dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

LEMONLDAP::NG : complete integration of Password Policy (i18n not done)

Browse Source
This commit is contained in:
Xavier Guimard 2008-08-08 16:19:16 +00:00
parent 7b4276b6d0
commit 7c3a6f3cfc
3 changed files with 79 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthLDAP.pm
View File

@ -34,7 +34,7 @@ sub authenticate {
if ($@) {
print STDERR "Module Net::LDAP::Control::PasswordPolicy not found in @INC\n";
return PE_LDAPERROR;
}
}
no strict 'subs';
# Create Control object
@ -56,10 +56,17 @@ sub authenticate {
if ( defined $resp ) {
my $pp_error = $resp->error;
if ( defined $pp_error ) {
return PE_PP_ACCOUNT_LOCKED
if ( $pp_error == 1 );
return PE_PP_PASSWORD_EXPIRED
if ( $pp_error == 0 );
return [
PE_PP_PASSWORD_EXPIRED,
PE_PP_ACCOUNT_LOCKED,
PE_PP_CHANGE_AFTER_RESET,
PE_PP_PASSWORD_MOD_NOT_ALLOWED,
PE_PP_MUST_SUPPLY_OLD_PASSWORD,
PE_PP_INSUFFICIENT_PASSWORD_QUALITY,
PE_PP_PASSWORD_TOO_SHORT,
PE_PP_PASSWORD_TOO_YOUNG,
PE_PP_PASSWORD_IN_HISTORY,
]->[$pp_error];
}
else {
return PE_BADCREDENTIALS;

59
modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm
View File

@ -19,23 +19,30 @@ our @ISA = qw(CGI Exporter);
# Constants
use constant {
PE_REDIRECT => -2,
PE_DONE => -1,
PE_OK => 0,
PE_SESSIONEXPIRED => 1,
PE_FORMEMPTY => 2,
PE_WRONGMANAGERACCOUNT => 3,
PE_USERNOTFOUND => 4,
PE_BADCREDENTIALS => 5,
PE_LDAPCONNECTFAILED => 6,
PE_LDAPERROR => 7,
PE_APACHESESSIONERROR => 8,
PE_FIRSTACCESS => 9,
PE_BADCERTIFICATE => 10,
PE_PP_ACCOUNT_LOCKED => 21,
PE_PP_PASSWORD_EXPIRED => 22,
PE_CERTIFICATEREQUIRED => 23,
PE_ERROR => 24,
PE_REDIRECT => -2,
PE_DONE => -1,
PE_OK => 0,
PE_SESSIONEXPIRED => 1,
PE_FORMEMPTY => 2,
PE_WRONGMANAGERACCOUNT => 3,
PE_USERNOTFOUND => 4,
PE_BADCREDENTIALS => 5,
PE_LDAPCONNECTFAILED => 6,
PE_LDAPERROR => 7,
PE_APACHESESSIONERROR => 8,
PE_FIRSTACCESS => 9,
PE_BADCERTIFICATE => 10,
PE_PP_ACCOUNT_LOCKED => 21,
PE_PP_PASSWORD_EXPIRED => 22,
PE_CERTIFICATEREQUIRED => 23,
PE_ERROR => 24,
PE_PP_CHANGE_AFTER_RESET => 25,
PE_PP_PASSWORD_MOD_NOT_ALLOWED => 26,
PE_PP_MUST_SUPPLY_OLD_PASSWORD => 27,
PE_PP_INSUFFICIENT_PASSWORD_QUALITY => 28,
PE_PP_PASSWORD_TOO_SHORT => 29,
PE_PP_PASSWORD_TOO_YOUNG => 30,
PE_PP_PASSWORD_IN_HISTORY => 31,
};
# EXPORTER PARAMETERS
@ -44,7 +51,10 @@ our @EXPORT =
PE_USERNOTFOUND PE_BADCREDENTIALS PE_LDAPCONNECTFAILED PE_LDAPERROR
PE_APACHESESSIONERROR PE_FIRSTACCESS PE_BADCERTIFICATE PE_REDIRECT
PE_PP_ACCOUNT_LOCKED PE_PP_PASSWORD_EXPIRED PE_CERTIFICATEREQUIRED
PE_ERROR);
PE_ERROR PE_PP_CHANGE_AFTER_RESET PE_PP_PASSWORD_MOD_NOT_ALLOWED
PE_PP_MUST_SUPPLY_OLD_PASSWORD PE_PP_INSUFFICIENT_PASSWORD_QUALITY
PE_PP_PASSWORD_TOO_SHORT PE_PP_PASSWORD_TOO_YOUNG
PE_PP_PASSWORD_IN_HISTORY);
our %EXPORT_TAGS = ( 'all' => [ @EXPORT, 'import' ], );
our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
@ -69,7 +79,7 @@ sub new {
$self->{authentication} =~ s/^ldap/LDAP/;
# Authentication module is required and has to be in @ISA
my $tmp = 'Lemonldap::NG::Portal::Auth' . $self->{authentication};
my $tmp = 'Lemonldap::NG::Portal::Auth' . $self->{authentication};
$tmp =~ s/\s.*$//;
eval "require $tmp";
die($@) if ($@);
@ -79,7 +89,7 @@ sub new {
# key2 = ...)
$tmp = $self->{authentication};
$tmp =~ s/^\w+\s*//;
my %h = split( /\s*[=;]\s*/, $tmp) if($tmp);
my %h = split( /\s*[=;]\s*/, $tmp ) if ($tmp);
%$self = ( %h, %$self );
$self->authInit();
@ -289,8 +299,8 @@ sub formateParams() {
# it with Active Directory, overload it to use CN instead of UID.
sub formateFilter {
my $self = shift;
$self->{filter} = $self->{authFilter} ||
"(&(uid=" . $self->{user} . ")(objectClass=inetOrgPerson))";
$self->{filter} = $self->{authFilter}
|| "(&(uid=" . $self->{user} . ")(objectClass=inetOrgPerson))";
PE_OK;
}
@ -434,14 +444,15 @@ sub store {
# 14. If all is done, we build the Lemonldap::NG cookie
sub buildCookie {
my $self = shift;
push @{$self->{cookie}}, $self->cookie(
push @{ $self->{cookie} },
$self->cookie(
-name => $self->{cookieName},
-value => $self->{id},
-domain => $self->{domain},
-path => "/",
-secure => $self->{securedCookie},
@_,
);
);
PE_OK;
}

