[LON-CAPA-admin] ldap authentication
Craig Wiegert
wiegert at physast.uga.edu
Fri May 28 00:22:12 EDT 2010
Lars,
As an example, this is what we use at UGA for LDAP authentication,
based on some code I gleaned from our central IT folks along with a
fair amount of trial and error.
Cheers,
- Craig
# ----START LOCAL CHANGES HERE ----- DON'T DELETE THIS LINE
use Net::LDAP;
use Net::LDAPS;
sub localauth {
my ($username,$password,$optional_argument,$domain) = @_;
my $ldap_host_name = 'eds.uga.edu';
my $ldap_ca_file_name = '/usr/share/ssl/cert.pem';
my $ldap_dn = "cn=$username,ou=users,o=uga";
my $ldap = Net::LDAPS->new($ldap_host_name,
verify => 'require', # certificate needed
cafile => $ldap_ca_file_name,
);
if (not defined $ldap) {
return -3;
}
# Bind with password
# This should be enough to authenticate user
my $mesg = $ldap->bind($ldap_dn,
password => $password);
if ($mesg->code) {
$ldap->unbind;
$ldap->disconnect;
return -2;
}
# But let's search for the ugaAuthCheck attribute too
$mesg = $ldap->search(base => $ldap_dn,
filter => '(objectClass=*)',
attrs => ['ugaAuthCheck'],
);
$ldap->unbind;
$ldap->disconnect;
if ($mesg->count < 1) {
return -1;
}
return 1;
}
# ----END LOCAL CHANGES HERE ----- DON'T DELETE THIS LINE
On Thu, 27 May 2010 16:05:08 -0700
Lars Jensen <ljensen at mail.tmcc.edu> wrote:
> Hi Stuart,
>
> Is there a sample file available that shows the configuration? I'm not
> sure how to do this. We don't allow anonymous ldap authentication.
> Where does the bind user and password go?
>
> Thanks,
> Lars.
>
> On Tue, Aug 11, 2009 at 9:30 AM, Stuart Raeburn <raeburn at msu.edu>
> wrote:
> > Lars,
>
> <snippage>
>
> _______________________________________________
> LON-CAPA-admin mailing list
> LON-CAPA-admin at mail.lon-capa.org
> http://mail.lon-capa.org/mailman/listinfo/lon-capa-admin
>
More information about the LON-CAPA-admin
mailing list