use English '-no_match_vars';
-use Scalar::Util qw(weaken);
use SL::Auth::Constants qw(:all);
use strict;
sub new {
- $main::lxdebug->enter_sub();
-
if (!defined eval "require Net::LDAP;") {
die 'The module "Net::LDAP" is not installed.';
}
- my $type = shift;
- my $self = {};
-
- $self->{auth} = shift;
- weaken $self->{auth};
+ my $type = shift;
+ my $self = {};
+ $self->{config} = shift;
bless $self, $type;
- $main::lxdebug->leave_sub();
-
return $self;
}
}
sub _connect {
- $main::lxdebug->enter_sub();
-
my $self = shift;
- my $cfg = $self->{auth}->{LDAP_config};
-
- if ($self->{ldap}) {
- $main::lxdebug->leave_sub();
+ my $cfg = $self->{config};
- return $self->{ldap};
- }
+ return $self->{ldap} if $self->{ldap};
- my $port = $cfg->{port} || 389;
- $self->{ldap} = Net::LDAP->new($cfg->{host}, 'port' => $port);
+ my $port = $cfg->{port} || 389;
+ my $ldap = Net::LDAP->new($cfg->{host}, port => $port, timeout => $cfg->{timeout} || 10);
- if (!$self->{ldap}) {
- $main::form->error($main::locale->text('The LDAP server "#1:#2" is unreachable. Please check config/kivitendo.conf.', $cfg->{host}, $port));
+ if (!$ldap) {
+ $::lxdebug->warn($main::locale->text('The LDAP server "#1:#2" is unreachable. Please check config/kivitendo.conf.', $cfg->{host}, $port));
+ return undef;
}
if ($cfg->{tls}) {
- my $mesg = $self->{ldap}->start_tls('verify' => 'none');
+ my $mesg = $ldap->start_tls(verify => $cfg->{verify} // 'require');
if ($mesg->is_error()) {
- $main::form->error($main::locale->text('The connection to the LDAP server cannot be encrypted (SSL/TLS startup failure). Please check config/kivitendo.conf.'));
+ $::lxdebug->warn($main::locale->text('The connection to the LDAP server cannot be encrypted (SSL/TLS startup failure). Please check config/kivitendo.conf.'));
+ return undef;
}
}
if ($cfg->{bind_dn}) {
- my $mesg = $self->{ldap}->bind($cfg->{bind_dn}, 'password' => $cfg->{bind_password});
+ my $mesg = $ldap->bind($cfg->{bind_dn}, 'password' => $cfg->{bind_password});
if ($mesg->is_error()) {
- $main::form->error($main::locale->text('Binding to the LDAP server as "#1" failed. Please check config/kivitendo.conf.', $cfg->{bind_dn}));
+ $::lxdebug->warn($main::locale->text('Binding to the LDAP server as "#1" failed. Please check config/kivitendo.conf.', $cfg->{bind_dn}));
+ return undef;
}
}
- $main::lxdebug->leave_sub();
+ $self->{ldap} = $ldap;
return $self->{ldap};
}
sub _get_filter {
- $main::lxdebug->enter_sub();
-
my $self = shift;
my $login = shift;
my ($cfg, $filter);
- $cfg = $self->{auth}->{LDAP_config};
+ $cfg = $self->{config};
$filter = "$cfg->{filter}";
$filter =~ s|^\s+||;
}
- $main::lxdebug->leave_sub();
-
return $filter;
}
sub _get_user_dn {
- $main::lxdebug->enter_sub();
-
my $self = shift;
my $ldap = shift;
my $login = shift;
$self->{dn_cache} ||= { };
- if ($self->{dn_cache}->{$login}) {
- $main::lxdebug->leave_sub();
- return $self->{dn_cache}->{$login};
- }
+ return $self->{dn_cache}->{$login} if $self->{dn_cache}->{$login};
- my $cfg = $self->{auth}->{LDAP_config};
+ my $cfg = $self->{config};
my $filter = $self->_get_filter($login);
my $mesg = $ldap->search('base' => $cfg->{base_dn}, 'scope' => 'sub', 'filter' => $filter);
- if ($mesg->is_error() || (0 == $mesg->count())) {
- $main::lxdebug->leave_sub();
- return undef;
- }
+ return undef if $mesg->is_error || !$mesg->count();
my $entry = $mesg->entry(0);
$self->{dn_cache}->{$login} = $entry->dn();
- $main::lxdebug->leave_sub();
-
return $self->{dn_cache}->{$login};
}
sub authenticate {
- $main::lxdebug->enter_sub();
-
my $self = shift;
my $login = shift;
my $password = shift;
my $is_crypted = shift;
- if ($is_crypted) {
- $main::lxdebug->leave_sub();
- return ERR_BACKEND;
- }
+ return ERR_BACKEND if $is_crypted;
my $ldap = $self->_connect();
- if (!$ldap) {
- $main::lxdebug->leave_sub();
- return ERR_BACKEND;
- }
+ return ERR_BACKEND if !$ldap;
my $dn = $self->_get_user_dn($ldap, $login);
$main::lxdebug->message(LXDebug->DEBUG2(), "LDAP authenticate: dn $dn");
- if (!$dn) {
- $main::lxdebug->leave_sub();
- return ERR_BACKEND;
- }
+ return ERR_BACKEND if !$dn;
my $mesg = $ldap->bind($dn, 'password' => $password);
$main::lxdebug->message(LXDebug->DEBUG2(), "LDAP authenticate: bind mesg " . $mesg->error());
- $main::lxdebug->leave_sub();
-
return $mesg->is_error() ? ERR_PASSWORD : OK;
}
}
sub verify_config {
- $main::lxdebug->enter_sub();
-
my $form = $main::form;
my $locale = $main::locale;
my $self = shift;
- my $cfg = $self->{auth}->{LDAP_config};
+ my $cfg = $self->{config};
if (!$cfg) {
$form->error($locale->text('config/kivitendo.conf: Key "authentication/ldap" is missing.'));
if (!$cfg->{host} || !$cfg->{attribute} || !$cfg->{base_dn}) {
$form->error($locale->text('config/kivitendo.conf: Missing parameters in "authentication/ldap". Required parameters are "host", "attribute" and "base_dn".'));
}
-
- $main::lxdebug->leave_sub();
}
1;
projects / kivitendo-erp.git / blobdiff