Apache-AuthNetLDAP
view release on metacpan or search on metacpan
AuthNetLDAP.pm view on Meta::CPAN
unless ($mesg->count())
{
$r->note_basic_auth_failure;
MP2 ? $r->log_error("user $user: user entry not found for filter: $uidattr=$user",$r->uri) : $r->log_reason("user $user: user entry not found for filter: $uidattr=$user",$r->uri);
# If user is not found in ldap database, check for the next auth handler before failing
if (lc($allowaltauth) eq "yes")
{
return MP2 ? Apache::DECLINED : Apache::Constants::DECLINED;
}
else
{
return MP2 ? Apache::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED;
}
}
#now try to authenticate as user
my $entry = $mesg->shift_entry;
if ( $pwattr ne "" )
{
my $altfieldvalue = $entry->get_value ( $pwattr );
$altfieldvalue =~ s/^\s+//;
$altfieldvalue =~ s/\s+$//;
if ($altfieldvalue eq $password)
{
return MP2 ? Apache::OK : Apache::Constants::OK;
}
else
{
# If user is not found in ldap database, check for the next auth handler before failing
if (lc($allowaltauth) eq "yes")
{
return MP2 ? Apache::DECLINED : Apache::Constants::DECLINED;
}
else
{
return MP2 ? Apache::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED;
}
}
}
else
{
$mesg = $ldap->bind($entry->dn(),password=>$password);
}
if (my $error = $mesg->code())
{
$r->note_basic_auth_failure;
MP2 ? $r->log_error("user $user: failed bind: $error",$r->uri) : $r->log_reason("user $user: failed bind: $error",$r->uri);
return MP2 ? Apache::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED;
}
my $error = $mesg->code();
my $dn = $entry->dn();
# MP2 ? $r->log_error("AUTHDEBUG user $dn:$password bind: $error",$r->uri) : $r->log_reason("AUTHDEBUG user $dn:$password bind: $error",$r->uri);
return MP2 ? Apache::OK : Apache::Constants::OK;
}
# Autoload methods go after =cut, and are processed by the autosplit program.
# Below is the stub of documentation for your module. You better edit it!
=head1 NAME
Apache::AuthNetLDAP - mod_perl module that uses the Net::LDAP module for user authentication for Apache
=head1 SYNOPSIS
AuthName "LDAP Test Auth"
AuthType Basic
#only set the next two if you need to bind as a user for searching
#PerlSetVar BindDN "uid=user1,ou=people,o=acme.com" #optional
#PerlSetVar BindPWD "password" #optional
PerlSetVar BaseDN "ou=people,o=acme.com"
PerlSetVar LDAPServer ldap.acme.com
PerlSetVar LDAPPort 389
#PerlSetVar UIDAttr uid
PerlSetVar UIDAttr mail
#PerlSetVar AlternatePWAttribute alternateAttribute
#PerlSetVar SearchScope base | one | sub # default is sub
#PerlSetVar LDAPFilter "(&(course=CSA)(class=A))" #optional
# Set if you want to encrypt communication with LDAP server
# and avoid sending clear text passwords over the network
PerlSetVar UseStartTLS yes | no
# Set if you want to allow an alternate method of authentication
PerlSetVar AllowAlternateAuth yes | no
require valid-user
PerlAuthenHandler Apache::AuthNetLDAP
=head1 DESCRIPTION
This module authenticates users via LDAP using the Net::LDAP module. This module is Graham Barr's "pure" Perl LDAP API.
It also uses all of the same parameters as the Apache::AuthPerLDAP, but I have added four extra parameters.
The parameters are:
=over 4
=item PerlSetVar BindDN
Used to set initial LDAP user.
=item PerlSetVar BindPWD
Used to set initial LDAP password.
=item PerlSetVar BaseDN
This sets the search base used when looking up a user in an LDAP server.
=item PerlSetVar LDAPServer
This is the hostname of the LDAP server you wish to use.
=item PerlSetVar LDAPPort
( run in 1.344 second using v1.01-cache-2.11-cpan-39bf76dae61 )