Apache2-AuthNetLDAP
1 match

 view release on metacpan or  search on metacpan

AuthNetLDAP.pm  view on Meta::CPAN 


   unless ($mesg->count())
   {
        $r->note_basic_auth_failure;
	$r->log_error("user $user: user entry not found for filter: $uidattr=$user",$r->uri);
	# If user is not found in ldap database, check for the next auth handler before failing 
	if (lc($allowaltauth) eq "yes")
	{
	    return Apache2::Const::DECLINED;
        }
        else
        {
	    return Apache2::Const::HTTP_UNAUTHORIZED;
        }
   }
 
   #now try to authenticate as user
   my $entry = $mesg->shift_entry;

   if ( $pwattr ne "" )
   {
       my $altfieldvalue = $entry->get_value ( $pwattr );
       $altfieldvalue =~ s/^\s+//;
       $altfieldvalue =~ s/\s+$//;
       if ($altfieldvalue eq $password)
       {
	   return Apache2::Const::OK;
       }
       else
       {
	# If user is not found in ldap database, check for the next auth handler before failing 
	if (lc($allowaltauth) eq "yes")
	{
	    return Apache2::Const::DECLINED;
        }
        else
        {
	    return Apache2::Const::HTTP_UNAUTHORIZED;
        }
       }
   }
   else
   {
       $mesg = $ldap->bind($entry->dn(),password=>$password);
   }
 
  if (my $error = $mesg->code())
  {
        $r->note_basic_auth_failure;
        $r->log_error("user $user: failed bind: $error",$r->uri);
        return Apache2::Const::HTTP_UNAUTHORIZED;
   }
        my $error = $mesg->code();
        my $dn = $entry->dn();
        # $r->log_error("AUTHDEBUG user $dn:$password bind: $error",$r->uri);

   return Apache2::Const::OK;
}
# Autoload methods go after =cut, and are processed by the autosplit program.

# Below is the stub of documentation for your module. You better edit it!

=head1 NAME

Apache2::AuthNetLDAP - mod_perl module that uses the Net::LDAP module for user authentication for Apache 

=head1 SYNOPSIS

 AuthName "LDAP Test Auth"
 AuthType Basic

 #only set the next two if you need to bind as a user for searching
 #PerlSetVar BindDN "uid=user1,ou=people,o=acme.com" #optional
 #PerlSetVar BindPWD "password" #optional
 PerlSetVar BaseDN "ou=people,o=acme.com"
 PerlSetVar LDAPServer ldap.acme.com
 PerlSetVar LDAPPort 389
 #PerlSetVar UIDAttr uid
 PerlSetVar UIDAttr mail
 #PerlSetVar AlternatePWAttribute alternateAttribute
 #PerlSetVar SearchScope base | one | sub # default is sub
 #PerlSetVar LDAPFilter "(&(course=CSA)(class=A))" #optional

 # Set if you want to encrypt communication with LDAP server
 # and avoid sending clear text passwords over the network
 PerlSetVar UseStartTLS yes | no
 
 # Set if you want to allow an alternate method of authentication
 PerlSetVar AllowAlternateAuth yes | no

 require valid-user

 PerlAuthenHandler Apache2::AuthNetLDAP

=head1 DESCRIPTION

This module authenticates users via LDAP using the Net::LDAP module. This module is Graham Barr's "pure" Perl LDAP API. 

It also uses all of the same parameters as the Apache::AuthPerLDAP, but I have added four extra parameters. 

The parameters are:

=over 4

=item PerlSetVar BindDN

Used to set initial LDAP user.

=item PerlSetVar BindPWD

Used to set initial LDAP password.

=item PerlSetVar BaseDN

This sets the search base used when looking up a user in an LDAP server.

=item PerlSetVar LDAPServer 

This is the hostname of the LDAP server you wish to use.

=item PerlSetVar LDAPPort



( run in 1.241 second using v1.01-cache-2.11-cpan-39bf76dae61 )