Annotation of loncom/html/adm/help/tex/Institutional_Integration_Authentication.tex, revision 1.1
1.1 ! raeburn 1: \label{Institutional_Integration_Authentication}
! 2: When a user is assigned an authentication type of {}``Local authentication''
! 3: , the perl module /home/httpd/lib/perl/localauth.pm will be used to
! 4: evaluate the user's credentials. The documentation included in the
! 5: stub provided with a LON-CAPA installation describes the basic operation
! 6: of localauth.pm
! 7:
! 8: The localauth routine receives four arguments (in the order: two required,
! 9: one optrional, another required).
! 10:
! 11: \begin{enumerate}
! 12: \item the username the user types in.
! 13: \item the password the user typed in.
! 14: \item optional information stored when the authentication mechanism was
! 15: specified for the user ({}``Local authentication with argument: ....{}``)
! 16: \item the domain the user typed in.
! 17: \end{enumerate}
! 18: The routine will return 1 if the user is authenticated and 0 otherwise,
! 19: and it can optionally return a negative value for an error condition.
! 20: This negative value will be logged along with the username used in
! 21: the failed authentication which resulted in the error condition.
! 22:
! 23: A common use of localauth.pm is to connect with an LDAP service.
! 24:
! 25: \begin{quotation}
! 26: \texttt{package localauth;}
! 27:
! 28: \texttt{use strict;}
! 29:
! 30: \texttt{use Net::LDAP;}
! 31:
! 32: \texttt{use Net::LDAPS;}
! 33:
! 34: \texttt{sub localauth \{}
! 35: \begin{quotation}
! 36: \texttt{my (\$username,\$password) = @\_;}
! 37:
! 38: \texttt{my \$ldap\_host\_name = ''; \# insert the host name of your
! 39: ldap server, e.g., ldap.msu.edu}
! 40:
! 41: \texttt{my \$ldap\_ca\_file\_name = ''; \# insert the ldap certificate
! 42: filename - include absolute path}
! 43:
! 44: \texttt{\# certificate is required if you wish to encrypt the password.}
! 45:
! 46: \texttt{\# e.g., /home/http/perl/lib/local/ldap.certificate}
! 47:
! 48: \texttt{my \$ldap\_search\_base = ''; \# ldap search base, this might
! 49: be set to 'o=msu.edu'.}
! 50:
! 51: \texttt{my \$ldap = Net::LDAPS->new(}
! 52: \begin{quotation}
! 53: \texttt{\$ldap\_host\_name, }
! 54:
! 55: \texttt{verify => 'require', \# 'require' -> a certificate is needed,
! 56: -> 'none' if no certificate used}
! 57:
! 58: \texttt{cafile => \$ldap\_ca\_file\_name,}
! 59: \end{quotation}
! 60: \texttt{);}
! 61:
! 62: \texttt{if (!(defined(\$ldap))) \{}
! 63: \begin{quotation}
! 64: \texttt{return (0);}
! 65: \end{quotation}
! 66: \texttt{\}}
! 67:
! 68: \texttt{\$ldap->bind;}
! 69:
! 70: \texttt{my \$search\_string = '(uid='.\$username.')';}
! 71:
! 72: \texttt{my \$mesg = \$ldap->search (}
! 73: \begin{quotation}
! 74: \texttt{base => \$ldap\_search\_base,}
! 75:
! 76: \texttt{filter => \$search\_string,}
! 77:
! 78: \texttt{attrs => {[}'dn'] ,}
! 79: \end{quotation}
! 80: \texttt{);}
! 81:
! 82: \texttt{if (\$mesg->code) \{}
! 83: \begin{quotation}
! 84: \texttt{\$ldap->unbind;}
! 85:
! 86: \texttt{\$ldap->disconnect;}
! 87:
! 88: \texttt{return (0);}
! 89: \end{quotation}
! 90: \texttt{\}}
! 91:
! 92: \texttt{my @entries = \$mesg->all\_entries;}
! 93:
! 94: \texttt{if (@entries > 0) \{}
! 95: \begin{quotation}
! 96: \texttt{\$ldap->unbind;}
! 97:
! 98: \texttt{\$ldap->disconnect;}
! 99:
! 100: \texttt{return (0);}
! 101: \end{quotation}
! 102: \texttt{\}}
! 103:
! 104: \texttt{\$mesg = \$ldap->bind (}
! 105: \begin{quotation}
! 106: \texttt{dn => \$entries{[}0]->dn,}
! 107:
! 108: \texttt{password => \$password,}
! 109: \end{quotation}
! 110: \texttt{);}
! 111:
! 112: \texttt{\$ldap->unbind;}
! 113:
! 114: \texttt{\$ldap->disconnect;}
! 115:
! 116: \texttt{if (\$mesg->code) \{}
! 117: \begin{quotation}
! 118: \texttt{return (0)}
! 119: \end{quotation}
! 120: \texttt{\}}
! 121:
! 122: \texttt{return (1);}
! 123: \end{quotation}
! 124: \texttt{\}}
! 125:
! 126: \texttt{1;}
! 127: \end{quotation}
! 128:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>