[LON-CAPA-cvs] cvs: modules /bisitz/self-enrollment localauth.pm

bisitz lon-capa-cvs-allow@mail.lon-capa.org
Fri, 29 Feb 2008 17:58:30 -0000


bisitz		Fri Feb 29 12:58:30 2008 EDT

  Added files:                 
    /modules/bisitz/self-enrollment	localauth.pm 
  Log:
  This version of localauth.pm is currently the active one which works fine with our external self-enrollment.
  Main changes to standard file:
  - Local configuration to connect local LDAP server
  - Reads personal data from LDAP server, needed for self-enrollment/auto-enrollment
  
  

Index: modules/bisitz/self-enrollment/localauth.pm
+++ modules/bisitz/self-enrollment/localauth.pm
# The LON-CAPA localauthentication mechanism
#
# LON-CAPA is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# LON-CAPA is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with LON-CAPA; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
#
# /home/httpd/html/adm/gpl.txt
#
# http://www.lon-capa.org/
#
# 8/24 Guy Albertelli
# 6/17/2003 H. K. Ng
# 2/16/2004 Ng
#
# local authentication using ldap
# To use this package, you will also need the following:
# perl-ldap-0.31.tar.gz
# which in term requires
#  Authen-SASL-2.04.tar.gz
#  Convert-ASN1-0.17.tar.gz
#  IO-Socket-SSL-0.92.tar.gz
#  Net_SSLeay.pm-1.23.tar.gz
#  XML-SAX-Base-1.02.tar.gz
#
# One of the packages may prompt you to update the openssl, so you may also
# need openssl-0.9.7b.tar.gz
#
# Above were the versions used at fsu. 
#
# To implement it on your local system, complete the variable assignment below.
#
# See notes beside each variable.
#
package localauth;
use strict;
use Net::LDAP;
use Net::LDAPS;

# ----START LOCAL CHANGES HERE ----- DON'T DELETE THIS LINE
sub localauth {
    my ($username,$password) = @_;

    open(LOG,'>>/home/www/ldap_auth.log');
    print LOG (localtime()." ".$username."\n");
    close(LOG);

    my $ldap_host_name = 'rzsdps3.fh-wolfenbuettel.de';    # insert the host name of your ldap server, e.g., ldap.fsu.edu
    my $ldap_ca_file_name = '/etc/ca.crt'; # insert the ldap certificate filename - include absolute path
                                # certificate is required if you wish to encrypt the password.
                                # e.g., /home/http/perl/lib/local/ldap.certificate
    my $ldap_search_base = 'ou=people,dc=fh-wolfenbuettel,dc=de';  # ldap search base, at fsu this is set to 'o=fsu.edu'.

    my $ldap = Net::LDAPS->new($ldap_host_name,
			       verify => 'require', # 'require' implies that a certificate is needed
                                                    # else set to 'none' if you do not wish to use a certificate
			       cafile => $ldap_ca_file_name,
			       );

    if (not defined $ldap) {
        return (0);
    } 

    $ldap->bind; # If anonymous bind will not work 
                 # we have to create a special bind account
                 # for lon capa
                 

    my $search_string = '(uid='.$username.')'; # Für TWW-Vorkurs: auch Laboraccounts zulassen!
    # my $search_string = '(&(objectclass=soniaperson)(uid='.$username.'))'; # only real persons

    my $mesg = $ldap->search (base   => $ldap_search_base,
			      filter => $search_string,
			      attrs => ['dn'] ,
                             );
    
    if ($mesg->code) {
	$ldap->unbind;
	$ldap->disconnect;
        return (0) 
    }

    my @entries = $mesg->all_entries;
    if ($#entries != 0) {
	$ldap->unbind;
	$ldap->disconnect;
        return (0) 
    }
    $mesg = $ldap->bind (dn       => $entries[0]->dn,
			 password => $password,
                        );
    
    # Read name, etc. from LDAP server for this user
    $mesg = $ldap->search (base   => $ldap_search_base,
                           filter => $search_string,
                           attrs => ['dn','uid','givenName','mail','sn','soniaStudentNumber'] ,
                          );
    # We expect one entry to be found
    if ($mesg->count != 1) {
        $ldap->unbind;
        $ldap->disconnect;
        return (0)
    };
    my $entry = $mesg->entry(0);
    my %entries;
    $entries{'uid'} = $entry->get_value('uid'); # Hochschul-Benutzeraccount
    $entries{'givenName'} = $entry->get_value('givenName'); # Vorname
    $entries{'mail'} = $entry->get_value('mail'); # E-Mail-Adresse
    $entries{'sn'} = $entry->get_value('sn'); # Nachname
    $entries{'soniaStudentNumber'} = $entry->get_value('soniaStudentNumber'); # Matrikelnummer (only filled if student!)

    $ldap->unbind;
    $ldap->disconnect;
    if ($mesg->code) {
        return (0) 
    }

    my $spacer = "&";
    my $returnvalues = $entries{'uid'}.$spacer
                      .$entries{'givenName'}.$spacer
                      .$entries{'mail'}.$spacer
                      .$entries{'sn'}.$spacer
                      .$entries{'soniaStudentNumber'};
    return (1, $returnvalues);
}
# ----END LOCAL CHANGES HERE ----- DON'T DELETE THIS LINE

1;
__END__