import version 0.010.01

author: Edward Rudd 2010-02-15 12:25:06 -0500
committer: Edward Rudd 2010-02-15 12:26:17 -0500
commit: 20fd1b9f6f15f7864620ff91ff1eb257ad5ccb5a (patch)
tree: 8fac6793e5dec7630e056dc69b23da1f17ae84c0 /lib/DJabberd/Authen/LDAP.pm
1 files changed, 171 insertions, 0 deletions
diff --git a/lib/DJabberd/Authen/LDAP.pm b/lib/DJabberd/Authen/LDAP.pm
new file mode 100644
index 0000000..9808fa8
--- /dev/null
+++ b/lib/DJabberd/Authen/LDAP.pm
@@ -0,0 +1,171 @@
+package DJabberd::Authen::LDAP;
+use warnings;
+use strict;
+use base 'DJabberd::Authen';
+use DJabberd::Log;
+our $logger = DJabberd::Log->get_logger;
+use Net::LDAP;
+sub log {
+    $logger;
+}
+=head1 NAME
+DJabberd::Authen::LDAP - An LDAP authentication module for DJabberd
+=head1 VERSION
+Version 0.01
+=cut
+our $VERSION = '0.01';
+=head1 SYNOPSIS
+    <VHost mydomain.com>
+        [...]
+        <Plugin DJabberd::Authen::LDAP>
+            LDAPURI             ldap://localhost/
+            LDAPBindDN          cn=reader
+            LDAPBindPW          pass
+            LDAPBaseDN          ou=people
+            LDAPFilter          (&(inetAuthorizedServices=jabber)(uid=%u))
+            LDAPMethod          rebind
+        </Plugin>
+    </VHost>
+LDAPURI , LDAPBaseDN, and LDAPFilter are required
+Everything else is optional.
+The Only LDAPMethod supported at the moment is rebind which performs a bind as LDAPBindDN
+ or does anonymous bind, then searches for the user using LDAPFilter and then will rebind
+ as the found DN to verify the password.
+LDAPFilter is an LDAP filter with a %u that will be substituted with the incoming userid
+=head1 AUTHOR
+Edward Rudd, C<< <urkle at outoforder.cc> >>
+=cut
+sub set_config_ldapuri {
+    my ($self, $ldapuri) = @_;
+    if ( $ldapuri =~ /((?:ldap[si]?\:\/\/)?[\w\.%\d]+\/?)/ ) {
+        $self->{'ldap_uri'} = $ldapuri;
+    }
+}
+sub set_config_ldapbinddn {
+    my ($self, $ldapbinddn) = @_;
+    $self->{'ldap_binddn'} = $ldapbinddn;
+}
+sub set_config_ldapbindpw {
+    my ($self, $ldapbindpw) = @_;
+    $self->{'ldap_bindpw'} = $ldapbindpw;
+}
+sub set_config_ldapbasedn {
+    my ($self, $ldapbasedn) = @_;
+    $self->{'ldap_basedn'} = $ldapbasedn;
+}
+sub set_config_ldapfilter {
+    my ($self, $ldapfilter) = @_;
+    $self->{'ldap_filter'} = $ldapfilter;
+}
+sub set_config_ldapmethod {
+    my ($self, $ldapmethod) = @_;
+    if ( $ldapmethod =~ /^(?:rebind)$/ ) {
+        $self->{'ldap_method'} = $ldapmethod;
+    } else {
+        $self->{'ldap_method'} = 'unknown';
+    }
+}
+sub finalize {
+    my $self = shift;
+    $logger->error_die("Invalid LDAP URI") unless $self->{ldap_uri};
+    $logger->error_die("No LDAP BaseDN Specified") unless $self->{ldap_basedn};
+    if (not defined $self->{'ldap_method'}) { $self->{'ldap_type'} = 'rebind'; }
+    for ($self->{ldap_type}) {
+        if (/^rebind$/) {
+            # check additional required params
+            $logger->error_die("Must specify filter with userid as %u") unless $self->{ldap_filter};
+        } else {
+            $logger->error_die("Invalid LDAP Authentication Method");
+        }
+    }
+    # Initialize ldap connection
+    $self->{'ldap_conn'} = Net::LDAP->new($self->{ldap_uri})
