dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

LDAP in progress (#595)

Browse Source
This commit is contained in:
Xavier Guimard 2016-05-11 11:42:37 +00:00
parent e6f0bfa98d
commit 3bce0abda4
3 changed files with 50 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/LDAP.pm
View File

@ -24,14 +24,12 @@ sub authenticate {
}
my $res =
$self->ldap->userBind( $req->datas->{dn},
password => $req->datas->{password} );
$self->userBind( $req->datas->{dn}, password => $req->datas->{password} );
# Remember password if password reset needed
$req->datas->{oldpassword} = $self->{password}
if ( $res == PE_PP_CHANGE_AFTER_RESET );
$self->ldap->unbind;
return $res;
}
@ -44,4 +42,15 @@ sub authForce {
PE_OK;
}
# Test LDAP connection before trying to bind
sub userBind {
my $self = shift;
unless ($self->ldap
and $self->ldap->root_dse( attrs => ['supportedLDAPVersion'] ) )
{
$self->ldap( $self->newLdap );
}
return $self->ldap ? $self->ldap->userBind(@_) : undef;
}
1;

2
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/LDAP.pm
View File

@ -9,6 +9,7 @@ use base qw(Net::LDAP);
use Lemonldap::NG::Portal::Main::Constants;
use Encode;
use Unicode::String qw(utf8);
use Scalar::Util 'weaken';
our $VERSION = '2.0.0';
our $ppLoaded = 0;
@ -66,6 +67,7 @@ sub new {
}
$self->{portal} = $portal;
$self->{conf} = $conf;
weaken $self->{portal};
# Setting default LDAP password storage encoding to utf-8
$self->{conf}->{ldapPwdEnc} ||= 'utf-8';

66
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/UserDB/LDAP.pm
View File

@ -12,36 +12,35 @@ our $VERSION = '2.0.0';
has ldap => (
is => 'rw',
lazy => 1,
builder => sub {
my $self = $_[0];
my $ldap;
builder => 'newLdap';
);
# Build object and test LDAP connexion
if (
$ldap = Lemonldap::NG::Portal::Lib::LDAP->new(
{ p => $self->{p}, conf => $self->{conf} }
)
and my $msg = $ldap->bind
)
{
if ( $msg->code != 0 ) {
$self->lmLog( "LDAP error: " . $msg->error, 'error' );
}
else {
if ( $self->{conf}->{ldapPpolicyControl}
and not $ldap->loadPP() )
{
$self->lmLog( "LDAP password policy error", 'error' );
}
}
sub newLdap {
my $self = $_[0];
my $ldap;
# Build object and test LDAP connexion
if (
$ldap = Lemonldap::NG::Portal::Lib::LDAP->new(
{ p => $self->{p}, conf => $self->{conf} }
)
and my $msg = $ldap->bind
)
{
if ( $msg->code != 0 ) {
$self->lmLog( "LDAP error: " . $msg->error, 'error' );
}
else {
$self->lmLog( "LDAP error: $@", 'error' );
if ( $self->{conf}->{ldapPpolicyControl} and not $ldap->loadPP() ) {
$self->lmLog( "LDAP password policy error", 'error' );
}
}
$ldap->unbind;
return $ldap;
}
);
else {
$self->lmLog( "LDAP error: $@", 'error' );
}
return $ldap;
}
has ldapGroupAttributeNameSearch => (
is => 'rw',
@ -101,9 +100,20 @@ sub init {
$self->ldap and $self->filter;
}
# Test LDAP connection before trying to bind
sub bind {
my $self = shift;
unless ($self->ldap
and $self->ldap->root_dse( attrs => ['supportedLDAPVersion'] ) )
{
$self->ldap( $self->newLdap );
}
return $self->ldap ? $self->ldap->bind(@_) : undef;
}
sub getUser {
my ( $self, $req ) = @_;
return PE_LDAPCONNECTFAILED unless $self->ldap and $self->ldap->bind();
return PE_LDAPCONNECTFAILED unless $self->ldap and $self->bind();
my $mesg = $self->ldap->search(
base => $self->conf->{ldapBase},
scope => 'sub',
@ -113,19 +123,16 @@ sub getUser {
);
if ( $mesg->code() != 0 ) {
$self->lmLog( 'LDAP Search error: ' . $mesg->error, 'error' );
$self->ldap->unbind;
return PE_LDAPERROR;
}
if ( $mesg->count() > 1 ) {
$self->lmLog( 'More than one entry returned by LDAP directory',
'error' );
$self->ldap->unbind;
return PE_BADCREDENTIALS;
}
unless ( $req->datas->entry( $mesg->entry(0) ) ) {
my $user = $req->{mail} || $req->{user};
$self->_sub( 'userError', "$user was not found in LDAP directory" );
$self->ldap->unbind;
return PE_BADCREDENTIALS;
}
$req->datas->{dn} = $req->datas->{entry}->dn();
@ -193,7 +200,6 @@ sub setGroups {
}
$self->{sessionInfo}->{groups} = $groups;
$self->ldap->unbind;
PE_OK;
}