Adding objects to LDAP via CGI
Question
I have a web form that collects information and submits it to a cgi that attempts to insert the data into LDAP. The problem is that I'm trying to use a variable with ::ldap::add and it's just not working. Here's the code:
if {[string length env(QUERY_STRING)] != 0} {
set handle [::ldap::connect localhost]
set dn "cn=admin,dc=mycompany,dc=com"
set pw "myPassword"
::ldap::bind $handle $dn $pw
set dn "cn=[ncgi::value givenName] [ncgi::value sn],ou=people,dc=mycompany,dc=com"
set formValues [
puts "cn {{[ncgi::value givenName] [ncgi::value sn]}}"
puts "displayName [ncgi::value givenName] [ncgi::value sn]"
foreach {key value} [ncgi::nvlist] {
if {[string length $value] != 0} {
puts "$key $value"
}
}
puts "objectClass top"
puts "objectClass person"
puts "objectClass organizationalPerson"
puts "objectClass inetOrgPerson"
]
::ldap::add $handle $dn {
$formValues
}
ldap::unbind $handle
}
However, if I replace $formValues with the actual entries that I want to insert into LDAP, they get added just fine.
I'm new to TCL so I wouldn't be surprised if there were some glaring errors in this snippet.
Thanks in advance!
Solution
The big mistakes:
- The square brackets substitute the result of the script inside it and not its output.
- The
puts
commands sends strings to stdout (or a file) and doesn't save them for processing later. - The curly braces totally quash all substitutions inside them.
The fixes are to use list commands to build the description to use with ldap::add
. For example:
set formValues {}
lappend formValues cn "[ncgi::value givenName] [ncgi::value sn]"
### Might need this instead; it depends on how you want to do the construction
# lappend formValues cn [list [ncgi::value givenName] [ncgi::value sn]]
lappend formValues displayName "[ncgi::value givenName] [ncgi::value sn]"
foreach {key value} [ncgi::nvlist] {
### Could also use {$value ne ""} here
if {[string length $value] != 0} {
lappend formValues $key $value
}
}
lappend formValues objectClass top
lappend formValues objectClass person
lappend formValues objectClass organizationalPerson
lappend formValues objectClass inetOrgPerson
::ldap::add $handle $dn $formValues
Also, if those keys are coming from a form, you should add more validation to stop malicious users from adding unexpected extras like additional objectClass
es. An ounce of prevention is worth a hundredweight of cure.