2016-05-01 09:30:21 +02:00
|
|
|
package Lemonldap::NG::Portal::Auth::LDAP;
|
|
|
|
|
|
|
|
use strict;
|
|
|
|
use Mouse;
|
2016-05-22 14:22:59 +02:00
|
|
|
use Lemonldap::NG::Portal::Main::Constants
|
|
|
|
qw(PE_OK PE_LDAPCONNECTFAILED PE_PP_CHANGE_AFTER_RESET PE_PP_PASSWORD_EXPIRED);
|
2016-05-01 09:30:21 +02:00
|
|
|
|
|
|
|
our $VERSION = '2.0.0';
|
|
|
|
|
2016-05-02 12:30:23 +02:00
|
|
|
# Inheritance: UserDB::LDAP provides all needed ldap functions
|
2016-05-01 09:30:21 +02:00
|
|
|
extends
|
2017-01-15 14:18:01 +01:00
|
|
|
qw(Lemonldap::NG::Portal::Auth::_WebForm Lemonldap::NG::Portal::Lib::LDAP);
|
|
|
|
|
|
|
|
sub init {
|
|
|
|
my ($self) = @_;
|
2017-01-27 23:40:17 +01:00
|
|
|
return ( $self->Lemonldap::NG::Portal::Auth::_WebForm::init
|
|
|
|
and $self->Lemonldap::NG::Portal::Lib::LDAP::init );
|
2017-01-15 14:18:01 +01:00
|
|
|
}
|
2016-05-01 09:30:21 +02:00
|
|
|
|
2016-06-09 20:40:20 +02:00
|
|
|
# RUNNING METHODS
|
|
|
|
|
2016-05-01 09:30:21 +02:00
|
|
|
sub authenticate {
|
2016-05-04 13:38:49 +02:00
|
|
|
my ( $self, $req ) = @_;
|
2016-05-01 09:30:21 +02:00
|
|
|
unless ( $self->ldap ) {
|
|
|
|
return PE_LDAPCONNECTFAILED;
|
|
|
|
}
|
|
|
|
|
|
|
|
# Set the dn unless done before
|
|
|
|
unless ( $req->datas->{dn} ) {
|
|
|
|
if ( my $tmp = $self->getUser($req) ) {
|
2017-03-14 17:52:11 +01:00
|
|
|
$self->setSecurity($req);
|
2016-05-01 09:30:21 +02:00
|
|
|
return $tmp;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
my $res =
|
2017-01-15 09:10:16 +01:00
|
|
|
$self->userBind( $req, $req->datas->{dn},
|
|
|
|
password => $req->datas->{password} );
|
2016-05-01 09:30:21 +02:00
|
|
|
|
|
|
|
# Remember password if password reset needed
|
|
|
|
$req->datas->{oldpassword} = $self->{password}
|
2016-05-11 15:04:40 +02:00
|
|
|
if (
|
|
|
|
$res == PE_PP_CHANGE_AFTER_RESET
|
|
|
|
or ( $res == PE_PP_PASSWORD_EXPIRED
|
|
|
|
and $self->conf->{ldapAllowResetExpiredPassword} )
|
|
|
|
);
|
2016-05-01 09:30:21 +02:00
|
|
|
|
|
|
|
return $res;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
sub authLogout {
|
|
|
|
PE_OK;
|
|
|
|
}
|
|
|
|
|
2016-05-11 13:42:37 +02:00
|
|
|
# Test LDAP connection before trying to bind
|
|
|
|
sub userBind {
|
|
|
|
my $self = shift;
|
|
|
|
unless ($self->ldap
|
|
|
|
and $self->ldap->root_dse( attrs => ['supportedLDAPVersion'] ) )
|
|
|
|
{
|
|
|
|
$self->ldap( $self->newLdap );
|
|
|
|
}
|
|
|
|
return $self->ldap ? $self->ldap->userBind(@_) : undef;
|
|
|
|
}
|
|
|
|
|
2016-05-01 09:30:21 +02:00
|
|
|
1;
|