view release on metacpan or  search on metacpan

lib/Apache/Session/Browseable/Store/LDAP.pm  view on Meta::CPAN

        }
        push @servers, $server;
    }

    # Compatibility
    my $caFile = $self->{args}->{ldapCAFile} || $self->{args}->{caFile};
    my $caPath = $self->{args}->{ldapCAPath} || $self->{args}->{caPath};

    # Connect
    my $ldap = Net::LDAP->new(
        \@servers,
        onerror => undef,
        verify  => $self->{args}->{ldapVerify} || "require",
        ( $caFile ? ( cafile => $caFile ) : () ),
        ( $caPath ? ( capath => $caPath ) : () ),

        (
            $self->{args}->{ldapRaw} ? ( raw => $self->{args}->{ldapRaw} )
            : ()
        ),
        (
            $self->{args}->{ldapPort} ? ( port => $self->{args}->{ldapPort} )
            : ()
        ),
        (
            $self->{args}->{ldapTimeout}
            ? ( timeout => $self->{args}->{ldapTimeout} )
            : ()
        ),
    ) or die( 'Unable to connect to ' . join( ' ', @servers ) . ": " . $@ );

    # Check SSL error for old Net::LDAP versions
    if ( $Net::LDAP::VERSION < '0.64' ) {

        # CentOS7 has a bug in which IO::Socket::SSL will return a broken
        # socket when certificate validation fails. Net::LDAP does not catch
        # it, and the process ends up crashing.
        # As a precaution, make sure the underlying socket is doing fine:
        if (    $ldap->socket->isa('IO::Socket::SSL')
            and $ldap->socket->errstr < 0 )
        {
            die( "SSL connection error: " . $ldap->socket->errstr );
        }
    }

    # Start TLS if needed
    if ($useTls) {
        my %h = split( /[&=]/, $tlsParam );
        $h{verify} ||= ( $self->{args}->{ldapVerify} || "require" );
        $h{cafile} ||= $caFile if ($caFile);
        $h{capath} ||= $caPath if ($caPath);
        my $start_tls = $ldap->start_tls(%h);
        if ( $start_tls->code ) {
            $self->logError($start_tls);
            return;
        }
    }

    # Bind with credentials
    my $bind = $ldap->bind( $self->{args}->{ldapBindDN},
        password => $self->{args}->{ldapBindPassword} );
    if ( $bind->code ) {
        $self->logError($bind);
        return;
    }

    $self->{ldap} = $ldap;
    return $ldap;
}

sub logError {
    my $self           = shift;
    my $ldap_operation = shift;
    die "LDAP error " . $ldap_operation->code . ": " . $ldap_operation->error;
}

1;

=pod

=head1 NAME

Apache::Session::Browseable::Store::LDAP - Use LDAP to store persistent objects

=head1 SYNOPSIS

 use Apache::Session::Browseable::Store::LDAP;

 my $store = new Apache::Session::Browseable::Store::LDAP;

 $store->insert($ref);
 $store->update($ref);
 $store->materialize($ref);
 $store->remove($ref);

=head1 DESCRIPTION

This module fulfills the storage interface of Apache::Session.  The serialized
objects are stored in an LDAP directory file using the Net::LDAP Perl module.

=head1 OPTIONS

This module requires one argument in the usual Apache::Session style. The
keys ldapServer, ldapBase, ldapBindDN, ldapBindPassword are required. The key
ldapPort, ldapObjectClass, ldapAttributeId, ldapAttributeContent,
ldapAttributeIndex, and ldapRaw are optional.
Example:

 tie %s, 'Apache::Session::Browseable::LDAP', undef,
    {
        ldapServer           => 'localhost',
        ldapBase             => 'dc=example,dc=com',
        ldapBindDN           => 'cn=admin,dc=example,dc=com',
        ldapBindPassword     => 'pass',
        Index                => 'uid ipAddr',
        ldapObjectClass      => 'applicationProcess',
        ldapAttributeId      => 'cn',
        ldapAttributeContent => 'description',
        ldapAttributeIndex   => 'ou',
        ldapRaw              => '(?i:^jpegPhoto|;binary)',
    };