+++ /dev/null
-package OpenILS::Application::AuthProxy::LDAP_Auth_OSUL;
-use strict;
-use warnings;
-use base 'OpenILS::Application::AuthProxy::AuthBase';
-use OpenILS::Event;
-use Net::LDAP;
-use OpenSRF::Utils::SettingsClient;
-use OpenSRF::Utils::Logger qw(:logger);
-
-# default config var (override in configuration xml)
-my $id_attr = 'uid';
-
-sub authenticate {
- my ( $self, $args ) = @_;
-
- # Convert the entire user name to lowercase
- # This assumes that all of the user names in the database are lower case
- $args->{'username'} = lc($args->{'username'});
- my $username = $args->{'username'};
-
- # Authenticate against LDAP based on the user portion of the email address
- my $ldap_username = $username;
- $ldap_username =~ s/\@.*$//;
-
- my $password = $args->{'password'};
-
- if (!$username) {
- $logger->debug("User login failed: No username provided");
- return OpenILS::Event->new( 'LOGIN_FAILED' );
- }
- if (!$password) {
- $logger->debug("User login failed: No password provided");
- return OpenILS::Event->new( 'LOGIN_FAILED' );
- }
-
- my $hostname_is_ldap = 0;
- my $reached_ldap = 0;
- my $user_in_ldap = 0;
- my $login_succeeded = 0;
-
- my $hostname = $self->{'hostname'};
- my $basedn = $self->{'basedn'};
- my $authid = $self->{'authid'};
- my $authid_pass = $self->{'password'};
- $id_attr = $self->{'id_attr'} || $id_attr;
-
- my $ldap;
- if ( $ldap = Net::LDAP->new($hostname) ) {
- $hostname_is_ldap = 1;
- if ( $ldap->bind( $authid, password => $authid_pass )->code == 0 ) {
- $reached_ldap = 1;
- # verify username
- my $ldap_search = $ldap->search( base => $basedn,
- filter => "($id_attr=$ldap_username)" );
- if ( $ldap_search->count != 0 ) {
- $user_in_ldap = 1;
-
- # verify password (bind check)
- my $binddn = "$id_attr=$ldap_username,$basedn";
- if ( $ldap->bind( $binddn, password => $password )
- ->code == 0 ) {
- $login_succeeded = 1;
- }
- }
- }
- }
-
- if ( $login_succeeded ) {
- return OpenILS::Event->new('SUCCESS');
- } elsif ( !$hostname_is_ldap ) {
- # TODO: custom failure events?
- $logger->debug("User login failed: Incorrect LDAP hostname");
- return OpenILS::Event->new( 'LOGIN_FAILED' );
- } elsif ( !$reached_ldap ) {
- $logger->debug("User login failed: The LDAP server is misconfigured or unavailable");
- return OpenILS::Event->new( 'LOGIN_FAILED' );
- } elsif ( !$user_in_ldap ) {
- $logger->debug("User login failed: Username $ldap_username not in LDAP");
- return OpenILS::Event->new( 'LOGIN_FAILED' );
- } else {
- $logger->debug("User login failed: Incorrect LDAP password");
- return OpenILS::Event->new( 'LOGIN_FAILED' );
- }
-}
-
-1;
# initial log form only
return Apache2::Const::OK unless $username and $password;
- # Should we append an email hostname to the username?
- my $ou_email_host = $cgi->param('ou_email_host') || '';
-
my $auth_proxy_enabled = 0; # default false
try { # if the service is not running, just let this fail silently
$auth_proxy_enabled = $U->simplereq(
if ($bc_regex and ($username =~ /$bc_regex/)) {
$args->{barcode} = $username;
} else {
- # do we need to append an email hostname?
- if ($ou_email_host) {
- # Assume they already passed in an email address
- next if $username =~ m/\@/;
- $username .= "\@$ou_email_host";
- }
$args->{username} = $username;
}
projects / contrib / Conifer.git / commitdiff