1 package OpenILS::Application::AuthProxy::LDAP_Auth;
4 use base 'OpenILS::Application::AuthProxy::AuthBase';
7 use OpenSRF::Utils::SettingsClient;
8 use OpenSRF::Utils::Logger qw(:logger);
10 # default config var (override in configuration xml)
14 my ( $self, $args ) = @_;
15 my $username = $args->{'username'};
16 my $password = $args->{'password'};
19 $logger->debug("User login failed: No username provided");
20 return OpenILS::Event->new( 'LOGIN_FAILED' );
23 $logger->debug("User login failed: No password provided");
24 return OpenILS::Event->new( 'LOGIN_FAILED' );
27 my $hostname_is_ldap = 0;
30 my $login_succeeded = 0;
32 my $hostname = $self->{'hostname'};
33 my $basedn = $self->{'basedn'};
34 my $authid = $self->{'authid'};
35 my $authid_pass = $self->{'password'};
36 $id_attr = $self->{'id_attr'} || $id_attr;
39 if ( $ldap = Net::LDAP->new($hostname) ) {
40 $hostname_is_ldap = 1;
41 if ( $ldap->bind( $authid, password => $authid_pass )->code == 0 ) {
43 # verify username and lookup user's DN
44 my $ldap_search = $ldap->search( base => $basedn,
45 filter => "($id_attr=$username)" );
46 if ( $ldap_search->count != 0 ) {
49 # verify password (bind check)
50 my $binddn = $ldap_search->entry(0)->dn();
51 if ( $ldap->bind( $binddn, password => $password )
59 if ( $login_succeeded ) {
60 return OpenILS::Event->new('SUCCESS');
61 } elsif ( !$hostname_is_ldap ) {
62 # TODO: custom failure events?
63 $logger->debug("User login failed: Incorrect LDAP hostname");
64 return OpenILS::Event->new( 'LOGIN_FAILED' );
65 } elsif ( !$reached_ldap ) {
66 $logger->debug("User login failed: The LDAP server is misconfigured or unavailable");
67 return OpenILS::Event->new( 'LOGIN_FAILED' );
68 } elsif ( !$user_in_ldap ) {
69 $logger->debug("User login failed: Username $username not in LDAP");
70 return OpenILS::Event->new( 'LOGIN_FAILED' );
72 $logger->debug("User login failed: Incorrect LDAP password");
73 return OpenILS::Event->new( 'LOGIN_FAILED' );