Apache-AuthNetLDAP
view release on metacpan or search on metacpan
AuthNetLDAP.pm view on Meta::CPAN
use constant MP2 => ($mod_perl::VERSION >= 1.99);
# test for the version of mod_perl, and use the appropriate libraries
BEGIN {
if (MP2) {
require Apache::Const;
require Apache::Access;
require Apache::Connection;
require Apache::Log;
require Apache::RequestRec;
require Apache::RequestUtil;
Apache::Const->import(-compile => 'HTTP_UNAUTHORIZED','OK','DECLINED');
} else {
require Apache::Constants;
Apache::Constants->import('HTTP_UNAUTHORIZED','OK','DECLINED');
}
}
# Preloaded methods go here.
#handles Apache requests
sub handler
{
my $r = shift;
my ($result, $password) = $r->get_basic_auth_pw;
return $result if $result;
# change based on version of mod_perl
my $user = MP2 ? $r->user : $r->connection->user;
my $binddn = $r->dir_config('BindDN') || "";
my $bindpwd = $r->dir_config('BindPWD') || "";
my $basedn = $r->dir_config('BaseDN') || "";
my $ldapserver = $r->dir_config('LDAPServer') || "localhost";
my $ldapport = $r->dir_config('LDAPPort') || 389;
my $uidattr = $r->dir_config('UIDAttr') || "uid";
my $allowaltauth = $r->dir_config('AllowAlternateAuth') || "no";
my $ldapfilter = $r->dir_config('LDAPFilter') || "";
my $start_TLS = $r->dir_config('UseStartTLS') || "no";
my $scope = $r->dir_config('SearchScope') || "sub";
my $pwattr = $r->dir_config('AlternatePWAttribute') || "";
my $domain = "";
# remove the domainname if logging in from winxp
## Parse $name's with Domain\Username
if ($user =~ m|(\w+)[\\/](.+)|) {
($domain,$user) = ($1,$2);
}
if ($password eq "") {
$r->note_basic_auth_failure;
MP2 ? $r->log_error("user $user: no password supplied",$r->uri) : $r->log_reason("user $user: no password supplied",$r->uri);
return MP2 ? Apache::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED;
}
my $ldap = new Net::LDAP($ldapserver, port => $ldapport);
if (lc $start_TLS eq 'yes')
{
$ldap->start_tls(verify => 'none')
or MP2 ? $r->log_error( "Unable to start_tls", $r->uri)
: $r->log_reason("Unable to start_tls", $r->uri);
}
my $mesg;
#initial bind as user in Apache config
if ($bindpwd ne "")
{
$mesg = $ldap->bind($binddn, password=>$bindpwd);
}
else
{
$mesg = $ldap->bind();
}
#each error message has an LDAP error code
if (my $error = $mesg->code())
{
$r->note_basic_auth_failure;
MP2 ? $r->log_error("user $user: LDAP Connection Failed: $error",$r->uri) : $r->log_reason("user $user: LDAP Connection Failed: $error",$r->uri);
}
#Look for user based on UIDAttr
my $attrs = [];
if ($pwattr ne "")
{
$attrs = ['dn',$pwattr];
}
else
{
$attrs = ['dn'];
}
my $filter = $ldapfilter
? "(&$ldapfilter($uidattr=$user))"
: "($uidattr=$user)";
$mesg = $ldap->search(
base => $basedn,
scope => $scope,
filter => $filter,
attrs => $attrs
);
if (my $error = $mesg->code())
{
$r->note_basic_auth_failure;
MP2 ? $r->log_error("user $user: LDAP Connection Failed: $error",$r->uri) : $r->log_reason("user $user: LDAP Connection Failed: $error",$r->uri);
return MP2 ? Apache::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED;
}
unless ($mesg->count())
{
$r->note_basic_auth_failure;
MP2 ? $r->log_error("user $user: user entry not found for filter: $uidattr=$user",$r->uri) : $r->log_reason("user $user: user entry not found for filter: $uidattr=$user",$r->uri);
# If user is not found in ldap database, check for the next auth handler before failing
if (lc($allowaltauth) eq "yes")
{
return MP2 ? Apache::DECLINED : Apache::Constants::DECLINED;
}
( run in 1.117 second using v1.01-cache-2.11-cpan-13bb782fe5a )