• Your recent searches
Apache-AuthzLDAP
1 match

 view release on metacpan or  search on metacpan

AuthzLDAP.pm  view on Meta::CPAN 

      } else {
	$userinfo = ($msg->first_entry->get($memberattrvalue))[0];	
      }
      $r->log->debug("handler: Userinfo is $userinfo ($memberattrvalue)");

      $ld->unbind();
      $ld = undef;
      # Connect to the server
      unless ($ld = new Net::LDAP($authzldapserver,port => $authzldapport)) {
	$r->note_basic_auth_failure;
	$r->log_reason("user $username: Authz LDAP Connection Failed",$r->uri);
	return SERVER_ERROR;
      }

      # Bind anonymously
      $msg = $ld->bind;
      unless ($msg->code == LDAP_SUCCESS) {
	$r->note_basic_auth_failure;
	$r->log_reason("user $username: Authz LDAP Initial Bind Failed: " .
		       $msg->code . " " . $msg->error, $r->uri);
	return SERVER_ERROR;
      }

      # Compare the username
      my ($result, $group) = check_group($r, $ld, $basedn, $groupattrtype,
					 $memberattrtype, $userinfo, $rest,
					 $nestedattrtype, $nested_groups,
					 $requirement, 1);
      return $result unless $result == OK;

      # Everything's A-OK
      $r->log->debug("Setting REMOTE_GROUP to $group");
      $r->subprocess_env(REMOTE_GROUP => $group);
      $r->headers_in->{'REMOTE_GROUP'} = $group;
      return OK;
    }
  }
}

1;

__END__

# Documentation - try 'pod2text AuthzLDAP'

=head1 NAME

Apache::AuthzLDAP - mod_perl LDAP Authorization Module

=head1 SYNOPSIS

 <Directory /foo/bar>
 # Authorization Realm and Type (only Basic supported)
 AuthName "Foo Bar Authentication"
 AuthType Basic

 # Any of the following variables can be set.
 # Defaults are listed to the right.
 PerlSetVar AuthenBaseDN         o=Foo,c=Bar       # Default: Empty String ("")
 PerlSetVar AuthzBaseDN          o=My Company      # Default: none
 PerlSetVar AuthzGroupAttrType   gid               # Default: cn
 PerlSetVar AuthzLDAPServer      ldap.foo.com      # Default: localhost
 PerlSetVar AuthzLDAPPort        389               # Default: 389
 PerlSetVar AuthzMemberAttrType  uniquemember      # Default: member
 PerlSetVar AuthzMemberAttrValue dn                # Default: cn
 PerlSetVar AuthzNestedAttrType  uniquegroup       # Default: member
 PerlSetVar AuthzNestedGroups    on                # Default: off
 PerlSetVar AuthzRequire         inAllGroups       # Default: inAGroup
 PerlSetVar AuthzUidattrType     userid            # Default: uid

 PerlAuthzHandler Apache::AuthzLDAP

 require group "My Group" GroupA "Group B"         # Authorize user against
                                                   # multiple groups
 </Directory>

=head1 DESCRIPTION

B<Apache::AuthzLDAP> is designed to work with mod_perl
and Net::LDAP. This module authorizes a user against an LDAP
backend. It can be combined with Apache::AuthenLDAP to
provide LDAP authentication as well.

B<Apache::AuthzLDAP> sets both a request header and an environment
variable called REMOTE_GROUP which contains a space-separated,
double-quoted list of groups to which the requestor is authorized.

=head1 CONFIGURATION OPTIONS

The following variables can be defined within the configuration
of Directory, Location, or Files blocks or within .htaccess
files.

=over 4

=item B<AuthenBaseDN>

The base distinguished name with which to query LDAP for purposes
of authentication. By default, the AuthenBaseDN is blank.

=back

=over 4

=item B<AuthzBaseDN>

The base distinguished name with which to query LDAP for purposes
of authorization. By default, the AuthzBaseDN is blank.

=back

=over 4

=item B<AuthzGroupAttrType>

The attribute type name that contains the group's
identification. By default, AuthzGroupAttrType is set to cn.

=back

=over 4



( run in 1.272 second using v1.01-cache-2.11-cpan-ceb78f64989 )