Apache2-AuthTicketLDAP
2 results

 view release on metacpan or  search on metacpan

AuthTicketLDAP.pm  view on Meta::CPAN 


    $entry = $self->ldap_search($user);
    if ($entry) {
        return $self->ldap_cache($user, $entry);
    }

    return undef;
}

sub check_credentials {
    my ($self, $user, $password) = @_;
    my ($entry, $mesg);
    # 1) check_ldap_cache for UID entry. Avoids anonymous search.
    # 2) if not in cache, run a search and cache the result
    # 3) lastly, bind with supplied password.

    $entry = $self->ldap_cache($user) or return 0;

    $mesg = $self->ldap->bind($entry->dn(), password => $password)
        or die "$@";

    if (!$mesg->is_error()) {
        return 1;
    }

    return 0;
}

sub ldap_attribute {

AuthTicketLDAP.pm  view on Meta::CPAN 


=head1 DESCRIPTION

This module builds upon the I<Apache2::AuthTicket> database-backed, cookie 
ticketing system for websites. It provides for authentication and authorization
against an LDAP database. It also implements I<CHI>-based, mmap'd file caching
of LDAP entries and SELECT queries.

Further differences between the two modules include:
 1) Custom dbi_connect, supporting:
    a) passwordless local connections
    b) AutoCommit via TicketDBAutoCommit option
    c) a couple of Informix-specific options (ISOLATION and LOCK MODE)
 2) Use SHA512 instead of MD5 for digests
 3) Support "require ldap_attribute myAttrib=Foo"
 4) TicketThreshold: Only update database when a ticket timestamp is at least
    X seconds old. Reduces database updates.

Keep in mind that the mmap caching will make apache processes look huge. It is 
an illusion -- cached files are only mapped into memory once.

LDAP authentication processing works similarly to mod_ldap/mod_authnz_ldap. 
 1) An anonymous search looks up a user on the LDAP server. 
 Returns 403 if unsuccessful. Otherwise, the entry is cached.
 2) That user's LDAP entry DN and password is used to bind to
 the server. Returns 403 if unsuccessful, OK if successful.

On the database side, everything works the same as I<Apache2::AuthTicket> except
that users are authenticated and authorized with LDAP instead.

Authorization works similarly to mod_ldap/mod_authnz_ldap.
 1) B<require valid-user> works as usual.
 2) B<require ldap-attribute> was changed to B<require ldap_attribute> (note 
 the underscore).
    a) The cache is checked for an LDAP entry for the user.

README  view on Meta::CPAN 

make
sudo make install

This version of Apache2::AuthTicketLDAP overloads several methods from
Apache::AuthTicket, including:

===============================================================================
Plan to submit upstream
===============================================================================
dbi_connect()
 a) passwordless local connections
 b) AutoCommit via TicketDBAutoCommit option
 c) a couple of Informix-specific options (ISOLATION and LOCK MODE)

_update_ticket_timestamp()
 a) TicketThreshold: Only update the database when a ticket timestamp is at
 least X seconds old. Reduces database updates.

===============================================================================
Needs some work to support configuration, but could be submitted upstream
===============================================================================



( run in 1.253 second using v1.01-cache-2.11-cpan-49f99fa48dc )