File:
[LON-CAPA] /
loncom /
html /
adm /
help /
tex /
Institutional_Integration_Authentication.tex
Revision
1.1:
download - view:
text,
annotated -
select for diffs
Tue Jul 29 17:35:12 2008 UTC (16 years ago) by
raeburn
Branches:
MAIN
CVS tags:
version_2_9_X,
version_2_9_99_0,
version_2_9_1,
version_2_9_0,
version_2_8_X,
version_2_8_99_1,
version_2_8_99_0,
version_2_8_2,
version_2_8_1,
version_2_8_0,
version_2_7_X,
version_2_7_99_1,
version_2_7_99_0,
version_2_7_1,
version_2_7_0,
version_2_6_99_1,
version_2_11_1,
version_2_11_0_RC3,
version_2_11_0_RC2,
version_2_11_0_RC1,
version_2_11_0,
version_2_10_X,
version_2_10_1,
version_2_10_0_RC2,
version_2_10_0_RC1,
version_2_10_0,
loncapaMITrelate_1,
language_hyphenation_merge,
language_hyphenation,
bz6209-base,
bz6209,
bz5969,
bz2851,
PRINT_INCOMPLETE_base,
PRINT_INCOMPLETE,
HEAD,
GCI_3,
GCI_2,
GCI_1,
BZ5971-printing-apage,
BZ5434-fox,
BZ4492-merge,
BZ4492-feature_horizontal_radioresponse
- Document customization of localauth.pm
1: \label{Institutional_Integration_Authentication}
2: When a user is assigned an authentication type of {}``Local authentication''
3: , the perl module /home/httpd/lib/perl/localauth.pm will be used to
4: evaluate the user's credentials. The documentation included in the
5: stub provided with a LON-CAPA installation describes the basic operation
6: of localauth.pm
7:
8: The localauth routine receives four arguments (in the order: two required,
9: one optrional, another required).
10:
11: \begin{enumerate}
12: \item the username the user types in.
13: \item the password the user typed in.
14: \item optional information stored when the authentication mechanism was
15: specified for the user ({}``Local authentication with argument: ....{}``)
16: \item the domain the user typed in.
17: \end{enumerate}
18: The routine will return 1 if the user is authenticated and 0 otherwise,
19: and it can optionally return a negative value for an error condition.
20: This negative value will be logged along with the username used in
21: the failed authentication which resulted in the error condition.
22:
23: A common use of localauth.pm is to connect with an LDAP service.
24:
25: \begin{quotation}
26: \texttt{package localauth;}
27:
28: \texttt{use strict;}
29:
30: \texttt{use Net::LDAP;}
31:
32: \texttt{use Net::LDAPS;}
33:
34: \texttt{sub localauth \{}
35: \begin{quotation}
36: \texttt{my (\$username,\$password) = @\_;}
37:
38: \texttt{my \$ldap\_host\_name = ''; \# insert the host name of your
39: ldap server, e.g., ldap.msu.edu}
40:
41: \texttt{my \$ldap\_ca\_file\_name = ''; \# insert the ldap certificate
42: filename - include absolute path}
43:
44: \texttt{\# certificate is required if you wish to encrypt the password.}
45:
46: \texttt{\# e.g., /home/http/perl/lib/local/ldap.certificate}
47:
48: \texttt{my \$ldap\_search\_base = ''; \# ldap search base, this might
49: be set to 'o=msu.edu'.}
50:
51: \texttt{my \$ldap = Net::LDAPS->new(}
52: \begin{quotation}
53: \texttt{\$ldap\_host\_name, }
54:
55: \texttt{verify => 'require', \# 'require' -> a certificate is needed,
56: -> 'none' if no certificate used}
57:
58: \texttt{cafile => \$ldap\_ca\_file\_name,}
59: \end{quotation}
60: \texttt{);}
61:
62: \texttt{if (!(defined(\$ldap))) \{}
63: \begin{quotation}
64: \texttt{return (0);}
65: \end{quotation}
66: \texttt{\}}
67:
68: \texttt{\$ldap->bind;}
69:
70: \texttt{my \$search\_string = '(uid='.\$username.')';}
71:
72: \texttt{my \$mesg = \$ldap->search (}
73: \begin{quotation}
74: \texttt{base => \$ldap\_search\_base,}
75:
76: \texttt{filter => \$search\_string,}
77:
78: \texttt{attrs => {[}'dn'] ,}
79: \end{quotation}
80: \texttt{);}
81:
82: \texttt{if (\$mesg->code) \{}
83: \begin{quotation}
84: \texttt{\$ldap->unbind;}
85:
86: \texttt{\$ldap->disconnect;}
87:
88: \texttt{return (0);}
89: \end{quotation}
90: \texttt{\}}
91:
92: \texttt{my @entries = \$mesg->all\_entries;}
93:
94: \texttt{if (@entries > 0) \{}
95: \begin{quotation}
96: \texttt{\$ldap->unbind;}
97:
98: \texttt{\$ldap->disconnect;}
99:
100: \texttt{return (0);}
101: \end{quotation}
102: \texttt{\}}
103:
104: \texttt{\$mesg = \$ldap->bind (}
105: \begin{quotation}
106: \texttt{dn => \$entries{[}0]->dn,}
107:
108: \texttt{password => \$password,}
109: \end{quotation}
110: \texttt{);}
111:
112: \texttt{\$ldap->unbind;}
113:
114: \texttt{\$ldap->disconnect;}
115:
116: \texttt{if (\$mesg->code) \{}
117: \begin{quotation}
118: \texttt{return (0)}
119: \end{quotation}
120: \texttt{\}}
121:
122: \texttt{return (1);}
123: \end{quotation}
124: \texttt{\}}
125:
126: \texttt{1;}
127: \end{quotation}
128:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>