Apache2-AuthCookieLDAP
1 match

 view release on metacpan or  search on metacpan

lib/Apache2/AuthCookieLDAP.pm  view on Meta::CPAN 

    my $binddn = $self->config( $r, C_BINDDN );
    my $bindpw = $self->config( $r, C_BINDPW ) || '';

    my $ldap_handler = Net::LDAP->new($uri)
      or $self->fatal( $r, "Cannot connect to the LDAP server: $!" );
    unless ($ldap_handler) {
        $ldap_handler = NULL;
        return $ldap_handler;
    }
    if ($binddn) {    # bind with a dn/pass
        my $msg = $ldap_handler->bind( $binddn, password => $bindpw );
        $msg->code && $self->fatal( $r, $msg->error );
    }
    else {            # anonymous bind
        my $msg = $ldap_handler->bind();
        $msg->code && $self->fatal( $r, $msg->error );
    }

    return $ldap_handler;
}

lib/Apache2/AuthCookieLDAP.pm  view on Meta::CPAN 

    my $mesg = $self->ldap($r)->search(
        base   => $base,
        scope  => 'base',
        filter => $filter
    );

    return $mesg->code ? 0 : $mesg->count;
}

sub ldap_check_user {
    my ( $self, $r, $user, $password ) = @_;

    return NULL unless $self->ldap($r);

    my $base = $self->config( $r, C_BASE );
    $base =~ s/%USER%/$user/;
    my $mesg = $self->ldap($r)->bind( $base, password => $password );

    return $mesg->is_error ? 0 : 1;
}

sub rlog {
    my ( $self, $r, $msg ) = @_;

    $r->log_rerror( Apache2::Log::LOG_MARK(),
        LOG_LEVELS->{ $self->config( $r, C_DEBUG_LOGLEVEL ) },
        APR::Const::SUCCESS, ${self} . ": " . $msg );

lib/Apache2/AuthCookieLDAP.pm  view on Meta::CPAN 

        return 1;
    }

    my ( $d, $h, $m, $s ) = split '-', $lifetime;
    my $expire_time = $session_time + $d * 86400 + $h * 3600 + $m * 60 + $s;

    return $expire_time < time ? 1 : 0;
}

sub authen_cred {
    my ( $self, $r, $user, $password, @extra_data ) = @_;

    my $auth_name = $r->auth_name;
    my $remote_ip = $r->connection->remote_ip;

    unless ($user) {
        $DEBUG && $self->rlog( $r, "No username specified" );
        return;
    }

    unless ($password) {
        $DEBUG
          && $self->rlog( $r, "No password specified for user '$user'" );
        return;
    }

    unless ( $self->ldap_search( $r, $user ) ) {
        $DEBUG
          && $self->rlog( $r, "User '$user' is not found" );
        return;
    }

    unless ( $self->ldap_check_user( $r, $user, $password ) ) {
        $DEBUG
          && $self->rlog( $r, "Incorrect password for '$user'" );
        return;
    }
    else {
        $DEBUG
          && $self->rlog( $r, "Successful login for '$user' ($remote_ip)" );
    }

    my $session_data = $self->encode_string( $r, $user ) . ':' . time;

    return $self->encrypt_session( $r, $session_data );

lib/Apache2/AuthCookieLDAP.pm  view on Meta::CPAN 

        return Apache2::Const::REDIRECT;
    }
  
Apache2::AuthCookieLDAP config

    PerlSetVar MyAuth_SecretKey OGheSWkT1ixd4V0DydSarLVevF77sSibMIoUaIYuQUqp2zvZIwbS4lyWhRTFUcHE
    PerlSetVar MyAuth_SessionLifetime 00-24-00-00
    PerlSetVar MyAuth_LDAPURI ldap://127.0.0.1
    PerlSetVar MyAuth_Base uid=%USER%,ou=staff,dc=company,dc=com
    PerlSetVar MyAuth_BindDN cn=ldap,dc=company,dc=com
    PerlSetVar MyAuth_BindPW somepassword
    PerlSetVar MyAuth_Filter (uid=%USER%)

