bind results from the CPAN

Apache2-AuthZLDAP

view release on metacpan or search on metacpan

lib/Apache2/AuthZLDAP.pm view on Meta::CPAN

    # See start_tls in Net::LDAP for more information
    # (none|optional|require)
    PerlSetVar LDAPTLSverify    none

    # Set to a directory that contains the CA certs
    PerlSetVar LDAPTLScapath    /path/to/cadir

    # Set to a file that contains the CA cert
    PerlSetVar LDAPTLScafile    /path/to/cafile.pem

    # Specifies a user/password to use for the bind
    # If LDAPuser is not specified, AuthZLDAP will attempt an anonymous bind
    PerlSetVar LDAPuser         cn=user,o=org
    PerlSetVar LDAPpassword     secret

    # Sets the LDAP search scope
    # (base|one|sub)
    # Defaults to sub
    PerlSetVar LDAPscope        sub

    # Defines the search filter
    # [uid] will be replaced by the username passed in to AuthZLDAP

lib/Apache2/AuthZLDAP.pm view on Meta::CPAN

    
    my $LDAPTLS =  lc($r->dir_config('LDAPTLS')) || "no";
    my $LDAPTLSverify = lc($r->dir_config('LDAPTLSverify'));
    my $LDAPTLScapath = $r->dir_config('LDAPTLScapath');
    my $LDAPTLScafile = $r->dir_config('LDAPTLScafile');

    if($LDAPTLS ne "yes" && $LDAPTLS ne "no"){
	$LDAPTLS="no";
    }

    ## bind
    my $LDAPuser = $r->dir_config('LDAPuser'); 
    my $LDAPpassword = $r->dir_config('LDAPpassword');

    ## baseDN and Filters
    my $LDAPbaseDN = $r->dir_config('LDAPbaseDN');
    my $LDAPscope =  lc($r->dir_config('LDAPscope'));
    my $LDAPfilter = $r->dir_config('LDAPfilter');

    if($LDAPscope ne 'base' && $LDAPscope ne 'one' && $LDAPscope ne 'sub'){
        $LDAPscope = 'sub';

lib/Apache2/AuthZLDAP.pm view on Meta::CPAN

    }
    
    if ($LDAPTLS eq 'yes') {
        $mesg = $session->start_tls(capath=>$LDAPTLScapath, cafile=>$LDAPTLScafile, verify=>$LDAPTLSverify);
	if ($mesg->code) {
             $r->log_error("Apache2::AuthZLDAP : $location, LDAP error could not start TLS : ".$mesg->error);
	}
        return Apache2::Const::HTTP_UNAUTHORIZED;
    }
    
    ## user password bind if configured else anonymous
    if (defined $LDAPuser and defined $LDAPpassword){
        $mesg = $session->bind($LDAPuser,password=>$LDAPpassword);
    }else{
        $mesg = $session->bind();
    }

    if($mesg->code){
	my $err_msg = 'LDAP error cannot bind ';
        if (defined $LDAPuser){
             $err_msg .= "as $LDAPuser";
        }else{
             $err_msg .= 'anonymously';
        }
        $r->log_error("Apache2::AuthZLDAP : $location, $err_msg : ".$mesg->error);
        return Apache2::Const::HTTP_UNAUTHORIZED; 
    }
    
    ## search performing, if there is a result, OK

lib/Apache2/AuthZLDAP.pm view on Meta::CPAN

			   base   => $LDAPbaseDN,
			   scope => $LDAPscope,
			   filter => $LDAPfilter,
			   );
    if ($mesg->code) {
         $r->log_error("Apache2::AuthZLDAP : $location, LDAP error could not search : ".$mesg->error);
	return Apache2::Const::HTTP_UNAUTHORIZED;
    }
    if ($mesg->count != 0){
	$r->log->notice("Apache2::AuthZLDAP : $user authorized to access $location");  
	$session->unbind;
	return Apache2::Const::OK;
    }else{
	$session->unbind;
	$r->log_error("Apache2::AuthZLDAP : $user not allowed to access $location");
	return Apache2::Const::HTTP_UNAUTHORIZED;
    }
}

=head1 AUTHOR

Dominique Launay, C<< <dominique.launay AT cru.fr> >>
Thanks to David Lowry, C<< <dlowry AT bju.edu> >>  for making the code more readable and improving it.

( run in 0.808 second using v1.01-cache-2.11-cpan-2398b32b56e )