[BACK]Return to Institutional_Integration_Authentication.tex CVS log [TXT] [DIR] Up to [LON-CAPA] / loncom / html / adm / help / tex
File:  [LON-CAPA] / loncom / html / adm / help / tex / Institutional_Integration_Authentication.tex
Revision 1.1: download - view: text, annotated - select for diffs
Tue Jul 29 17:35:12 2008 UTC (15 years, 11 months ago) by raeburn
Branches: MAIN
CVS tags: version_2_9_X, version_2_9_99_0, version_2_9_1, version_2_9_0, version_2_8_X, version_2_8_99_1, version_2_8_99_0, version_2_8_2, version_2_8_1, version_2_8_0, version_2_7_X, version_2_7_99_1, version_2_7_99_0, version_2_7_1, version_2_7_0, version_2_6_99_1, version_2_11_1, version_2_11_0_RC3, version_2_11_0_RC2, version_2_11_0_RC1, version_2_11_0, version_2_10_X, version_2_10_1, version_2_10_0_RC2, version_2_10_0_RC1, version_2_10_0, loncapaMITrelate_1, language_hyphenation_merge, language_hyphenation, bz6209-base, bz6209, bz5969, bz2851, PRINT_INCOMPLETE_base, PRINT_INCOMPLETE, HEAD, GCI_3, GCI_2, GCI_1, BZ5971-printing-apage, BZ5434-fox, BZ4492-merge, BZ4492-feature_horizontal_radioresponse
- Document customization of localauth.pm

    1: \label{Institutional_Integration_Authentication}
    2: When a user is assigned an authentication type of {}``Local authentication''
    3: , the perl module /home/httpd/lib/perl/localauth.pm will be used to
    4: evaluate the user's credentials. The documentation included in the
    5: stub provided with a LON-CAPA installation describes the basic operation
    6: of localauth.pm
    7: 
    8: The localauth routine receives four arguments (in the order: two required,
    9: one optrional, another required).
   10: 
   11: \begin{enumerate}
   12: \item the username the user types in.
   13: \item the password the user typed in.
   14: \item optional information stored when the authentication mechanism was
   15: specified for the user ({}``Local authentication with argument: ....{}``)
   16: \item the domain the user typed in.
   17: \end{enumerate}
   18: The routine will return 1 if the user is authenticated and 0 otherwise,
   19: and it can optionally return a negative value for an error condition.
   20: This negative value will be logged along with the username used in
   21: the failed authentication which resulted in the error condition.
   22: 
   23: A common use of localauth.pm is to connect with an LDAP service.
   24: 
   25: \begin{quotation}
   26: \texttt{package localauth;}
   27: 
   28: \texttt{use strict;}
   29: 
   30: \texttt{use Net::LDAP;}
   31: 
   32: \texttt{use Net::LDAPS;}
   33: 
   34: \texttt{sub localauth \{}
   35: \begin{quotation}
   36: \texttt{my (\$username,\$password) = @\_;}
   37: 
   38: \texttt{my \$ldap\_host\_name = ''; \# insert the host name of your
   39: ldap server, e.g., ldap.msu.edu}
   40: 
   41: \texttt{my \$ldap\_ca\_file\_name = ''; \# insert the ldap certificate
   42: filename - include absolute path}
   43: 
   44: \texttt{\# certificate is required if you wish to encrypt the password.}
   45: 
   46: \texttt{\# e.g., /home/http/perl/lib/local/ldap.certificate}
   47: 
   48: \texttt{my \$ldap\_search\_base = ''; \# ldap search base, this might
   49: be set to 'o=msu.edu'.}
   50: 
   51: \texttt{my \$ldap = Net::LDAPS->new(}
   52: \begin{quotation}
   53: \texttt{\$ldap\_host\_name, }
   54: 
   55: \texttt{verify => 'require', \# 'require' -> a certificate is needed,
   56: -> 'none' if no certificate used}
   57: 
   58: \texttt{cafile => \$ldap\_ca\_file\_name,}
   59: \end{quotation}
   60: \texttt{);}
   61: 
   62: \texttt{if (!(defined(\$ldap))) \{}
   63: \begin{quotation}
   64: \texttt{return (0);}
   65: \end{quotation}
   66: \texttt{\}}
   67: 
   68: \texttt{\$ldap->bind;}
   69: 
   70: \texttt{my \$search\_string = '(uid='.\$username.')';}
   71: 
   72: \texttt{my \$mesg = \$ldap->search (}
   73: \begin{quotation}
   74: \texttt{base => \$ldap\_search\_base,}
   75: 
   76: \texttt{filter => \$search\_string,}
   77: 
   78: \texttt{attrs => {[}'dn'] ,}
   79: \end{quotation}
   80: \texttt{);}
   81: 
   82: \texttt{if (\$mesg->code) \{}
   83: \begin{quotation}
   84: \texttt{\$ldap->unbind;}
   85: 
   86: \texttt{\$ldap->disconnect;}
   87: 
   88: \texttt{return (0);}
   89: \end{quotation}
   90: \texttt{\}}
   91: 
   92: \texttt{my @entries = \$mesg->all\_entries;}
   93: 
   94: \texttt{if (@entries > 0) \{}
   95: \begin{quotation}
   96: \texttt{\$ldap->unbind;}
   97: 
   98: \texttt{\$ldap->disconnect;}
   99: 
  100: \texttt{return (0);}
  101: \end{quotation}
  102: \texttt{\}}
  103: 
  104: \texttt{\$mesg = \$ldap->bind (}
  105: \begin{quotation}
  106: \texttt{dn => \$entries{[}0]->dn,}
  107: 
  108: \texttt{password => \$password,}
  109: \end{quotation}
  110: \texttt{);}
  111: 
  112: \texttt{\$ldap->unbind;}
  113: 
  114: \texttt{\$ldap->disconnect;}
  115: 
  116: \texttt{if (\$mesg->code) \{}
  117: \begin{quotation}
  118: \texttt{return (0)}
  119: \end{quotation}
  120: \texttt{\}}
  121: 
  122: \texttt{return (1);}
  123: \end{quotation}
  124: \texttt{\}}
  125: 
  126: \texttt{1;}
  127: \end{quotation}
  128:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>