Apache-AuthzNetLDAP
1 match

 view release on metacpan or  search on metacpan

AuthzNetLDAP.pm  view on Meta::CPAN 

package Apache::AuthzNetLDAP;

use strict;
use Carp;
use vars qw($VERSION @ISA @EXPORT @EXPORT_OK $AUTOLOAD);

require Exporter;
require DynaLoader;
require AutoLoader;

use Net::LDAP;
use mod_perl;

@ISA = qw(Exporter DynaLoader);
# Items to export into callers namespace by default. Note: do not export
# names by default without a very good reason. Use EXPORT_OK instead.
# Do not simply export all your public functions/methods/constants.
@EXPORT = qw(

);
$VERSION = '0.07';
#bootstrap Apache::AuthzNetLDAP $VERSION;

# setting the constants to help identify which version of mod_perl
# is installed
use constant MP2 => ($mod_perl::VERSION >= 1.99);

# test for the version of mod_perl, and use the appropriate libraries
BEGIN {
	if (MP2) {
		require Apache::Const;
		require Apache::Access;
		require Apache::Connection;
		require Apache::Log;
		require Apache::RequestRec;
		require Apache::RequestUtil;
		require URI;
		require URI::ldap;
		Apache::Const->import(-compile => 'HTTP_UNAUTHORIZED','OK', 'DECLINED');
	} else {
		require Apache::Constants;
		require URI;
		Apache::Constants->import('HTTP_UNAUTHORIZED','OK', 'DECLINED');
	}
}

# Preloaded methods go here.

#will determine if an entry in LDAP server is a member of a givengroup
#will handle groupofmembers, groupofuniquemembers, or Netscape's dynamic group
#eventually will handle LDAP url to add support for LDAP servers that don't support
#dynamic groups

#in future we should store user's DN in global cache to reduce searches on LDAP server
#also share LDAP connection


#proccesses a require directive
sub handler

{
 my $r = shift; 

   my $requires = $r->requires;

   return MP2 ? Apache::DECLINED : Apache::Constants::DECLINED unless $requires;


   my $username = MP2 ? $r->user : $r->connection->user;


  #need to step through each requirement, handle valid-user, return OK once have match , otherwise return failure
   my $binddn = $r->dir_config('BindDN') || "";
   my $bindpwd = $r->dir_config('BindPWD') || "";
   my $basedn = $r->dir_config('BaseDN') || ""; 
   my $ldapserver = $r->dir_config('LDAPServer') || "localhost";
   my $ldapport = $r->dir_config('LDAPPort') || 389;
   my $uidattr = $r->dir_config('UIDAttr') || "uid";

   #first we connect to the LDAP server 
   my $ldap = new Net::LDAP($ldapserver, port => $ldapport);

   #initial bind as user in Apache config
   my $mesg = $ldap->bind($binddn, password=>$bindpwd);
  
   #each error message has an LDAP error code
   if (my $error = $mesg->code())
   {
        $r->note_basic_auth_failure;
        MP2 ? $r->log_error("user $username: LDAP Connection Failed: $error",$r->uri) : $r->log_reason("user $username: LDAP Connection Failed: $error",$r->uri);
        return MP2 ? Apache::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED;
   }

   #first let's get the user's DN 
   my $attrs = ['dn'];
   $mesg = $ldap->search(
                  base => $basedn,
                  scope => 'sub',                  
                  filter => "($uidattr=$username)",
                  attrs => $attrs
                 );

  				 
    if (my $error = $mesg->code())
   {
        $r->note_basic_auth_failure;
        MP2 ? $r->log_error("user $username: LDAP Connection Failed: $error",$r->uri) : $r->log_reason("user $username: LDAP Connection Failed: $error",$r->uri);
        return MP2 ? Apache::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED;
   }
   my $entry = $mesg->shift_entry(); 
 
   #now let's find out if they are a member or not!
   #now process require



( run in 0.639 second using v1.01-cache-2.11-cpan-39bf76dae61 )