password results from the CPAN

password

Apache-AuthenMSAD

view release on metacpan or search on metacpan

lib/Apache/AuthenMSAD.pm view on Meta::CPAN


# $Id: AuthenMSAD.pm,v 1.7 2005/11/29 13:46:04 reggers Exp $

sub handler
{
   my $r = shift;
   # Continue only if the first request.

   # return OK unless $r->is_initial_req;

   # Grab the password, or return in HTTP_UNAUTHORIZED

   my ($res, $pass) = $r->get_basic_auth_pw;
   return $res if $res;

   my $user = $r->user;

   my $domain = $r->dir_config('MSADDomain') || "no-domain";
   my $server = $r->dir_config('MSADServer') || $domain;

   if ($pass eq "") {
      $r->note_basic_auth_failure;
      $r->log_reason("user - no password supplied",$r->uri);
      return Apache::Constants::HTTP_UNAUTHORIZED;
   }

   if ($user eq "") {
      $r->note_basic_auth_failure;
      $r->log_reason("user - no userid supplied",$r->uri);
      return Apache::Constants::HTTP_UNAUTHORIZED;
   }

   my $ldap = Net::LDAP->new($server, version=>3);
   unless ($ldap) {
      $r->note_basic_auth_failure;
      $r->log_reason("user - MSAD LDAP Connect Failed",$r->uri);
      return Apache::Constants::HTTP_UNAUTHORIZED;
   }

   my $result= $ldap->bind (dn => "$user\@$domain", password => $pass);
   if (!$result || ($result && $result->code)) {
      $r->note_basic_auth_failure;
      $r->log_reason("user - Active Directory Authen Failed",$r->uri);
      return Apache::Constants::HTTP_UNAUTHORIZED;
   }

   return Apache::Constants::OK;
}

lib/Apache/AuthenMSAD.pm view on Meta::CPAN

At our site the domain mentioned in the userPrincipalName is
"ads.uwaterloo.ca" -- that is also the name we use for our collection
of Domain Controllers. You might not implement that convention. If you
do the MSADServer parameter is optional -- it defaults to the
MSADDomain. This version is patched to use mod_per2 (>=2.0x) and apache2.
It was tested in an production environment to work perfectly.

=head1 BEWARE

This builds on the Net::LDAP interface and as such passes the userid
and password in the clear. We've not been able to get Net::LDAPS to
work with Microsoft Active Directory. If anyone else has we'd dearly
love to hear from them.

=head1 AUTHOR

Yvan Rodrigues <yrodrigu@uwaterloo.ca>
Reg Quinton <reggers@ist.uwaterloo.ca>
Franz Skale <franz.skale@cubit.at>

Ported to mod_perl1 by Andrew McGregor C<< <andy@txm.mobi> >>, <L<http://www.txm.net>>

( run in 1.118 second using v1.01-cache-2.11-cpan-49f99fa48dc )