56
modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_i18n.pm
View File

@ -27,30 +27,38 @@ sub error {
__END__
# Order of the constants:
# * PE_OK 0
# * PE_SESSIONEXPIRED 1
# * PE_FORMEMPTY 2
# * PE_WRONGMANAGERACCOUNT 3
# * PE_USERNOTFOUND 4
# * PE_BADCREDENTIALS 5
# * PE_LDAPCONNECTFAILED 6
# * PE_LDAPERROR 7
# * PE_APACHESESSIONERROR 8
# * PE_FIRSTACCESS 9
# * PE_BADCERTIFICATE 10
# * PE_LA_FAILED 11
# * PE_LA_ARTFAILED 12
# * PE_LA_DEFEDFAILED 13
# * PE_LA_QUERYEMPTY 14
# * PE_LA_SOAPFAILED 15
# * PE_LA_SLOFAILED 16
# * PE_LA_SSOFAILED 17
# * PE_LA_SSOINITFAILED 18
# * PE_LA_SESSIONERROR 19
# * PE_LA_SEPFAILED 20
# * PE_PP_ACCOUNT_LOCKED 21
# * PE_PP_PASSWORD_EXPIRED 22
# * PE_CERTIFICATEREQUIRED 23
# * PE_OK 0
# * PE_SESSIONEXPIRED 1
# * PE_FORMEMPTY 2
# * PE_WRONGMANAGERACCOUNT 3
# * PE_USERNOTFOUND 4
# * PE_BADCREDENTIALS 5
# * PE_LDAPCONNECTFAILED 6
# * PE_LDAPERROR 7
# * PE_APACHESESSIONERROR 8
# * PE_FIRSTACCESS 9
# * PE_BADCERTIFICATE 10
# * PE_LA_FAILED 11
# * PE_LA_ARTFAILED 12
# * PE_LA_DEFEDFAILED 13
# * PE_LA_QUERYEMPTY 14
# * PE_LA_SOAPFAILED 15
# * PE_LA_SLOFAILED 16
# * PE_LA_SSOFAILED 17
# * PE_LA_SSOINITFAILED 18
# * PE_LA_SESSIONERROR 19
# * PE_LA_SEPFAILED 20
# * PE_PP_ACCOUNT_LOCKED 21
# * PE_PP_PASSWORD_EXPIRED 22
# * PE_CERTIFICATEREQUIRED 23
# * PE_ERROR 24
# * PE_PP_CHANGE_AFTER_RESET 25
# * PE_PP_PASSWORD_MOD_NOT_ALLOWED 26
# * PE_PP_MUST_SUPPLY_OLD_PASSWORD 27
# * PE_PP_INSUFFICIENT_PASSWORD_QUALITY 28
# * PE_PP_PASSWORD_TOO_SHORT 29
# * PE_PP_PASSWORD_TOO_YOUNG 30
# * PE_PP_PASSWORD_IN_HISTORY 31
# Not used in errors:
# * PE_DONE -1