Parent Directory
| 
Revision Log
merge with trunk
1 ################################################################################ 2 # WeBWorK Online Homework Delivery System 3 # Copyright © 2000-2007 The WeBWorK Project, http://openwebwork.sf.net/ 4 # $CVSHeader: webwork2/lib/WeBWorK/Authen/LDAP.pm,v 1.4 2007/08/13 22:59:54 sh002i Exp $ 5 # 6 # This program is free software; you can redistribute it and/or modify it under 7 # the terms of either: (a) the GNU General Public License as published by the 8 # Free Software Foundation; either version 2, or (at your option) any later 9 # version, or (b) the "Artistic License" which comes with this package. 10 # 11 # This program is distributed in the hope that it will be useful, but WITHOUT 12 # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 13 # FOR A PARTICULAR PURPOSE. See either the GNU General Public License or the 14 # Artistic License for more details. 15 ################################################################################ 16 17 package WeBWorK::Authen::LDAP; 18 use base qw/WeBWorK::Authen/; 19 20 use strict; 21 use warnings; 22 use WeBWorK::Debug; 23 use Net::LDAP qw/LDAP_INVALID_CREDENTIALS/; 24 25 sub checkPassword { 26 my ($self, $userID, $possibleClearPassword) = @_; 27 my $ce = $self->{r}->ce; 28 my $failover = $ce->{authen}{ldap_options}{failover}; 29 30 debug("LDAP module is doing the password checking.\n"); 31 32 # check against LDAP server 33 return 1 if $self->ldap_authen_uid($userID, $possibleClearPassword); 34 35 #return 0 if ($userID !~ /admin/); 36 37 # optional: fail over to superclass checkPassword 38 if ($failover) { 39 $self->write_log_entry("AUTH LDAP: authentication failed, deferring to superclass"); 40 return $self->SUPER::checkPassword($userID, $possibleClearPassword); 41 } 42 43 # fail by default 44 return 0; 45 } 46 47 sub ldap_authen_uid { 48 my ($self, $uid, $password) = @_; 49 my $ce = $self->{r}->ce; 50 my $hosts = $ce->{authen}{ldap_options}{net_ldap_hosts}; 51 my $opts = $ce->{authen}{ldap_options}{net_ldap_opts}; 52 my $base = $ce->{authen}{ldap_options}{net_ldap_base}; 53 my $searchdn = $ce->{authen}{ldap_options}{searchDN}; 54 my $bindAccount = $ce->{authen}{ldap_options}{bindAccount}; 55 my $bindpassword = $ce->{authen}{ldap_options}{bindPassword}; 56 57 58 59 # connect to LDAP server 60 my $ldap = new Net::LDAP($hosts, @$opts); 61 if (not defined $ldap) { 62 warn "AUTH LDAP: couldn't connect to any of ", join(", ", @$hosts), ".\n"; 63 return 0; 64 } 65 66 my $msg; 67 68 69 if($bindAccount){ 70 # bind with a bind USER 71 $msg = $ldap->bind( $searchdn, password => $bindpassword ); 72 if ($msg->is_error) { 73 warn "AUTH LDAP: bind error ", $msg->code, ": ", $msg->error_text, ".\n"; 74 return 0; 75 } 76 } 77 else{ 78 # bind anonymously 79 $msg = $ldap->bind; 80 if ($msg->is_error) { 81 warn "AUTH LDAP: bind error ", $msg->code, ": ", $msg->error_text, ".\n"; 82 return 0; 83 } 84 } 85 86 # look up user's DN 87 $msg = $ldap->search(base => $base, filter => "sAMAccountName=$uid"); 88 if ($msg->is_error) { 89 warn "AUTH LDAP: search error ", $msg->code, ": ", $msg->error_text, ".\n",$searchdn,"\n",$base,"\n",$uid,"\n"; 90 return 0; 91 } 92 if ($msg->count > 1) { 93 warn "AUTH LDAP: more than one result returned when searching for UID '$uid'.\n"; 94 return 0; 95 } 96 if ($msg->count == 0) { 97 $self->write_log_entry("AUTH LDAP: UID not found"); 98 return 0; 99 } 100 my $dn = $msg->shift_entry->dn; 101 if (not defined $dn) { 102 warn "AUTH LDAP: got null DN when looking up UID '$uid'.\n"; 103 return 0; 104 } 105 106 # re-bind as user. if that works, we've authenticated! 107 $msg = $ldap->bind($dn, password => $password); 108 if ($msg->code == LDAP_INVALID_CREDENTIALS) { 109 $self->write_log_entry("AUTH LDAP: server rejected password for UID."); 110 return 0; 111 } 112 if ($msg->is_error) { 113 warn "AUTH LDAP: bind error ", $msg->code, ": ", $msg->error_text, ".\n"; 114 return 0; 115 } 116 117 # it worked! we win! 118 return 1; 119 } 120 121 1;
| aubreyja at gmail dot com | ViewVC Help |
| Powered by ViewVC 1.0.9 |