1 package SL::Auth::LDAP;
3 use English '-no_match_vars';
8 $main::lxdebug->enter_sub();
10 if (!defined eval "require Net::LDAP;") {
11 die 'The module "Net::LDAP" is not installed.';
17 $self->{auth} = shift;
21 $main::lxdebug->leave_sub();
27 $main::lxdebug->enter_sub();
30 my $cfg = $self->{auth}->{LDAP_config};
33 $main::lxdebug->leave_sub();
38 my $port = $cfg->{port} || 389;
39 $self->{ldap} = Net::LDAP->new($cfg->{host}, 'port' => $port);
42 $main::form->error($main::locale->text('The LDAP server "#1:#2" is unreachable. Please check config/authentication.pl.', $cfg->{host}, $port));
46 my $mesg = $self->{ldap}->start_tls('verify' => 'none');
47 if ($mesg->is_error()) {
48 $main::form->error($main::locale->text('The connection to the LDAP server cannot be encrypted (SSL/TLS startup failure). Please check config/authentication.pl.'));
52 if ($cfg->{bind_dn}) {
53 my $mesg = $self->{ldap}->bind($cfg->{bind_dn}, 'password' => $cfg->{bind_password});
54 if ($mesg->is_error()) {
55 $main::form->error($main::locale->text('Binding to the LDAP server as "#1" failed. Please check config/authentication.pl.', $cfg->{bind_dn}));
59 $main::lxdebug->leave_sub();
65 $main::lxdebug->enter_sub();
72 $cfg = $self->{auth}->{LDAP_config};
74 $filter = "$cfg->{filter}";
78 $login =~ s|\\|\\\\|g;
79 $login =~ s|\(|\\\(|g;
80 $login =~ s|\)|\\\)|g;
81 $login =~ s|\*|\\\*|g;
82 $login =~ s|\x00|\\00|g;
84 if ($filter =~ m|<\%login\%>|) {
85 substr($filter, $LAST_MATCH_START[0], $LAST_MATCH_END[0] - $LAST_MATCH_START[0]) = $login;
88 if ((substr($filter, 0, 1) ne '(') || (substr($filter, -1, 1) ne ')')) {
89 $filter = "($filter)";
92 $filter = "(&${filter}($cfg->{attribute}=${login}))";
95 $filter = "$cfg->{attribute}=${login}";
99 $main::lxdebug->leave_sub();
105 $main::lxdebug->enter_sub();
111 $self->{dn_cache} ||= { };
113 if ($self->{dn_cache}->{$login}) {
114 $main::lxdebug->leave_sub();
115 return $self->{dn_cache}->{$login};
118 my $cfg = $self->{auth}->{LDAP_config};
120 my $filter = $self->_get_filter($login);
122 my $mesg = $ldap->search('base' => $cfg->{base_dn}, 'scope' => 'sub', 'filter' => $filter);
124 if ($mesg->is_error() || (0 == $mesg->count())) {
125 $main::lxdebug->leave_sub();
129 my $entry = $mesg->entry(0);
130 $self->{dn_cache}->{$login} = $entry->dn();
132 $main::lxdebug->leave_sub();
134 return $self->{dn_cache}->{$login};
138 $main::lxdebug->enter_sub();
142 my $password = shift;
143 my $is_crypted = shift;
146 $main::lxdebug->leave_sub();
147 return SL::Auth::ERR_BACKEND;
150 my $ldap = $self->_connect();
153 $main::lxdebug->leave_sub();
154 return SL::Auth::ERR_BACKEND;
157 my $dn = $self->_get_user_dn($ldap, $login);
159 $main::lxdebug->message(LXDebug::DEBUG2, "LDAP authenticate: dn $dn");
162 $main::lxdebug->leave_sub();
163 return SL::Auth::ERR_BACKEND;
166 my $mesg = $ldap->bind($dn, 'password' => $password);
168 $main::lxdebug->message(LXDebug::DEBUG2, "LDAP authenticate: bind mesg " . $mesg->error());
170 $main::lxdebug->leave_sub();
172 return $mesg->is_error() ? SL::Auth::ERR_PASSWORD : SL::Auth::OK;
175 sub can_change_password {
179 sub change_password {
180 return SL::Auth::ERR_BACKEND;
184 $main::lxdebug->enter_sub();
187 my $cfg = $self->{auth}->{LDAP_config};
190 $form->error($locale->text('config/authentication.pl: Key "LDAP_config" is missing.'));
193 if (!$cfg->{host} || !$cfg->{attribute} || !$cfg->{base_dn}) {
194 $form->error($locale->text('config/authentication.pl: Missing parameters in "LDAP_config". Required parameters are "host", "attribute" and "base_dn".'));
197 $main::lxdebug->leave_sub();