2008-06-06 14:42:35 +02:00
|
|
|
package Lemonldap::NG::Portal::AuthLDAP;
|
|
|
|
|
|
|
|
use Lemonldap::NG::Portal::Simple;
|
|
|
|
|
|
|
|
our $VERSION = '0.1';
|
|
|
|
|
|
|
|
sub authInit {
|
|
|
|
}
|
|
|
|
|
|
|
|
sub extractFormInfo {
|
|
|
|
my $self = shift;
|
|
|
|
return PE_FIRSTACCESS
|
|
|
|
unless ( $self->param('user') );
|
|
|
|
return PE_FORMEMPTY
|
|
|
|
unless ( length( $self->{'user'} = $self->param('user') ) > 0
|
|
|
|
&& length( $self->{'password'} = $self->param('password') ) > 0 );
|
|
|
|
PE_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
sub setAuthSessionInfo {
|
|
|
|
PE_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
sub authenticate {
|
|
|
|
my $self = shift;
|
|
|
|
$self->unbind();
|
|
|
|
my $err;
|
|
|
|
return $err unless ( ( $err = $self->connectLDAP ) == PE_OK );
|
|
|
|
# Check if we use Ppolicy control
|
|
|
|
if ( $self->{ldapPpolicyControl} ) {
|
|
|
|
|
|
|
|
# require Perl module
|
|
|
|
eval 'require Net::LDAP::Control::PasswordPolicy';
|
2008-07-18 15:52:11 +02:00
|
|
|
if ($@) {
|
|
|
|
print STDERR "Module Net::LDAP::Control::PasswordPolicy not found in @INC\n";
|
|
|
|
return PE_LDAPERROR;
|
2008-08-08 18:19:16 +02:00
|
|
|
}
|
2008-06-06 14:42:35 +02:00
|
|
|
no strict 'subs';
|
|
|
|
|
|
|
|
# Create Control object
|
|
|
|
my $pp = Net::LDAP::Control::PasswordPolicy->new;
|
|
|
|
|
|
|
|
# Bind with user credentials
|
|
|
|
my $mesg = $self->{ldap}->bind(
|
|
|
|
$self->{dn},
|
|
|
|
password => $self->{password},
|
|
|
|
control => [$pp]
|
|
|
|
);
|
|
|
|
|
|
|
|
# Get server control response
|
2008-07-18 15:52:11 +02:00
|
|
|
my ($resp) = $mesg->control("1.3.6.1.4.1.42.2.27.8.5.1");
|
2008-06-06 14:42:35 +02:00
|
|
|
|
2008-09-18 10:34:17 +02:00
|
|
|
# Get expiration warning and graces
|
|
|
|
$self->{ppolicy}->{time_before_expiration} = $resp->time_before_expiration;
|
|
|
|
$self->{ppolicy}->{grace_authentications_remaining} = $resp->grace_authentications_remaining;
|
|
|
|
|
|
|
|
# Get bind response
|
|
|
|
return PE_OK if ( $mesg->code == 0 );
|
|
|
|
|
2008-06-06 14:42:35 +02:00
|
|
|
if ( defined $resp ) {
|
2008-09-18 10:34:17 +02:00
|
|
|
my $pp_error = $resp->pp_error;
|
2008-06-27 10:49:20 +02:00
|
|
|
if ( defined $pp_error ) {
|
2008-08-08 18:19:16 +02:00
|
|
|
return [
|
|
|
|
PE_PP_PASSWORD_EXPIRED,
|
|
|
|
PE_PP_ACCOUNT_LOCKED,
|
|
|
|
PE_PP_CHANGE_AFTER_RESET,
|
|
|
|
PE_PP_PASSWORD_MOD_NOT_ALLOWED,
|
|
|
|
PE_PP_MUST_SUPPLY_OLD_PASSWORD,
|
|
|
|
PE_PP_INSUFFICIENT_PASSWORD_QUALITY,
|
|
|
|
PE_PP_PASSWORD_TOO_SHORT,
|
|
|
|
PE_PP_PASSWORD_TOO_YOUNG,
|
|
|
|
PE_PP_PASSWORD_IN_HISTORY,
|
|
|
|
]->[$pp_error];
|
2008-06-06 14:42:35 +02:00
|
|
|
}
|
|
|
|
else {
|
|
|
|
return PE_BADCREDENTIALS;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
return PE_LDAPERROR;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
return PE_BADCREDENTIALS
|
|
|
|
unless (
|
|
|
|
$self->_bind( $self->{ldap}, $self->{dn}, $self->{password} ) );
|
|
|
|
}
|
|
|
|
$self->{sessionInfo}->{authenticationLevel} = 2;
|
|
|
|
PE_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
1;
|