::value givenName] [ncgi::value sn]"
### Might need this instead; it depends on how you want to do the construction
# lappend formValues cn        [list [ncgi::value givenName] [ncgi::value sn]]
lappend formValues displayName "[ncgi::value givenName] [ncgi::value sn]"
foreach {key value} [ncgi::nvlist] {
    ### Could also use {$value ne ""} here
    if {[string length $value] != 0} {
        lappend formValues $key $value
    }
}
lappend formValues objectClass top
lappend formValues objectClass person
lappend formValues objectClass organizationalPerson
lappend formValues objectClass inetOrgPerson

::ldap::add $handle $dn $formValues

Also, if those keys are coming from a form, you should add more validation to stop malicious users from adding unexpected extras like additional objectClasses. An ounce of prevention is worth a hundredweight of cure.

回复收藏 0 原文

~没有更多了~