# The LON-CAPA localauthentication mechanism # # LON-CAPA is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # LON-CAPA is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with LON-CAPA; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # # /home/httpd/html/adm/gpl.txt # # http://www.lon-capa.org/ # # 8/24 Guy Albertelli # 6/17/2003 H. K. Ng # 2/16/2004 Ng # # local authentication using ldap # To use this package, you will also need the following: # perl-ldap-0.31.tar.gz # which in term requires # Authen-SASL-2.04.tar.gz # Convert-ASN1-0.17.tar.gz # IO-Socket-SSL-0.92.tar.gz # Net_SSLeay.pm-1.23.tar.gz # XML-SAX-Base-1.02.tar.gz # # One of the packages may prompt you to update the openssl, so you may also # need openssl-0.9.7b.tar.gz # # Above were the versions used at fsu. # # To implement it on your local system, complete the variable assignment below. # # See notes beside each variable. # package localauth; use strict; use Net::LDAP; use Net::LDAPS; # ----START LOCAL CHANGES HERE ----- DON'T DELETE THIS LINE sub localauth { my ($username,$password) = @_; my $ldap_host_name = ''; # insert the host name of your ldap server, e.g., ldap.fsu.edu my $ldap_ca_file_name = ''; # insert the ldap certificate filename - include absolute path # certificate is required if you wish to encrypt the password. # e.g., /home/http/perl/lib/local/ldap.certificate my $ldap_search_base = ''; # ldap search base, at fsu this is set to 'o=fsu.edu'. my $ldap = Net::LDAPS->new($ldap_host_name, verify => 'require', # 'require' implies that a certificate is needed # else set to 'none' if you do not wish to use a certificate cafile => $ldap_ca_file_name, ); if (not defined $ldap) { return (0); } $ldap->bind; my $search_string = '(acnsloginname='.$username.')'; my $mesg = $ldap->search (base => $ldap_search_base, filter => $search_string, attrs => ['dn'] , ); if ($mesg->code) { $ldap->unbind; $ldap->disconnect; return (0) } my @entries = $mesg->all_entries; if ($#entries != 0) { $ldap->unbind; $ldap->disconnect; return (0) } $mesg = $ldap->bind (dn => $entries[0]->dn, password => $password, ); $ldap->unbind; $ldap->disconnect; if ($mesg->code) { return (0) } return (1); } # ----END LOCAL CHANGES HERE ----- DON'T DELETE THIS LINE 1; __END__