    <Directory /var/www/mysite/protected>
        AuthType Apache2::AuthCookieLDAP
        AuthName MyAuth
        PerlAuthenHandler Apache2::AuthCookieLDAP->authenticate
        PerlAuthzHandler Apache2::AuthCookieLDAP->authorize
        require valid-user
    </Directory>

lib/Apache2/AuthCookieLDAP.pm  view on Meta::CPAN 

This module acts as an authentication handler under Apache2 environment. 
It uses Apache2::AuthCookie as the base class and serves as a backend to 
provide user authentication against an LDAP server.

Make sure that you have got a reachable LDAP server and credentials to access it 
(ldapuri, base, binddn/bindpw or anonymous bind).

When there is an attempt to access a "protected" directory or location
that has 'require valid-user' option included Apache2::AuthCookieLDAP is used 
as the authentication and the authorization handler. It takes a pair of
provided username/password and tries to search the username in the LDAP directory 
(it also uses the filter MyAuth_Filter, for puropses where you want to restrict access
to the resource to only a specific group). If the user is found then it tries 
to bind with the provided username/password.  Once authorized a session key 
is generated by taking into account the provided username, authorization time 
and a hash generated by including a specific logic plus the user's IP address. 
Upon completion the session data is encrypted with the secret key (MyAuth_SecretKey) 
and the according cookie is generated by Apache2::AuthCookie.  
All the following requests to the protected resource take the cookie (if exists)
and the encrypted session key is validated (decrypted, the user is checked, 
the session time is checked for expiration and the hash is regenerated 
and compared with the provided one).
Upon success the user is authorized to access the protected resource.

lib/Apache2/AuthCookieLDAP.pm  view on Meta::CPAN 

=item C<MyAuth_BindDN> [optional]

Use the option if your LDAP does not accept anonymous bind 
for search.

Example: cn=ldap,dc=company,dc=com

=item C<MyAuth_BindPW> [optional]

If you  BindDN then you most likely want to specify
a password here to bind with.

=item C<MyAuth_Cipher> [optinal, default: 'des']

An encryption method used for the session key.

Supported methods: 'des', 'idea', 'blowfish', 'blowfish_pp'

=item C<MyAuth_Filter> [optinal, default: '(uid=%USER%)']

You can additionally check if a user belongs to a specific group or has

lib/Apache2/AuthCookieLDAP.pm  view on Meta::CPAN 


=head2 ldap($r)

Returns Net::LDAP handler or NULL if there were errors.

=head2 ldap_search($r, $user)

Performs Net::LDAP->search(base => $base, scope => 'base', filter => $filter)
and returns '1' if the specified $user is found or otherwise '0'.

=head2 ldap_check_user($r, $user, $password)

Performs Net::LDAP->bind($base, password => $password).

(%USER% is replaced by $user in $base)

=head2 rlog($r, $msg)

Logs $msg using $r->log_rerror and the current debug log level.

=head2 fatal($r, $msg)

Logs $msg using $r->log_rerror and the current error log level.

lib/Apache2/AuthCookieLDAP.pm  view on Meta::CPAN 


=head2 decrypt_session($r, $str)

Decrypts $str and returns the provided encrypted session string.

=head2 check_expire_time($r, $session_time)

Checks the provided session time (unixtime) with the current time
and returns '0' if the session time is still valid or '1' if passed.

=head2 authen_cred($r, $user, $password, @extra_data) 

This is the overridden method of Apache::AuthCookie and is used to
authenticate $user with the provided $password

Returns the encrypted session key in case of successfull authentication.

Please follow to Apache2::AuthCookie if you need more information about the method.

=head2 authen_ses_key($r, $session_key)

This is the overridden method of Apache::AuthCookie and is used to
validate the provided $session_key.



( run in 0.226 second using v1.01-cache-2.11-cpan-26ccb49234f )