Apache2-AuthZLDAP
view release on metacpan or search on metacpan
lib/Apache2/AuthZLDAP.pm view on Meta::CPAN
# Note: ldaps Defaults to port 636
PerlSetVar LDAPURI ldap://ldaphost1
PerlSetVar LDAPURI ldaps://ldaphost2
PerlSetVar LDAPURI ldap://ldaphost3:1001
# How to handle the certificate verification for ldaps:// URIs
# See start_tls in Net::LDAP for more information
# If you set any of the LDAPSSL* variables, be sure to include only
# ldaps:// URIs. Otherwise the connection will fail.
# (none|optional|require)
PerlSetVar LDAPSSLverify none
# Set to a directory that contains the CA certs
PerlSetVar LDAPSSLcapath /path/to/cadir
# Set to a file that contains the CA cert
PerlSetVar LDAPSSLcafile /path/to/cafile.pem
# Turn on TLS to encrypt a connection
# Note: This is different from ldaps:// connections. ldaps:// specifies
# an LDAP connection totally encapsulated by SSL usually running on a
# different port. TLS tells the LDAP server to encrypt a cleartext ldap://
# connection from the time the start_tls command is issued.
# (yes|no)
PerlSetVar LDAPTLS yes
# How to handle the certificate verification
# See start_tls in Net::LDAP for more information
# (none|optional|require)
PerlSetVar LDAPTLSverify none
# Set to a directory that contains the CA certs
PerlSetVar LDAPTLScapath /path/to/cadir
# Set to a file that contains the CA cert
PerlSetVar LDAPTLScafile /path/to/cafile.pem
# Specifies a user/password to use for the bind
# If LDAPuser is not specified, AuthZLDAP will attempt an anonymous bind
PerlSetVar LDAPuser cn=user,o=org
lib/Apache2/AuthZLDAP.pm view on Meta::CPAN
=cut
sub handler{
my $r= shift;
return Apache2::Const::OK unless $r->is_initial_req;
## Location Variables to connect to the good server
my @LDAPURI = $r->dir_config->get('LDAPURI');
my $LDAPSSLverify = lc($r->dir_config('LDAPSSLverify'));
my $LDAPSSLcapath = $r->dir_config('LDAPSSLcapath');
my $LDAPSSLcafile = $r->dir_config('LDAPSSLcafile');
my $LDAPTLS = lc($r->dir_config('LDAPTLS')) || "no";
my $LDAPTLSverify = lc($r->dir_config('LDAPTLSverify'));
my $LDAPTLScapath = $r->dir_config('LDAPTLScapath');
my $LDAPTLScafile = $r->dir_config('LDAPTLScafile');
if($LDAPTLS ne "yes" && $LDAPTLS ne "no"){
$LDAPTLS="no";
}
## bind
my $LDAPuser = $r->dir_config('LDAPuser');
my $LDAPpassword = $r->dir_config('LDAPpassword');
lib/Apache2/AuthZLDAP.pm view on Meta::CPAN
$r->log_error("Apache2::AuthZLDAP : $location, user didn't authentify uid empty");
return Apache2::Const::HTTP_UNAUTHORIZED;
}else{
$LDAPfilter =~ s/\[uid\]/$user/;
}
## port initialisation
my $session; ## TODO make this come from a pool maybe?
my $mesg;
unless ($session = Net::LDAP->new(\@LDAPURI, capath=>$LDAPSSLcapath, cafile=>$LDAPSSLcafile, verify=>$LDAPSSLverify)) {
$r->log_error("Apache2::AuthZLDAP : $location, LDAP error cannot create session");
return Apache2::Const::HTTP_UNAUTHORIZED;
}
if ($LDAPTLS eq 'yes') {
$mesg = $session->start_tls(capath=>$LDAPTLScapath, cafile=>$LDAPTLScafile, verify=>$LDAPTLSverify);
if ($mesg->code) {
$r->log_error("Apache2::AuthZLDAP : $location, LDAP error could not start TLS : ".$mesg->error);
}
return Apache2::Const::HTTP_UNAUTHORIZED;
}
## user password bind if configured else anonymous
if (defined $LDAPuser and defined $LDAPpassword){
$mesg = $session->bind($LDAPuser,password=>$LDAPpassword);
}else{
( run in 0.671 second using v1.01-cache-2.11-cpan-5467b0d2c73 )