Annotation of loncom/html/adm/help/tex/Institutional_Integration_Authentication.tex, revision 1.2
1.1 raeburn 1: \label{Institutional_Integration_Authentication}
2: When a user is assigned an authentication type of {}``Local authentication''
3: , the perl module /home/httpd/lib/perl/localauth.pm will be used to
4: evaluate the user's credentials. The documentation included in the
5: stub provided with a LON-CAPA installation describes the basic operation
6: of localauth.pm
7:
8: The localauth routine receives four arguments (in the order: two required,
9: one optrional, another required).
10:
11: \begin{enumerate}
12: \item the username the user types in.
13: \item the password the user typed in.
14: \item optional information stored when the authentication mechanism was
15: specified for the user ({}``Local authentication with argument: ....{}``)
16: \item the domain the user typed in.
17: \end{enumerate}
18: The routine will return 1 if the user is authenticated and 0 otherwise,
19: and it can optionally return a negative value for an error condition.
20: This negative value will be logged along with the username used in
21: the failed authentication which resulted in the error condition.
22:
23: A common use of localauth.pm is to connect with an LDAP service.
24:
25: \begin{quotation}
26: \texttt{package localauth;}
27:
28: \texttt{use strict;}
29:
30: \texttt{use Net::LDAP;}
31:
32: \texttt{use Net::LDAPS;}
33:
34: \texttt{sub localauth \{}
35: \begin{quotation}
36: \texttt{my (\$username,\$password) = @\_;}
37:
1.2 ! raeburn 38: \texttt{my \$ldap\_host\_name = `'; \# insert the host name of your
1.1 raeburn 39: ldap server, e.g., ldap.msu.edu}
40:
1.2 ! raeburn 41: \texttt{my \$ldap\_ca\_file\_name = `'; \# insert the ldap certificate
1.1 raeburn 42: filename - include absolute path}
43:
44: \texttt{\# certificate is required if you wish to encrypt the password.}
45:
46: \texttt{\# e.g., /home/http/perl/lib/local/ldap.certificate}
47:
1.2 ! raeburn 48: \texttt{my \$ldap\_search\_base = `'; \# ldap search base, this might
! 49: be set to `o=msu.edu'.}
1.1 raeburn 50:
51: \texttt{my \$ldap = Net::LDAPS->new(}
52: \begin{quotation}
53: \texttt{\$ldap\_host\_name, }
54:
1.2 ! raeburn 55: \texttt{verify => `require', \# `require' -> a certificate is needed,
! 56: -> `none' if no certificate used}
1.1 raeburn 57:
58: \texttt{cafile => \$ldap\_ca\_file\_name,}
59: \end{quotation}
60: \texttt{);}
61:
62: \texttt{if (!(defined(\$ldap))) \{}
63: \begin{quotation}
64: \texttt{return (0);}
65: \end{quotation}
66: \texttt{\}}
67:
68: \texttt{\$ldap->bind;}
69:
1.2 ! raeburn 70: \texttt{my \$search\_string = `(uid=``.\$username.'')';}
1.1 raeburn 71:
72: \texttt{my \$mesg = \$ldap->search (}
73: \begin{quotation}
74: \texttt{base => \$ldap\_search\_base,}
75:
76: \texttt{filter => \$search\_string,}
77:
1.2 ! raeburn 78: \texttt{attrs => {[}`dn'] ,}
1.1 raeburn 79: \end{quotation}
80: \texttt{);}
81:
82: \texttt{if (\$mesg->code) \{}
83: \begin{quotation}
84: \texttt{\$ldap->unbind;}
85:
86: \texttt{\$ldap->disconnect;}
87:
88: \texttt{return (0);}
89: \end{quotation}
90: \texttt{\}}
91:
92: \texttt{my @entries = \$mesg->all\_entries;}
93:
94: \texttt{if (@entries > 0) \{}
95: \begin{quotation}
96: \texttt{\$ldap->unbind;}
97:
98: \texttt{\$ldap->disconnect;}
99:
100: \texttt{return (0);}
101: \end{quotation}
102: \texttt{\}}
103:
104: \texttt{\$mesg = \$ldap->bind (}
105: \begin{quotation}
106: \texttt{dn => \$entries{[}0]->dn,}
107:
108: \texttt{password => \$password,}
109: \end{quotation}
110: \texttt{);}
111:
112: \texttt{\$ldap->unbind;}
113:
114: \texttt{\$ldap->disconnect;}
115:
116: \texttt{if (\$mesg->code) \{}
117: \begin{quotation}
118: \texttt{return (0)}
119: \end{quotation}
120: \texttt{\}}
121:
122: \texttt{return (1);}
123: \end{quotation}
124: \texttt{\}}
125:
126: \texttt{1;}
127: \end{quotation}
128:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>