aboutsummaryrefslogtreecommitdiffstats
path: root/lib/DJabberd/Authen/LDAP.pm
diff options
context:
space:
mode:
authorGravatar Edward Rudd 2010-02-15 12:25:06 -0500
committerGravatar Edward Rudd 2010-02-15 12:26:17 -0500
commit20fd1b9f6f15f7864620ff91ff1eb257ad5ccb5a (patch)
tree8fac6793e5dec7630e056dc69b23da1f17ae84c0 /lib/DJabberd/Authen/LDAP.pm
import version 0.010.01
Diffstat (limited to 'lib/DJabberd/Authen/LDAP.pm')
-rw-r--r--lib/DJabberd/Authen/LDAP.pm171
1 files changed, 171 insertions, 0 deletions
diff --git a/lib/DJabberd/Authen/LDAP.pm b/lib/DJabberd/Authen/LDAP.pm
new file mode 100644
index 0000000..9808fa8
--- /dev/null
+++ b/lib/DJabberd/Authen/LDAP.pm
@@ -0,0 +1,171 @@
1package DJabberd::Authen::LDAP;
2
3use warnings;
4use strict;
5use base 'DJabberd::Authen';
6
7use DJabberd::Log;
8our $logger = DJabberd::Log->get_logger;
9use Net::LDAP;
10
11sub log {
12 $logger;
13}
14
15=head1 NAME
16
17DJabberd::Authen::LDAP - An LDAP authentication module for DJabberd
18
19=head1 VERSION
20
21Version 0.01
22=cut
23
24our $VERSION = '0.01';
25
26=head1 SYNOPSIS
27
28 <VHost mydomain.com>
29
30 [...]
31
32 <Plugin DJabberd::Authen::LDAP>
33 LDAPURI ldap://localhost/
34 LDAPBindDN cn=reader
35 LDAPBindPW pass
36 LDAPBaseDN ou=people
37 LDAPFilter (&(inetAuthorizedServices=jabber)(uid=%u))
38 LDAPMethod rebind
39 </Plugin>
40 </VHost>
41
42LDAPURI , LDAPBaseDN, and LDAPFilter are required
43Everything else is optional.
44
45The Only LDAPMethod supported at the moment is rebind which performs a bind as LDAPBindDN
46 or does anonymous bind, then searches for the user using LDAPFilter and then will rebind
47 as the found DN to verify the password.
48
49LDAPFilter is an LDAP filter with a %u that will be substituted with the incoming userid
50
51=head1 AUTHOR
52
53Edward Rudd, C<< <urkle at outoforder.cc> >>
54
55=cut
56
57sub set_config_ldapuri {
58 my ($self, $ldapuri) = @_;
59 if ( $ldapuri =~ /((?:ldap[si]?\:\/\/)?[\w\.%\d]+\/?)/ ) {
60 $self->{'ldap_uri'} = $ldapuri;
61 }
62}
63
64sub set_config_ldapbinddn {
65 my ($self, $ldapbinddn) = @_;
66 $self->{'ldap_binddn'} = $ldapbinddn;
67}
68
69sub set_config_ldapbindpw {
70 my ($self, $ldapbindpw) = @_;
71 $self->{'ldap_bindpw'} = $ldapbindpw;
72}
73
74sub set_config_ldapbasedn {
75 my ($self, $ldapbasedn) = @_;
76 $self->{'ldap_basedn'} = $ldapbasedn;
77}
78
79sub set_config_ldapfilter {
80 my ($self, $ldapfilter) = @_;
81 $self->{'ldap_filter'} = $ldapfilter;
82}
83
84sub set_config_ldapmethod {
85 my ($self, $ldapmethod) = @_;
86 if ( $ldapmethod =~ /^(?:rebind)$/ ) {
87 $self->{'ldap_method'} = $ldapmethod;
88 } else {
89 $self->{'ldap_method'} = 'unknown';
90 }
91}
92
93sub finalize {
94 my $self = shift;
95 $logger->error_die("Invalid LDAP URI") unless $self->{ldap_uri};
96 $logger->error_die("No LDAP BaseDN Specified") unless $self->{ldap_basedn};
97 if (not defined $self->{'ldap_method'}) { $self->{'ldap_type'} = 'rebind'; }
98 for ($self->{ldap_type}) {
99 if (/^rebind$/) {
100 # check additional required params
101 $logger->error_die("Must specify filter with userid as %u") unless $self->{ldap_filter};
102 } else {
103 $logger->error_die("Invalid LDAP Authentication Method");
104 }
105 }
106 # Initialize ldap connection
107 $self->{'ldap_conn'} = Net::LDAP->new($self->{ldap_uri})
108 or $logger->error_die("Could not connect to LDAP Server ".$self->{ldap_uri});
109}
110
111sub can_retrieve_cleartext { 0 }
112
113sub check_cleartext {
114 my ($self, $cb, %args) = @_;
115 my $username = $args{username};
116 my $password = $args{password};
117 my $conn = $args{conn};
118 unless ($username =~ /^\w+$/) {
119 $cb->reject;
120 return;
121 }
122
123 my $ldap = $self->{'ldap_conn'};
124
125 if (defined $self->{'ldap_binddn'}) {
126 if (not $ldap->bind($self->{'ldap_binddn'},
127 password=>$self->{'ldap_bindpw'})) {
128 $logger->info("Could not bind to ldap server");
129 $cb->decline;
130 }
131 } else {
132 $ldap->unbind;
133 }
134
135 my $filter = $self->{'ldap_filter'};
136 $filter =~ s/%u/$username/;
137 $logger->info("Searching $filter on ".$self->{'ldap_basedn'});
138 my $srch = $ldap->search(
139 base=>$self->{'ldap_basedn'},
140 filter=>$filter,
141 attrs=>['dn']);
142 if ($srch->code || $srch->count != 1) {
143 $logger->info("Account $username not found.");
144 $cb->decline;
145 } else {
146 my $entry = $srch->entry(0);
147 my $DN = $entry->dn();
148 undef($entry);
149 undef($srch);
150
151 my $res = $ldap->bind($DN,password=>$password);
152
153 if ($res->code == 0) {
154 $cb->accept;
155 } else {
156 $cb->reject;
157 }
158 }
159}
160
161=head1 COPYRIGHT & LICENSE
162
163Original work Copyright 2006 Alexander Karelas, Martin Atkins, Brad Fitzpatrick and Aleksandar Milanov. All rights reserved.
164Copyright 2007 Edward Rudd. All rights reserved.
165
166This program is free software; you can redistribute it and/or modify it
167under the same terms as Perl itself.
168
169=cut
170
1711;