• Your recent searches
Apache-AuthNetLDAP
1 match

 view release on metacpan or  search on metacpan

AuthNetLDAP.pm  view on Meta::CPAN 

sub handler
{
   my $r = shift; 

   my ($result, $password) = $r->get_basic_auth_pw;
    return $result if $result; 
 
   # change based on version of mod_perl 
   my $user = MP2 ? $r->user : $r->connection->user;

   my $binddn = $r->dir_config('BindDN') || "";
   my $bindpwd = $r->dir_config('BindPWD') || "";
   my $basedn = $r->dir_config('BaseDN') || "";
   my $ldapserver = $r->dir_config('LDAPServer') || "localhost";
   my $ldapport = $r->dir_config('LDAPPort') || 389;
   my $uidattr = $r->dir_config('UIDAttr') || "uid";
   my $allowaltauth = $r->dir_config('AllowAlternateAuth') || "no"; 
   my $ldapfilter = $r->dir_config('LDAPFilter') || "";
   my $start_TLS = $r->dir_config('UseStartTLS') || "no";
   my $scope = $r->dir_config('SearchScope') || "sub";
   my $pwattr = $r->dir_config('AlternatePWAttribute') || "";
   my $domain = "";

AuthNetLDAP.pm  view on Meta::CPAN 

  
   my $ldap = new Net::LDAP($ldapserver, port => $ldapport);
   if (lc $start_TLS eq 'yes')
   {
       $ldap->start_tls(verify => 'none')
           or MP2 ? $r->log_error( "Unable to start_tls", $r->uri)
                  : $r->log_reason("Unable to start_tls", $r->uri);
   }

   my $mesg;
   #initial bind as user in Apache config
   if ($bindpwd ne "")
   {
       $mesg = $ldap->bind($binddn, password=>$bindpwd);
   }
   else
   {
       $mesg = $ldap->bind();
   }
  
   #each error message has an LDAP error code
   if (my $error = $mesg->code())
   {
        $r->note_basic_auth_failure;
        MP2 ? $r->log_error("user $user: LDAP Connection Failed: $error",$r->uri) : $r->log_reason("user $user: LDAP Connection Failed: $error",$r->uri);
   }

AuthNetLDAP.pm  view on Meta::CPAN 

           return MP2 ? Apache::DECLINED : Apache::Constants::DECLINED; 
        }
        else
        {
           return MP2 ? Apache::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED;
        }
       }
   }
   else
   {
       $mesg = $ldap->bind($entry->dn(),password=>$password);
   }
 
  if (my $error = $mesg->code())
  {
        $r->note_basic_auth_failure;
        MP2 ? $r->log_error("user $user: failed bind: $error",$r->uri) : $r->log_reason("user $user: failed bind: $error",$r->uri);
        return MP2 ? Apache::HTTP_UNAUTHORIZED : Apache::Constants::HTTP_UNAUTHORIZED;
   }
        my $error = $mesg->code();
        my $dn = $entry->dn();
        # MP2 ? $r->log_error("AUTHDEBUG user $dn:$password bind: $error",$r->uri) : $r->log_reason("AUTHDEBUG user $dn:$password bind: $error",$r->uri);

 	return MP2 ? Apache::OK : Apache::Constants::OK;
}
# Autoload methods go after =cut, and are processed by the autosplit program.

# Below is the stub of documentation for your module. You better edit it!

=head1 NAME

Apache::AuthNetLDAP - mod_perl module that uses the Net::LDAP module for user authentication for Apache 

=head1 SYNOPSIS

 AuthName "LDAP Test Auth"
 AuthType Basic

 #only set the next two if you need to bind as a user for searching
 #PerlSetVar BindDN "uid=user1,ou=people,o=acme.com" #optional
 #PerlSetVar BindPWD "password" #optional
 PerlSetVar BaseDN "ou=people,o=acme.com"
 PerlSetVar LDAPServer ldap.acme.com
 PerlSetVar LDAPPort 389
 #PerlSetVar UIDAttr uid
 PerlSetVar UIDAttr mail
 #PerlSetVar AlternatePWAttribute alternateAttribute
 #PerlSetVar SearchScope base | one | sub # default is sub
 #PerlSetVar LDAPFilter "(&(course=CSA)(class=A))" #optional

AuthNetLDAP.pm  view on Meta::CPAN 

This is the port the LDAP server is listening on.

=item PerlSetVar UIDAttr

The attribute used to lookup the user.

=item PerlSetVar AlternatePWAttribute

The an alternate attribute with which the $password will be tested.  
This allows you to test with another attribute, instead of just
trying to bind the userdn and password to the ldap server.

If this option is used, then a BindDN and BindPWD must be used for the
initial bind.

=item PerlSetVar AllowAlternateAuth

This attribute allows you to set an alternative method of authentication
(Basically, this allows you to mix authentication methods, if you don't have
 all users in the LDAP database). It does this by returning a DECLINE and checking 
 for the next handler, which could be another authentication, such as 
Apache-AuthenNTLM or basic authentication.

=item PerlSetVar SearchScope

AuthNetLDAP.pm  view on Meta::CPAN 

 perl Makefile.PL
 make
 make test 
 make install

Then in your httpd.conf file or .htaccess file, in either a <Directory> or <Location> section put:

 AuthName "LDAP Test Auth"
 AuthType Basic

 #only set the next two if you need to bind as a user for searching
 #PerlSetVar BindDN "uid=user1,ou=people,o=acme.com" #optional
 #PerlSetVar BindPWD "password" #optional
 PerlSetVar BaseDN "ou=people,o=acme.com"
 PerlSetVar LDAPServer ldap.acme.com
 PerlSetVar LDAPPort 389
 PerlSetVar UIDAttr uid
 PerlSetVar UseStartTLS yes # Assuming you installed IO::Socket::SSL, etc.
 
 # Set if you want base or one level scope for search:
 PerlSetVar SearchScope one # default is sub



( run in 1.034 second using v1.01-cache-2.11-cpan-2398b32b56e )