LEMONLDAP::NG : complete integration of Password Policy (i18n not done)
This commit is contained in:
parent
7b4276b6d0
commit
7c3a6f3cfc
|
@ -34,7 +34,7 @@ sub authenticate {
|
|||
if ($@) {
|
||||
print STDERR "Module Net::LDAP::Control::PasswordPolicy not found in @INC\n";
|
||||
return PE_LDAPERROR;
|
||||
}
|
||||
}
|
||||
no strict 'subs';
|
||||
|
||||
# Create Control object
|
||||
|
@ -56,10 +56,17 @@ sub authenticate {
|
|||
if ( defined $resp ) {
|
||||
my $pp_error = $resp->error;
|
||||
if ( defined $pp_error ) {
|
||||
return PE_PP_ACCOUNT_LOCKED
|
||||
if ( $pp_error == 1 );
|
||||
return PE_PP_PASSWORD_EXPIRED
|
||||
if ( $pp_error == 0 );
|
||||
return [
|
||||
PE_PP_PASSWORD_EXPIRED,
|
||||
PE_PP_ACCOUNT_LOCKED,
|
||||
PE_PP_CHANGE_AFTER_RESET,
|
||||
PE_PP_PASSWORD_MOD_NOT_ALLOWED,
|
||||
PE_PP_MUST_SUPPLY_OLD_PASSWORD,
|
||||
PE_PP_INSUFFICIENT_PASSWORD_QUALITY,
|
||||
PE_PP_PASSWORD_TOO_SHORT,
|
||||
PE_PP_PASSWORD_TOO_YOUNG,
|
||||
PE_PP_PASSWORD_IN_HISTORY,
|
||||
]->[$pp_error];
|
||||
}
|
||||
else {
|
||||
return PE_BADCREDENTIALS;
|
||||
|
|
|
@ -19,23 +19,30 @@ our @ISA = qw(CGI Exporter);
|
|||
|
||||
# Constants
|
||||
use constant {
|
||||
PE_REDIRECT => -2,
|
||||
PE_DONE => -1,
|
||||
PE_OK => 0,
|
||||
PE_SESSIONEXPIRED => 1,
|
||||
PE_FORMEMPTY => 2,
|
||||
PE_WRONGMANAGERACCOUNT => 3,
|
||||
PE_USERNOTFOUND => 4,
|
||||
PE_BADCREDENTIALS => 5,
|
||||
PE_LDAPCONNECTFAILED => 6,
|
||||
PE_LDAPERROR => 7,
|
||||
PE_APACHESESSIONERROR => 8,
|
||||
PE_FIRSTACCESS => 9,
|
||||
PE_BADCERTIFICATE => 10,
|
||||
PE_PP_ACCOUNT_LOCKED => 21,
|
||||
PE_PP_PASSWORD_EXPIRED => 22,
|
||||
PE_CERTIFICATEREQUIRED => 23,
|
||||
PE_ERROR => 24,
|
||||
PE_REDIRECT => -2,
|
||||
PE_DONE => -1,
|
||||
PE_OK => 0,
|
||||
PE_SESSIONEXPIRED => 1,
|
||||
PE_FORMEMPTY => 2,
|
||||
PE_WRONGMANAGERACCOUNT => 3,
|
||||
PE_USERNOTFOUND => 4,
|
||||
PE_BADCREDENTIALS => 5,
|
||||
PE_LDAPCONNECTFAILED => 6,
