X-Git-Url: http://wagnertech.de/git?p=kivitendo-erp.git;a=blobdiff_plain;f=SL%2FAuth%2FLDAP.pm;fp=SL%2FAuth%2FLDAP.pm;h=2f651b3a7578c4a05ad9ecdc43b43f013cf4a5dc;hp=18c395e65ecd9087e7a0ffe617e3edaa7c429921;hb=53593baa211863fbf66540cf1bcc36c8fb37257f;hpb=deb4d2dbb676d7d6f69dfe7815d6e0cb09bd4a44 diff --git a/SL/Auth/LDAP.pm b/SL/Auth/LDAP.pm index 18c395e65..2f651b3a7 100644 --- a/SL/Auth/LDAP.pm +++ b/SL/Auth/LDAP.pm @@ -2,28 +2,21 @@ package SL::Auth::LDAP; use English '-no_match_vars'; -use Scalar::Util qw(weaken); use SL::Auth::Constants qw(:all); use strict; sub new { - $main::lxdebug->enter_sub(); - if (!defined eval "require Net::LDAP;") { die 'The module "Net::LDAP" is not installed.'; } - my $type = shift; - my $self = {}; - - $self->{auth} = shift; - weaken $self->{auth}; + my $type = shift; + my $self = {}; + $self->{config} = shift; bless $self, $type; - $main::lxdebug->leave_sub(); - return $self; } @@ -34,52 +27,47 @@ sub reset { } sub _connect { - $main::lxdebug->enter_sub(); - my $self = shift; - my $cfg = $self->{auth}->{LDAP_config}; - - if ($self->{ldap}) { - $main::lxdebug->leave_sub(); + my $cfg = $self->{config}; - return $self->{ldap}; - } + return $self->{ldap} if $self->{ldap}; - my $port = $cfg->{port} || 389; - $self->{ldap} = Net::LDAP->new($cfg->{host}, 'port' => $port); + my $port = $cfg->{port} || 389; + my $ldap = Net::LDAP->new($cfg->{host}, port => $port, timeout => $cfg->{timeout} || 10); - if (!$self->{ldap}) { - $main::form->error($main::locale->text('The LDAP server "#1:#2" is unreachable. Please check config/kivitendo.conf.', $cfg->{host}, $port)); + if (!$ldap) { + $::lxdebug->warn($main::locale->text('The LDAP server "#1:#2" is unreachable. Please check config/kivitendo.conf.', $cfg->{host}, $port)); + return undef; } if ($cfg->{tls}) { - my $mesg = $self->{ldap}->start_tls('verify' => 'none'); + my $mesg = $ldap->start_tls(verify => $cfg->{verify} // 'require'); if ($mesg->is_error()) { - $main::form->error($main::locale->text('The connection to the LDAP server cannot be encrypted (SSL/TLS startup failure). Please check config/kivitendo.conf.')); + $::lxdebug->warn($main::locale->text('The connection to the LDAP server cannot be encrypted (SSL/TLS startup failure). Please check config/kivitendo.conf.')); + return undef; } } if ($cfg->{bind_dn}) { - my $mesg = $self->{ldap}->bind($cfg->{bind_dn}, 'password' => $cfg->{bind_password}); + my $mesg = $ldap->bind($cfg->{bind_dn}, 'password' => $cfg->{bind_password}); if ($mesg->is_error()) { - $main::form->error($main::locale->text('Binding to the LDAP server as "#1" failed. Please check config/kivitendo.conf.', $cfg->{bind_dn})); + $::lxdebug->warn($main::locale->text('Binding to the LDAP server as "#1" failed. Please check config/kivitendo.conf.', $cfg->{bind_dn})); + return undef; } } - $main::lxdebug->leave_sub(); + $self->{ldap} = $ldap; return $self->{ldap}; } sub _get_filter { - $main::lxdebug->enter_sub(); - my $self = shift; my $login = shift; my ($cfg, $filter); - $cfg = $self->{auth}->{LDAP_config}; + $cfg = $self->{config}; $filter = "$cfg->{filter}"; $filter =~ s|^\s+||; @@ -106,79 +94,54 @@ sub _get_filter { } - $main::lxdebug->leave_sub(); - return $filter; } sub _get_user_dn { - $main::lxdebug->enter_sub(); - my $self = shift; my $ldap = shift; my $login = shift; $self->{dn_cache} ||= { }; - if ($self->{dn_cache}->{$login}) { - $main::lxdebug->leave_sub(); - return $self->{dn_cache}->{$login}; - } + return $self->{dn_cache}->{$login} if $self->{dn_cache}->{$login}; - my $cfg = $self->{auth}->{LDAP_config}; + my $cfg = $self->{config}; my $filter = $self->_get_filter($login); my $mesg = $ldap->search('base' => $cfg->{base_dn}, 'scope' => 'sub', 'filter' => $filter); - if ($mesg->is_error() || (0 == $mesg->count())) { - $main::lxdebug->leave_sub(); - return undef; - } + return undef if $mesg->is_error || !$mesg->count(); my $entry = $mesg->entry(0); $self->{dn_cache}->{$login} = $entry->dn(); - $main::lxdebug->leave_sub(); - return $self->{dn_cache}->{$login}; } sub authenticate { - $main::lxdebug->enter_sub(); - my $self = shift; my $login = shift; my $password = shift; my $is_crypted = shift; - if ($is_crypted) { - $main::lxdebug->leave_sub(); - return ERR_BACKEND; - } + return ERR_BACKEND if $is_crypted; my $ldap = $self->_connect(); - if (!$ldap) { - $main::lxdebug->leave_sub(); - return ERR_BACKEND; - } + return ERR_BACKEND if !$ldap; my $dn = $self->_get_user_dn($ldap, $login); $main::lxdebug->message(LXDebug->DEBUG2(), "LDAP authenticate: dn $dn"); - if (!$dn) { - $main::lxdebug->leave_sub(); - return ERR_BACKEND; - } + return ERR_BACKEND if !$dn; my $mesg = $ldap->bind($dn, 'password' => $password); $main::lxdebug->message(LXDebug->DEBUG2(), "LDAP authenticate: bind mesg " . $mesg->error()); - $main::lxdebug->leave_sub(); - return $mesg->is_error() ? ERR_PASSWORD : OK; } @@ -195,13 +158,11 @@ sub change_password { } sub verify_config { - $main::lxdebug->enter_sub(); - my $form = $main::form; my $locale = $main::locale; my $self = shift; - my $cfg = $self->{auth}->{LDAP_config}; + my $cfg = $self->{config}; if (!$cfg) { $form->error($locale->text('config/kivitendo.conf: Key "authentication/ldap" is missing.')); @@ -210,8 +171,6 @@ sub verify_config { if (!$cfg->{host} || !$cfg->{attribute} || !$cfg->{base_dn}) { $form->error($locale->text('config/kivitendo.conf: Missing parameters in "authentication/ldap". Required parameters are "host", "attribute" and "base_dn".')); } - - $main::lxdebug->leave_sub(); } 1;