Apache-AuthPerLDAP
view release on metacpan or search on metacpan
AuthPerLDAP.pm view on Meta::CPAN
use mod_perl;
use Apache::Constants qw(OK AUTH_REQUIRED);
use Mozilla::LDAP::Conn;
use strict;
$Apache::AuthPerLDAP::VERSION = '0.5';
sub handler {
my $r = shift;
my ($result, $password) = $r->get_basic_auth_pw;
return $result if $result;
my $username = $r->connection->user;
my $basedn = $r->dir_config('BaseDN') || "";
my $ldapserver = $r->dir_config('LDAPServer') || "localhost";
my $ldapport = $r->dir_config('LDAPPort') || 389;
my $uidattr = $r->dir_config('UIDAttr') || "uid";
if ($password eq "") {
$r->note_basic_auth_failure;
$r->log_reason("user $username: no password supplied",$r->uri);
return AUTH_REQUIRED;
}
my $conn = new Mozilla::LDAP::Conn({ "host" => $ldapserver,
"port" => $ldapport} );
unless($conn) {
$r->note_basic_auth_failure;
$r->log_reason("user $username: LDAP Connection Failed",$r->uri);
return AUTH_REQUIRED;
}
AuthPerLDAP.pm view on Meta::CPAN
$r->note_basic_auth_failure;
$r->log_reason("user $username: username not found",$r->uri);
return AUTH_REQUIRED;
}
# Found username in LDAP database, get its DN
my $dn = $entry->getDN();
#
# Try to rebind with the users DN and password.
#
unless (($dn ne "") && ($conn->simpleAuth($dn, $password))) {
$r->note_basic_auth_failure;
$r->log_reason("user $username: invalid password", $r->uri);
return AUTH_REQUIRED;
}
return OK;
} # End of handler()
1;
__END__
AuthPerLDAP.pm view on Meta::CPAN
require valid-user
PerlAuthenHandler Apache::AuthPerLDAP
</Directory>
These directives can also be used in a .htaccess file.
=head1 DESCRIPTION
AuthPerLDAP provides Basic Authentication, with username/password
lookups against an LDAP server, using Netscape's PerLDAP kit.
It is heavily based on Clayton Donley's Apache::AuthLDAP module,
but uses the newer Netscape PerLDAP (Mozilla::LDAP), which in turn
uses the Netscape Directory SDK for C. Thus Donley's original
Net::LDAPapi module and library is no longer required.
It requires mod_perl and PerLDAP (v1.2 or later).
Building mod_perl with:
perl Makefile.PL PERL_AUTHEN=1 PERL_STACKED_HANDLERS=1 PERL_GET_SET_HANDLERS
works for me. If this module is the only Apache/Perl module you are going to use,
you probably don't need anything but the PERL_AUTHEN hook enabled.
Unlike Donley's Apache::AuthLDAP module, AuthPerLDAP is only used for
authentication, and thus only supports the require-user directive.
If a user enters the correct username and password, the authentication
is considered to be OK.
=head1 TODO
=over 4
=item *
Find out more about these messages in the error_log:
"child pid 5244 exit signal Segmentation Fault (11)"
NAME
Apache::AuthPerLDAP - mod_perl PerLDAP Authentication Module
DESCRIPTION
AuthPerLDAP provides Basic Authentication, with
username/password lookups against an LDAP server, using
Netscape's PerLDAP kit.
It is heavily based on Clayton Donley's Apache::AuthLDAP
module, but uses the newer Netscape PerLDAP (Mozilla::LDAP),
which in turn uses the Netscape Directory SDK for C. Thus
Donley's original Net::LDAPapi module and library is no
longer required.
It requires mod_perl and PerLDAP (v1.2 or later). Building
mod_perl with:
perl Makefile.PL PERL_AUTHEN=1 PERL_STACKED_HANDLERS=1
PERL_GET_SET_HANDLERS
works for me. If this module is the only Apache/Perl module
you are going to use, you probably don't need anything but
the PERL_AUTHEN hook enabled.
Unlike Donley's Apache::AuthLDAP module, AuthPerLDAP is only
used for authentication, and thus only supports the
require-user directive. If a user enters the correct
username and password, the authentication is considered to
be OK.
CREDITS
Apache::AuthPerLDAP is greatly inspired by the original
Apache::AuthLDAP written by Clayton Donley.
Adoption to PerLDAP was done by reading the PerLDAP source
and documentation provided by Netscape Corp. and Leif
Hedstrom, found at www.perldap.org.
( run in 1.075 second using v1.01-cache-2.11-cpan-49f99fa48dc )