|
||||
PE_LDAPERROR => 7,
|
||||
PE_APACHESESSIONERROR => 8,
|
||||
PE_FIRSTACCESS => 9,
|
||||
PE_BADCERTIFICATE => 10,
|
||||
PE_PP_ACCOUNT_LOCKED => 21,
|
||||
PE_PP_PASSWORD_EXPIRED => 22,
|
||||
PE_CERTIFICATEREQUIRED => 23,
|
||||
PE_ERROR => 24,
|
||||
PE_PP_CHANGE_AFTER_RESET => 25,
|
||||
PE_PP_PASSWORD_MOD_NOT_ALLOWED => 26,
|
||||
PE_PP_MUST_SUPPLY_OLD_PASSWORD => 27,
|
||||
PE_PP_INSUFFICIENT_PASSWORD_QUALITY => 28,
|
||||
PE_PP_PASSWORD_TOO_SHORT => 29,
|
||||
PE_PP_PASSWORD_TOO_YOUNG => 30,
|
||||
PE_PP_PASSWORD_IN_HISTORY => 31,
|
||||
};
|
||||
|
||||
# EXPORTER PARAMETERS
|
||||
|
@ -44,7 +51,10 @@ our @EXPORT =
|
|||
PE_USERNOTFOUND PE_BADCREDENTIALS PE_LDAPCONNECTFAILED PE_LDAPERROR
|
||||
PE_APACHESESSIONERROR PE_FIRSTACCESS PE_BADCERTIFICATE PE_REDIRECT
|
||||
PE_PP_ACCOUNT_LOCKED PE_PP_PASSWORD_EXPIRED PE_CERTIFICATEREQUIRED
|
||||
PE_ERROR);
|
||||
PE_ERROR PE_PP_CHANGE_AFTER_RESET PE_PP_PASSWORD_MOD_NOT_ALLOWED
|
||||
PE_PP_MUST_SUPPLY_OLD_PASSWORD PE_PP_INSUFFICIENT_PASSWORD_QUALITY
|
||||
PE_PP_PASSWORD_TOO_SHORT PE_PP_PASSWORD_TOO_YOUNG
|
||||
PE_PP_PASSWORD_IN_HISTORY);
|
||||
our %EXPORT_TAGS = ( 'all' => [ @EXPORT, 'import' ], );
|
||||
|
||||
our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
|
||||
|
@ -69,7 +79,7 @@ sub new {
|
|||
$self->{authentication} =~ s/^ldap/LDAP/;
|
||||
|
||||
# Authentication module is required and has to be in @ISA
|
||||
my $tmp = 'Lemonldap::NG::Portal::Auth' . $self->{authentication};
|
||||
my $tmp = 'Lemonldap::NG::Portal::Auth' . $self->{authentication};
|
||||
$tmp =~ s/\s.*$//;
|
||||
eval "require $tmp";
|
||||
die($@) if ($@);
|
||||
|
@ -79,7 +89,7 @@ sub new {
|
|||
# key2 = ...)
|
||||
$tmp = $self->{authentication};
|
||||
$tmp =~ s/^\w+\s*//;
|
||||
my %h = split( /\s*[=;]\s*/, $tmp) if($tmp);
|
||||
my %h = split( /\s*[=;]\s*/, $tmp ) if ($tmp);
|
||||
%$self = ( %h, %$self );
|
||||
|
||||
$self->authInit();
