enhanced AccessHandler.pm to support ldap_auth_mode = 2

This commit is contained in:
hyung-hwan 2014-05-18 16:17:29 +00:00
parent 7462e271c9
commit b98b86f529

View File

@ -37,6 +37,7 @@ use APR::Base64;
use Config::Simple; use Config::Simple;
use Net::LDAP; use Net::LDAP;
use Net::LDAP qw(LDAP_SUCCESS);
use URI; use URI;
use DBI; use DBI;
use Digest::SHA1 qw (sha1_hex); use Digest::SHA1 qw (sha1_hex);
@ -60,10 +61,10 @@ sub get_config
ldap_auth_mode => $cfg->param ('ldap_auth_mode'), ldap_auth_mode => $cfg->param ('ldap_auth_mode'),
ldap_userid_format => $cfg->param ('ldap_userid_format'), ldap_userid_format => $cfg->param ('ldap_userid_format'),
ldap_password_format => $cfg->param ('ldap_password_format'), ldap_password_format => $cfg->param ('ldap_password_format'),
ldap_userid_admin_binddn => $cfg->param ('ldap_admin_binddn'), ldap_admin_binddn => $cfg->param ('ldap_admin_binddn'),
ldap_userid_admin_password => $cfg->param ('ldap_admin_password'), ldap_admin_password => $cfg->param ('ldap_admin_password'),
ldap_userid_search_base => $cfg->param ('ldap_userid_search_base'), ldap_userid_search_base => $cfg->param ('ldap_userid_search_base'),
ldap_userid_search_fitler => $cfg->param ('ldap_userid_search_filter'), ldap_userid_search_filter => $cfg->param ('ldap_userid_search_filter'),
database_hostname => $cfg->param ('database_hostname'), database_hostname => $cfg->param ('database_hostname'),
database_username => $cfg->param ('database_username'), database_username => $cfg->param ('database_username'),
@ -90,28 +91,53 @@ sub format_string
sub authenticate_ldap sub authenticate_ldap
{ {
my ($cfg, $userid, $password) = @_; my ($r, $cfg, $userid, $password) = @_;
my $binddn; my $binddn;
my $passwd; my $passwd;
# get the next line removed once you implement the second mode
if ($cfg->{ldap_auth_mode} == 2) { return -2; }
my $uri = URI->new ($cfg->{ldap_server_uri}); my $uri = URI->new ($cfg->{ldap_server_uri});
my $ldap = Net::LDAP->new ($uri->host, my $ldap = Net::LDAP->new (
$uri->host,
scheme => $uri->scheme, scheme => $uri->scheme,
port => $uri->port, port => $uri->port,
version => $cfg->{ldap_server_protocol_version} version => $cfg->{ldap_server_protocol_version}
); );
if (!defined($ldap)) if (!defined($ldap))
{ {
# error $r->log_error ('Cannot create LDAP');
return -1; return -1;
} }
if ($cfg->{ldap_auth_mode} == 2) if ($cfg->{ldap_auth_mode} == 2)
{ {
# YET TO BE WRITTEN my $f_rootdn = format_string ($cfg->{ldap_admin_binddn}, $userid, $password);
my $f_rootpw = format_string ($cfg->{ldap_admin_password}, $userid, $password);
my $f_basedn = format_string ($cfg->{ldap_userid_search_base}, $userid, $password);
my $f_filter = format_string ($cfg->{ldap_userid_search_filter}, $userid, $password);
my $res = $ldap->bind ($f_rootdn, password => $f_rootpw);
if ($res->code != LDAP_SUCCESS)
{
$r->log_error ("Cannot bind LDAP as $f_rootdn - " . $res->error());
$ldap->unbind();
return -1;
}
$res = $ldap->search (base => $f_basedn, scope => 'sub', filter => $f_filter);
if ($res->code != LDAP_SUCCESS)
{
$ldap->unbind();
return 0;
}
my $entry = $res->entry(0); # get the first entry only
if (!defined($entry))
{
$ldap->unbind();
return 0;
}
$binddn = $entry->dn ();
} }
else else
{ {
@ -120,12 +146,15 @@ sub authenticate_ldap
$passwd = format_string ($cfg->{ldap_password_format}, $userid, $password); $passwd = format_string ($cfg->{ldap_password_format}, $userid, $password);
my $res = $ldap->bind ($binddn, password => $passwd); my $res = $ldap->bind ($binddn, password => $passwd);
if ($res->code != LDAP_SUCCESS)
print $res->code; {
print "\n"; #$r->log_error ("Cannot bind LDAP as $binddn - " . $res->error());
$ldap->unbind();
return 0;
}
$ldap->unbind(); $ldap->unbind();
return ($res->code == 0)? 1: 0; return 1;
} }
sub authenticate_database sub authenticate_database
@ -263,7 +292,7 @@ sub __handler
my $auth = -3; my $auth = -3;
if ($cfg->{login_model} eq 'LdapLoginModel') if ($cfg->{login_model} eq 'LdapLoginModel')
{ {
$auth = authenticate_ldap ($cfg, $userid, $password); $auth = authenticate_ldap ($r, $cfg, $userid, $password);
} }
elsif ($cfg->{login_model} eq 'DbLoginModel') elsif ($cfg->{login_model} eq 'DbLoginModel')
{ {