+        or $logger->error_die("Could not connect to LDAP Server ".$self->{ldap_uri});
+}
+sub can_retrieve_cleartext { 0 }
+sub check_cleartext {
+    my ($self, $cb, %args) = @_;
+    my $username = $args{username};
+    my $password = $args{password};
+    my $conn = $args{conn};
+    unless ($username =~ /^\w+$/) {
+        $cb->reject;
+        return;
+    }
+    my $ldap = $self->{'ldap_conn'};
+    if (defined $self->{'ldap_binddn'}) {
+        if (not $ldap->bind($self->{'ldap_binddn'},
+                password=>$self->{'ldap_bindpw'})) {
+            $logger->info("Could not bind to ldap server");
+            $cb->decline;
+        }
+    } else {
+        $ldap->unbind;
+    }
+    
+    my $filter = $self->{'ldap_filter'};
+    $filter =~ s/%u/$username/;
+    $logger->info("Searching $filter on ".$self->{'ldap_basedn'});
+    my $srch = $ldap->search(
+        base=>$self->{'ldap_basedn'},
+        filter=>$filter,
+        attrs=>['dn']);
+    if ($srch->code || $srch->count != 1) {
+        $logger->info("Account $username not found.");
+        $cb->decline;
+    } else {
+        my $entry = $srch->entry(0);
+        my $DN = $entry->dn();
+        undef($entry);
+        undef($srch);
+    
+        my $res = $ldap->bind($DN,password=>$password);
+        if ($res->code == 0) {
+            $cb->accept;
+        } else {
+            $cb->reject;
+        }
+    }
+}
+=head1 COPYRIGHT & LICENSE
+Original work Copyright 2006 Alexander Karelas, Martin Atkins, Brad Fitzpatrick and Aleksandar Milanov. All rights reserved.
+Copyright 2007 Edward Rudd. All rights reserved.
+This program is free software; you can redistribute it and/or modify it
+under the same terms as Perl itself.
+=cut
+1;
author	Edward Rudd	2010-02-15 12:25:06 -0500
committer	Edward Rudd	2010-02-15 12:26:17 -0500
commit	20fd1b9f6f15f7864620ff91ff1eb257ad5ccb5a (patch)
tree	8fac6793e5dec7630e056dc69b23da1f17ae84c0 /lib/DJabberd/Authen/LDAP.pm

diff --git a/lib/DJabberd/Authen/LDAP.pm b/lib/DJabberd/Authen/LDAP.pm new file mode 100644 index 0000000..9808fa8 --- /dev/null +++ b/lib/DJabberd/Authen/LDAP.pm
@@ -0,0 +1,171 @@
	1	package DJabberd::Authen::LDAP;
	2
	3	use warnings;
	4	use strict;
	5	use base 'DJabberd::Authen';
	6
	7	use DJabberd::Log;
	8	our $logger = DJabberd::Log->get_logger;
	9	use Net::LDAP;
	10
	11	sub log {
	12	$logger;
	13	}
	14
	15	=head1 NAME
	16
	17	DJabberd::Authen::LDAP - An LDAP authentication module for DJabberd
	18
	19	=head1 VERSION
	20
	21	Version 0.01
	22	=cut
	23
	24	our $VERSION = '0.01';
	25
	26	=head1 SYNOPSIS
	27
	28	<VHost mydomain.com>
	29
	30	[...]
	31
	32	<Plugin DJabberd::Authen::LDAP>
	33	LDAPURI ldap://localhost/
	34	LDAPBindDN cn=reader
	35	LDAPBindPW pass
	36	LDAPBaseDN ou=people
	37	LDAPFilter (&(inetAuthorizedServices=jabber)(uid=%u))
	38	LDAPMethod rebind
	39	</Plugin>
	40	</VHost>
	41
	42	LDAPURI , LDAPBaseDN, and LDAPFilter are required
	43	Everything else is optional.
	44
	45	The Only LDAPMethod supported at the moment is rebind which performs a bind as LDAPBindDN
	46	or does anonymous bind, then searches for the user using LDAPFilter and then will rebind
	47	as the found DN to verify the password.
