Apache-AuthenLDAP
3 results

 view release on metacpan or  search on metacpan

AuthenLDAP.pm  view on Meta::CPAN 

    return OK;
  }

  my $basedn = $r->dir_config('AuthenBaseDN') || '';
  my $ldapserver = $r->dir_config('AuthenLDAPServer') || "localhost";
  my $ldapport = $r->dir_config('AuthenLDAPPort') || 389;
  my $uidattrtype = $r->dir_config('AuthenUidAttrType') || "uid";

  my $expire = lc($r->dir_config('AuthenExpire')) || 'false';
  my $exp_attrtype = $r->dir_config('AuthenExpireAttrType') ||
    'passwordIsExpired';
  my $exp_lastmodattrtype =
    $r->dir_config('AuthenExpireLastModAttrType') ||
      'passwordModifyTimestamp';
  my $exp_time = $r->dir_config('AuthenExpireTime') ||
    186;
  my $exp_redirect = $r->dir_config('AuthenExpireRedirect') || '';

  $r->log->debug("handler: ",
		 "AuthenBaseDN - $basedn; LDAPServer - $ldapserver; ",
		 "LDAPPort - $ldapport; UiaDttrType - $uidattrtype; ",
		 "Expire - $expire; ExireAttrType - $exp_attrtype; ",
		 "ExpireLastModAttrType - $exp_lastmodattrtype; ",
		 "ExpireTime - $exp_time; ExpireRedirect - $exp_redirect");

  if ($sent_pwd eq "") {
    $r->note_basic_auth_failure;
    $r->log_reason("user $name: no password supplied", $r->uri);
    return AUTH_REQUIRED;
  }

  # Connect to the server
  my $ld;
  unless ($ld = new Net::LDAP($ldapserver, port => $ldapport)) {
    $r->note_basic_auth_failure;
    $r->log_reason("user $name: LDAP Connection Failed", $r->uri);
    return SERVER_ERROR;
  }

AuthenLDAP.pm  view on Meta::CPAN 

    $r->note_basic_auth_failure;
    $r->log_reason("user $name: username not found",$r->uri);
    return AUTH_REQUIRED;
  }

  # Only want the first if we've received more than one
  my $entry = $msg->first_entry;
  my $dn = $entry->dn;

  # Bind as the user we're authenticating
  $msg = $ld->bind($dn, password => $sent_pwd);
  unless ($msg->code == LDAP_SUCCESS) {
    $r->note_basic_auth_failure;
    $r->log_reason("user $name: password mismatch", $r->uri);
    return AUTH_REQUIRED;
  }

  $ld->unbind;

  if ($expire eq 'true') {
    # Is the password set to expired in LDAP?
    if (($entry->get($exp_attrtype))[0] eq 'true') {
      $r->log->debug("handler: password flag expired");
      $r->custom_response(FORBIDDEN, "$exp_redirect");
      return FORBIDDEN;
    }

    # Has the password passed the age limit?
    my ($modyear, $modmonth, $modday) = 
      (($entry->get($exp_lastmodattrtype))[0] =~ /(\d{4})(\d{2})(\d{2})/);
    my ($year, $month, $day) = Today([time]);
    if (Date_to_Days($year, $month, $day) -
	Date_to_Days($modyear, $modmonth, $modday) > $exp_time) {
      $r->log->debug("handler: password age expired");
      $r->custom_response(FORBIDDEN, "$exp_redirect");
      return FORBIDDEN;
    }
  }

  # Everything's A-OK
  return OK;
}

1;

AuthenLDAP.pm  view on Meta::CPAN 


Password expiration enablement. By default, AuthenExpire is set to
false.

=back

=over 4

=item B<AuthenExpireAttrType>

The attribute type name that contains whether or not the password is
expired. By default, AuthenExpireAttrType is passwordIsExpired.

=back

=over 4

=item B<AuthenExpireLastModAttrType>

The attribute type name that contains the password last modified
timestamp in YYYYMMDD format.  By default AuthenExpireLastModAttrType
is set to passwordModifyTimestamp.

=back

=over 4

=item B<AuthenExpireTime>

The time in days at which a password expires. By default,
AuthenExpireTime is set to 186.

=back

=over 4

=item B<AuthenExpireRedirect>

The location to which you wish to redirect users whose passwords are
expired. If this value is left blank, the server will respond with a
401 error.

=back

=head1 NOTES

This module has hooks built into it to handle Apache::AuthenCache
version 0.04 and higher passing notes to avoid bugs in the
set_handlers() method in mod_perl versions 1.2x.

ChangeLog  view on Meta::CPAN 

2003-06-23	Christian Gilmore <cag@us.ibm.com>

	o  Changed expired password response to FORBIDDEN.
	o  Made release 1.00.

2002-03-07	Christian Gilmore <cgilmore@tivoli.com>
	o  Added password expiration handling.
	o  Removed generic variable names used exclusively
	   in releases prior to 0.60.
	o  Updated README to include mention of new features.
	o  Made release 0.90.
	
2001-07-12	Christian Gilmore <cgilmore@tivoli.com>

	o  Removed test for mod_perl-1.26 or higher.
	o  Cleaned up documentation
	o  Made release 0.61

README  view on Meta::CPAN 

Apache::AuthenLDAP is designed to work with mod_perl and
Net::LDAP. This module authenticates a user against an LDAP
backend. It can be combined with Apache::AuthzLDAP to provide
LDAP authorization as well.

This module also handles password aging and expiration, allowing for
enforcement of local password policy.

See AuthenLDAP.pm pod for detailed documentation.

$Id: README,v 1.2 2002/03/07 22:03:23 cgilmore Exp $



( run in 1.081 second using v1.01-cache-2.11-cpan-49f99fa48dc )