[LON-CAPA-admin] ldap authentication
Lars Jensen
ljensen at mail.tmcc.edu
Fri May 28 11:41:56 EDT 2010
Hi Craig and Stuart,
Thanks for the reply. I tried to code, but it isn't working for me. I
have included two versions of localauth.pm I have tried (see below) -
none of them works, and I'm not sure where the problem lies. My guess
is it is in the $ldap->search line. I'm not exactly sure what the
filter => and the attr => lines should be. I have another system
(WeBWorK) I have successfully configured to authenticate with the same
ldap server, this one includes the following $ldap->search
configuration
$mesg = $ldap->search(base => $base, filter => "sAMAccountName=$username");
but I still can't get lon-capa to authenticate... Any obvious errors
in the configuration? Any help is greatly appreciated.
Notes:
* I installed the Net::LDAP module on the server
* I created a lon-capa user with a username equal to the one the user
has in the ldap directory and set the lon-capa authentication to
"Local Authentication with argument " (I left the argument empty).
%%%%% 1st try - localauth.pm %%%%%%%%%%%%%%%%
use Net::LDAP;
use Net::LDAPS;
sub localauth {
my ($username,$password,$optional_argument,$domain) = @_;
my $ldap_host_name = '10.16.19.10';
my $ldap_ca_file_name = ' ';
my $ldap_dn = "cn=acadjensen,ou=Service
Accounts,dc=acad,dc=tmccadmn,dc=tmcc,dc=edu";
my $ldap = Net::LDAPS->new($ldap_host_name,
verify => 'none', # certificate not needed
cafile => $ldap_ca_file_name,
);
if (not defined $ldap) {
return -3;
}
# Bind with password
# This should be enough to authenticate user
my $mesg = $ldap->bind($ldap_dn,
password => "XXXXXXXX");
if ($mesg->code) {
$ldap->unbind;
$ldap->disconnect;
return -2;
}
# But let's search for the ugaAuthCheck attribute too
$mesg = $ldap->search(base =>
"ou=Students,dc=acad,dc=tmccadmn,DC=tmcc,DC=edu",
filter => "sAMAccountName=$username",
attrs => ['dn'],
);
$ldap->unbind;
$ldap->disconnect;
if ($mesg->count < 1) {
return -1;
}
return 1;
}
# ----END LOCAL CHANGES HERE ----- DON'T DELETE THIS LINE
1;
__END__
%%%%%%%%%%% 2nd try - localauth.pm %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
use strict;
use Net::LDAP;
use Net::LDAPS;
sub localauth {
my ($username,$password) = @ ;
my $ldap_host_name = ’10.16.19.10’; # insert the host name of your
ldap server, e.g., ldap.msu.edu
my $ldap_ca_file_name = ’’; # insert the ldap certificate filename
- include absolute path
# certificate is required if you wish to encrypt the password.
# e.g., /home/http/perl/lib/local/ldap.certificate
my $ldap_dn = "cn=acadjensen,ou=Service
Accounts,dc=acad,dc=tmccadmn,dc=tmcc,dc=edu";
my $bindpassword = "XXXXXXXX";
my $ldap_search_base =
"ou=Students,DC=acad,DC=tmccadmn,DC=tmcc,DC=edu"; # ldap search base,
this might be set to ’o=msu.edu’.
my $ldap = Net::LDAPS->new(
$ldap_host_name,
verify => ’none’, # ’require’ -> a certificate is needed, ->
’none’ if no certificate used
cafile => $ldap_ca_file_name,
);
if (!(defined($ldap))) {
return (0);
}
$ldap->bind( $ldap_dn, password => $bindpassword );
my $search_string = ’(uid=’.$username.’)’;
my $mesg = $ldap->search (
base => $ldap_search_base,
filter => "sAMAccountName=.'$username.'",
attrs => [’dn’] ,
);
if ($mesg->code) {
$ldap->unbind;
$ldap->disconnect;
return (0);
}
my @entries = $mesg->all entries;
if (@entries > 0) {
$ldap->unbind;
$ldap->disconnect;
return (0);
}
$mesg = $ldap->bind (
dn => $entries[0]->dn,
password => $password,
);
$ldap->unbind;
$ldap->disconnect;
if ($mesg->code) {
return (0)
}
return (1);
}
1;
# ----END LOCAL CHANGES HERE ----- DON'T DELETE THIS LINE
1;
__END__
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
More information about the LON-CAPA-admin
mailing list