	48
	49	LDAPFilter is an LDAP filter with a %u that will be substituted with the incoming userid
	50
	51	=head1 AUTHOR
	52
	53	Edward Rudd, C<< <urkle at outoforder.cc> >>
	54
	55	=cut
	56
	57	sub set_config_ldapuri {
	58	my ($self, $ldapuri) = @_;
	59	if ( $ldapuri =~ /((?:ldap[si]?\:\/\/)?[\w\.%\d]+\/?)/ ) {
	60	$self->{'ldap_uri'} = $ldapuri;
	61	}
	62	}
	63
	64	sub set_config_ldapbinddn {
	65	my ($self, $ldapbinddn) = @_;
	66	$self->{'ldap_binddn'} = $ldapbinddn;
	67	}
	68
	69	sub set_config_ldapbindpw {
	70	my ($self, $ldapbindpw) = @_;
	71	$self->{'ldap_bindpw'} = $ldapbindpw;
	72	}
	73
	74	sub set_config_ldapbasedn {
	75	my ($self, $ldapbasedn) = @_;
	76	$self->{'ldap_basedn'} = $ldapbasedn;
	77	}
	78
	79	sub set_config_ldapfilter {
	80	my ($self, $ldapfilter) = @_;
	81	$self->{'ldap_filter'} = $ldapfilter;
	82	}
	83
	84	sub set_config_ldapmethod {
	85	my ($self, $ldapmethod) = @_;
	86	if ( $ldapmethod =~ /^(?:rebind)$/ ) {
	87	$self->{'ldap_method'} = $ldapmethod;
	88	} else {
	89	$self->{'ldap_method'} = 'unknown';
	90	}
	91	}
	92
	93	sub finalize {
	94	my $self = shift;
	95	$logger->error_die("Invalid LDAP URI") unless $self->{ldap_uri};
	96	$logger->error_die("No LDAP BaseDN Specified") unless $self->{ldap_basedn};
	97	if (not defined $self->{'ldap_method'}) { $self->{'ldap_type'} = 'rebind'; }
	98	for ($self->{ldap_type}) {
	99	if (/^rebind$/) {
	100	# check additional required params
	101	$logger->error_die("Must specify filter with userid as %u") unless $self->{ldap_filter};
	102	} else {
	103	$logger->error_die("Invalid LDAP Authentication Method");
	104	}
	105	}
	106	# Initialize ldap connection
	107	$self->{'ldap_conn'} = Net::LDAP->new($self->{ldap_uri})
	108	or $logger->error_die("Could not connect to LDAP Server ".$self->{ldap_uri});
	109	}
	110
	111	sub can_retrieve_cleartext { 0 }
	112
	113	sub check_cleartext {
	114	my ($self, $cb, %args) = @_;
	115	my $username = $args{username};
	116	my $password = $args{password};
	117	my $conn = $args{conn};
	118	unless ($username =~ /^\w+$/) {
	119	$cb->reject;
	120	return;
	121	}
	122
	123	my $ldap = $self->{'ldap_conn'};
	124
	125	if (defined $self->{'ldap_binddn'}) {
	126	if (not $ldap->bind($self->{'ldap_binddn'},
	127	password=>$self->{'ldap_bindpw'})) {
	128	$logger->info("Could not bind to ldap server");
	129	$cb->decline;
	130	}
	131	} else {
	132	$ldap->unbind;
	133	}
	134
	135	my $filter = $self->{'ldap_filter'};
	136	$filter =~ s/%u/$username/;
	137	$logger->info("Searching $filter on ".$self->{'ldap_basedn'});
	138	my $srch = $ldap->search(
	139	base=>$self->{'ldap_basedn'},
	140	filter=>$filter,
	141	attrs=>['dn']);
	142	if ($srch->code \|\| $srch->count != 1) {
	143	$logger->info("Account $username not found.");
	144	$cb->decline;
	145	} else {
	146	my $entry = $srch->entry(0);
	147	my $DN = $entry->dn();
	148	undef($entry);
	149	undef($srch);
	150
	151	my $res = $ldap->bind($DN,password=>$password);
	152
	153	if ($res->code == 0) {
	154	$cb->accept;
	155	} else {
	156	$cb->reject;
	157	}
	158	}
	159	}
	160
	161	=head1 COPYRIGHT & LICENSE
	162
	163	Original work Copyright 2006 Alexander Karelas, Martin Atkins, Brad Fitzpatrick and Aleksandar Milanov. All rights reserved.
	164	Copyright 2007 Edward Rudd. All rights reserved.
	165
	166	This program is free software; you can redistribute it and/or modify it
	167	under the same terms as Perl itself.
	168
	169	=cut
	170
	171	1;