LDAP in progress (#595)
This commit is contained in:
parent
e6f0bfa98d
commit
3bce0abda4
|
@ -24,14 +24,12 @@ sub authenticate {
|
|||
}
|
||||
|
||||
my $res =
|
||||
$self->ldap->userBind( $req->datas->{dn},
|
||||
password => $req->datas->{password} );
|
||||
$self->userBind( $req->datas->{dn}, password => $req->datas->{password} );
|
||||
|
||||
# Remember password if password reset needed
|
||||
$req->datas->{oldpassword} = $self->{password}
|
||||
if ( $res == PE_PP_CHANGE_AFTER_RESET );
|
||||
|
||||
$self->ldap->unbind;
|
||||
return $res;
|
||||
|
||||
}
|
||||
|
@ -44,4 +42,15 @@ sub authForce {
|
|||
PE_OK;
|
||||
}
|
||||
|
||||
# Test LDAP connection before trying to bind
|
||||
sub userBind {
|
||||
my $self = shift;
|
||||
unless ($self->ldap
|
||||
and $self->ldap->root_dse( attrs => ['supportedLDAPVersion'] ) )
|
||||
{
|
||||
$self->ldap( $self->newLdap );
|
||||
}
|
||||
return $self->ldap ? $self->ldap->userBind(@_) : undef;
|
||||
}
|
||||
|
||||
1;
|
||||
|
|
|
@ -9,6 +9,7 @@ use base qw(Net::LDAP);
|
|||
use Lemonldap::NG::Portal::Main::Constants;
|
||||
use Encode;
|
||||
use Unicode::String qw(utf8);
|
||||
use Scalar::Util 'weaken';
|
||||
|
||||
our $VERSION = '2.0.0';
|
||||
our $ppLoaded = 0;
|
||||
|
@ -66,6 +67,7 @@ sub new {
|
|||
}
|
||||
$self->{portal} = $portal;
|
||||
$self->{conf} = $conf;
|
||||
weaken $self->{portal};
|
||||
|
||||
# Setting default LDAP password storage encoding to utf-8
|
||||
$self->{conf}->{ldapPwdEnc} ||= 'utf-8';
|
||||
|
|
|
@ -12,36 +12,35 @@ our $VERSION = '2.0.0';
|
|||
has ldap => (
|
||||
is => 'rw',
|
||||
lazy => 1,
|
||||
builder => sub {
|
||||
my $self = $_[0];
|
||||
my $ldap;
|
||||
builder => 'newLdap';
|
||||
);
|
||||
|
||||
# Build object and test LDAP connexion
|
||||
if (
|
||||
$ldap = Lemonldap::NG::Portal::Lib::LDAP->new(
|
||||
{ p => $self->{p}, conf => $self->{conf} }
|
||||
)
|
||||
and my $msg = $ldap->bind
|
||||
)
|
||||
{
|
||||
if ( $msg->code != 0 ) {
|
||||
$self->lmLog( "LDAP error: " . $msg->error, 'error' );
|
||||
}
|
||||
else {
|
||||
if ( $self->{conf}->{ldapPpolicyControl}
|
||||
and not $ldap->loadPP() )
|
||||
{
|
||||
$self->lmLog( "LDAP password policy error", 'error' );
|
||||
}
|
||||
}
|
||||
sub newLdap {
|
||||
my $self = $_[0];
|
||||
my $ldap;
|
||||
|
||||
# Build object and test LDAP connexion
|
||||
if (
|
||||
$ldap = Lemonldap::NG::Portal::Lib::LDAP->new(
|
||||
{ p => $self->{p}, conf => $self->{conf} }
|
||||
)
|
||||
and my $msg = $ldap->bind
|
||||
)
|
||||
{
|
||||
if ( $msg->code != 0 ) {
|
||||
$self->lmLog( "LDAP error: " . $msg->error, 'error' );
|
||||
}
|
||||
else {
|
||||
$self->lmLog( "LDAP error: $@", 'error' );
|
||||
if ( $self->{conf}->{ldapPpolicyControl} and not $ldap->loadPP() ) {
|
||||
$self->lmLog( "LDAP password policy error", 'error' );
|
||||
}
|
||||
}
|
||||
$ldap->unbind;
|
||||
return $ldap;
|
||||
}
|
||||
);
|
||||
else {
|
||||
$self->lmLog( "LDAP error: $@", 'error' );
|
||||
}
|
||||
return $ldap;
|
||||
}
|
||||
|
||||
has ldapGroupAttributeNameSearch => (
|
||||
is => 'rw',
|
||||
|
@ -101,9 +100,20 @@ sub init {
|
|||
$self->ldap and $self->filter;
|
||||
}
|
||||
|
||||
# Test LDAP connection before trying to bind
|
||||
sub bind {
|
||||
my $self = shift;
|
||||
unless ($self->ldap
|
||||
and $self->ldap->root_dse( attrs => ['supportedLDAPVersion'] ) )
|
||||
{
|
||||
$self->ldap( $self->newLdap );
|
||||
}
|
||||
return $self->ldap ? $self->ldap->bind(@_) : undef;
|
||||
}
|
||||
|
||||
sub getUser {
|
||||
my ( $self, $req ) = @_;
|
||||
return PE_LDAPCONNECTFAILED unless $self->ldap and $self->ldap->bind();
|
||||
return PE_LDAPCONNECTFAILED unless $self->ldap and $self->bind();
|
||||
my $mesg = $self->ldap->search(
|
||||
base => $self->conf->{ldapBase},
|
||||
scope => 'sub',
|
||||
|
@ -113,19 +123,16 @@ sub getUser {
|
|||
);
|
||||
if ( $mesg->code() != 0 ) {
|
||||
$self->lmLog( 'LDAP Search error: ' . $mesg->error, 'error' );
|
||||
$self->ldap->unbind;
|
||||
return PE_LDAPERROR;
|
||||
}
|
||||
if ( $mesg->count() > 1 ) {
|
||||
$self->lmLog( 'More than one entry returned by LDAP directory',
|
||||
'error' );
|
||||
$self->ldap->unbind;
|
||||
return PE_BADCREDENTIALS;
|
||||
}
|
||||
unless ( $req->datas->entry( $mesg->entry(0) ) ) {
|
||||
my $user = $req->{mail} || $req->{user};
|
||||
$self->_sub( 'userError', "$user was not found in LDAP directory" );
|
||||
$self->ldap->unbind;
|
||||
return PE_BADCREDENTIALS;
|
||||
}
|
||||
$req->datas->{dn} = $req->datas->{entry}->dn();
|
||||
|
@ -193,7 +200,6 @@ sub setGroups {
|
|||
}
|
||||
|
||||
$self->{sessionInfo}->{groups} = $groups;
|
||||
$self->ldap->unbind;
|
||||
PE_OK;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user