|
||||
|
@ -289,8 +299,8 @@ sub formateParams() {
|
|||
# it with Active Directory, overload it to use CN instead of UID.
|
||||
sub formateFilter {
|
||||
my $self = shift;
|
||||
$self->{filter} = $self->{authFilter} ||
|
||||
"(&(uid=" . $self->{user} . ")(objectClass=inetOrgPerson))";
|
||||
$self->{filter} = $self->{authFilter}
|
||||
|| "(&(uid=" . $self->{user} . ")(objectClass=inetOrgPerson))";
|
||||
PE_OK;
|
||||
}
|
||||
|
||||
|
@ -434,14 +444,15 @@ sub store {
|
|||
# 14. If all is done, we build the Lemonldap::NG cookie
|
||||
sub buildCookie {
|
||||
my $self = shift;
|
||||
push @{$self->{cookie}}, $self->cookie(
|
||||
push @{ $self->{cookie} },
|
||||
$self->cookie(
|
||||
-name => $self->{cookieName},
|
||||
-value => $self->{id},
|
||||
-domain => $self->{domain},
|
||||
-path => "/",
|
||||
-secure => $self->{securedCookie},
|
||||
@_,
|
||||
);
|
||||
);
|
||||
PE_OK;
|
||||
}
|
||||
|
||||
|
|
|
@ -27,30 +27,38 @@ sub error {
|
|||
__END__
|
||||
|
||||
# Order of the constants:
|
||||
# * PE_OK 0
|
||||
# * PE_SESSIONEXPIRED 1
|
||||
# * PE_FORMEMPTY 2
|
||||
# * PE_WRONGMANAGERACCOUNT 3
|
||||
# * PE_USERNOTFOUND 4
|
||||
# * PE_BADCREDENTIALS 5
|
||||
# * PE_LDAPCONNECTFAILED 6
|
||||
# * PE_LDAPERROR 7
|
||||
# * PE_APACHESESSIONERROR 8
|
||||
# * PE_FIRSTACCESS 9
|
||||
# * PE_BADCERTIFICATE 10
|
||||
# * PE_LA_FAILED 11
|
||||
# * PE_LA_ARTFAILED 12
|
||||
# * PE_LA_DEFEDFAILED 13
|
||||
# * PE_LA_QUERYEMPTY 14
|
||||
# * PE_LA_SOAPFAILED 15
|
||||
# * PE_LA_SLOFAILED 16
|
||||
# * PE_LA_SSOFAILED 17
|
||||
# * PE_LA_SSOINITFAILED 18
|
||||
# * PE_LA_SESSIONERROR 19
|
||||
# * PE_LA_SEPFAILED 20
|
||||
# * PE_PP_ACCOUNT_LOCKED 21
|
||||
# * PE_PP_PASSWORD_EXPIRED 22
|
||||
# * PE_CERTIFICATEREQUIRED 23
|
||||
# * PE_OK 0
|
||||
# * PE_SESSIONEXPIRED 1
|
||||
# * PE_FORMEMPTY 2
|
||||
# * PE_WRONGMANAGERACCOUNT 3
|
||||
# * PE_USERNOTFOUND 4
|
||||
# * PE_BADCREDENTIALS 5
|
||||
# * PE_LDAPCONNECTFAILED 6
|
||||
# * PE_LDAPERROR 7
|
||||
# * PE_APACHESESSIONERROR 8
|
||||
# * PE_FIRSTACCESS 9
|
||||
# * PE_BADCERTIFICATE 10
|
||||
# * PE_LA_FAILED 11
|
||||
# * PE_LA_ARTFAILED 12
|
||||
# * PE_LA_DEFEDFAILED 13
|
||||
# * PE_LA_QUERYEMPTY 14
|
||||
# * PE_LA_SOAPFAILED 15
|
||||
# * PE_LA_SLOFAILED 16
|
||||
# * PE_LA_SSOFAILED 17
|
||||
# * PE_LA_SSOINITFAILED 18
|
||||
# * PE_LA_SESSIONERROR 19
|
||||
# * PE_LA_SEPFAILED 20
|
||||
# * PE_PP_ACCOUNT_LOCKED 21
|
||||
# * PE_PP_PASSWORD_EXPIRED 22
|
||||
# * PE_CERTIFICATEREQUIRED 23
|
||||
# * PE_ERROR 24
|
||||
# * PE_PP_CHANGE_AFTER_RESET 25
|
||||
# * PE_PP_PASSWORD_MOD_NOT_ALLOWED 26
|
||||
# * PE_PP_MUST_SUPPLY_OLD_PASSWORD 27
|
||||
# * PE_PP_INSUFFICIENT_PASSWORD_QUALITY 28
|
||||
# * PE_PP_PASSWORD_TOO_SHORT 29
|
||||
# * PE_PP_PASSWORD_TOO_YOUNG 30
|
||||
# * PE_PP_PASSWORD_IN_HISTORY 31
|
||||
|
||||
# Not used in errors:
|
||||
# * PE_DONE -1
|
||||
|
|
Loading…
Reference in New Issue
Block a user