From 20fd1b9f6f15f7864620ff91ff1eb257ad5ccb5a Mon Sep 17 00:00:00 2001
From: Edward Rudd
Date: Mon, 15 Feb 2010 12:25:06 -0500
Subject: import version 0.01
---
lib/DJabberd/Authen/LDAP.pm | 171 ++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 171 insertions(+)
create mode 100644 lib/DJabberd/Authen/LDAP.pm
(limited to 'lib/DJabberd')
diff --git a/lib/DJabberd/Authen/LDAP.pm b/lib/DJabberd/Authen/LDAP.pm
new file mode 100644
index 0000000..9808fa8
--- /dev/null
+++ b/lib/DJabberd/Authen/LDAP.pm
@@ -0,0 +1,171 @@
+package DJabberd::Authen::LDAP;
+
+use warnings;
+use strict;
+use base 'DJabberd::Authen';
+
+use DJabberd::Log;
+our $logger = DJabberd::Log->get_logger;
+use Net::LDAP;
+
+sub log {
+ $logger;
+}
+
+=head1 NAME
+
+DJabberd::Authen::LDAP - An LDAP authentication module for DJabberd
+
+=head1 VERSION
+
+Version 0.01
+=cut
+
+our $VERSION = '0.01';
+
+=head1 SYNOPSIS
+
+
+
+ [...]
+
+
+ LDAPURI ldap://localhost/
+ LDAPBindDN cn=reader
+ LDAPBindPW pass
+ LDAPBaseDN ou=people
+ LDAPFilter (&(inetAuthorizedServices=jabber)(uid=%u))
+ LDAPMethod rebind
+
+
+
+LDAPURI , LDAPBaseDN, and LDAPFilter are required
+Everything else is optional.
+
+The Only LDAPMethod supported at the moment is rebind which performs a bind as LDAPBindDN
+ or does anonymous bind, then searches for the user using LDAPFilter and then will rebind
+ as the found DN to verify the password.
+
+LDAPFilter is an LDAP filter with a %u that will be substituted with the incoming userid
+
+=head1 AUTHOR
+
+Edward Rudd, C<< >>
+
+=cut
+
+sub set_config_ldapuri {
+ my ($self, $ldapuri) = @_;
+ if ( $ldapuri =~ /((?:ldap[si]?\:\/\/)?[\w\.%\d]+\/?)/ ) {
+ $self->{'ldap_uri'} = $ldapuri;
+ }
+}
+
+sub set_config_ldapbinddn {
+ my ($self, $ldapbinddn) = @_;
+ $self->{'ldap_binddn'} = $ldapbinddn;
+}
+
+sub set_config_ldapbindpw {
+ my ($self, $ldapbindpw) = @_;
+ $self->{'ldap_bindpw'} = $ldapbindpw;
+}
+
+sub set_config_ldapbasedn {
+ my ($self, $ldapbasedn) = @_;
+ $self->{'ldap_basedn'} = $ldapbasedn;
+}
+
+sub set_config_ldapfilter {
+ my ($self, $ldapfilter) = @_;
+ $self->{'ldap_filter'} = $ldapfilter;
+}
+
+sub set_config_ldapmethod {
+ my ($self, $ldapmethod) = @_;
+ if ( $ldapmethod =~ /^(?:rebind)$/ ) {
+ $self->{'ldap_method'} = $ldapmethod;
+ } else {
+ $self->{'ldap_method'} = 'unknown';
+ }
+}
+
+sub finalize {
+ my $self = shift;
+ $logger->error_die("Invalid LDAP URI") unless $self->{ldap_uri};
+ $logger->error_die("No LDAP BaseDN Specified") unless $self->{ldap_basedn};
+ if (not defined $self->{'ldap_method'}) { $self->{'ldap_type'} = 'rebind'; }
+ for ($self->{ldap_type}) {
+ if (/^rebind$/) {
+ # check additional required params
+ $logger->error_die("Must specify filter with userid as %u") unless $self->{ldap_filter};
+ } else {
+ $logger->error_die("Invalid LDAP Authentication Method");
+ }
+ }
+ # Initialize ldap connection
+ $self->{'ldap_conn'} = Net::LDAP->new($self->{ldap_uri})
+ or $logger->error_die("Could not connect to LDAP Server ".$self->{ldap_uri});
+}
+
+sub can_retrieve_cleartext { 0 }
+
+sub check_cleartext {
+ my ($self, $cb, %args) = @_;
+ my $username = $args{username};
+ my $password = $args{password};
+ my $conn = $args{conn};
+ unless ($username =~ /^\w+$/) {
+ $cb->reject;
+ return;
+ }
+
+ my $ldap = $self->{'ldap_conn'};
+
+ if (defined $self->{'ldap_binddn'}) {
+ if (not $ldap->bind($self->{'ldap_binddn'},
+ password=>$self->{'ldap_bindpw'})) {
+ $logger->info("Could not bind to ldap server");
+ $cb->decline;
+ }
+ } else {
+ $ldap->unbind;
+ }
+
+ my $filter = $self->{'ldap_filter'};
+ $filter =~ s/%u/$username/;
+ $logger->info("Searching $filter on ".$self->{'ldap_basedn'});
+ my $srch = $ldap->search(
+ base=>$self->{'ldap_basedn'},
+ filter=>$filter,
+ attrs=>['dn']);
+ if ($srch->code || $srch->count != 1) {
+ $logger->info("Account $username not found.");
+ $cb->decline;
+ } else {
+ my $entry = $srch->entry(0);
+ my $DN = $entry->dn();
+ undef($entry);
+ undef($srch);
+
+ my $res = $ldap->bind($DN,password=>$password);
+
+ if ($res->code == 0) {
+ $cb->accept;
+ } else {
+ $cb->reject;
+ }
+ }
+}
+
+=head1 COPYRIGHT & LICENSE
+
+Original work Copyright 2006 Alexander Karelas, Martin Atkins, Brad Fitzpatrick and Aleksandar Milanov. All rights reserved.
+Copyright 2007 Edward Rudd. All rights reserved.
+
+This program is free software; you can redistribute it and/or modify it
+under the same terms as Perl itself.
+
+=cut
+
+1;
--
cgit