File:
[LON-CAPA] /
loncom /
html /
adm /
help /
tex /
Institutional_Integration_Authentication.tex
Revision
1.2:
download - view:
text,
annotated -
select for diffs
Sat Aug 20 17:48:12 2016 UTC (8 years, 2 months ago) by
raeburn
Branches:
MAIN
CVS tags:
version_2_12_X,
version_2_11_X,
version_2_11_5_msu,
version_2_11_5,
version_2_11_4_uiuc,
version_2_11_4_msu,
version_2_11_4,
version_2_11_3_uiuc,
version_2_11_3_msu,
version_2_11_3,
version_2_11_2_uiuc,
version_2_11_2_msu,
version_2_11_2_educog,
version_2_11_2,
HEAD
- Use LaTeX-style single and double quotes.
\label{Institutional_Integration_Authentication}
When a user is assigned an authentication type of {}``Local authentication''
, the perl module /home/httpd/lib/perl/localauth.pm will be used to
evaluate the user's credentials. The documentation included in the
stub provided with a LON-CAPA installation describes the basic operation
of localauth.pm
The localauth routine receives four arguments (in the order: two required,
one optrional, another required).
\begin{enumerate}
\item the username the user types in.
\item the password the user typed in.
\item optional information stored when the authentication mechanism was
specified for the user ({}``Local authentication with argument: ....{}``)
\item the domain the user typed in.
\end{enumerate}
The routine will return 1 if the user is authenticated and 0 otherwise,
and it can optionally return a negative value for an error condition.
This negative value will be logged along with the username used in
the failed authentication which resulted in the error condition.
A common use of localauth.pm is to connect with an LDAP service.
\begin{quotation}
\texttt{package localauth;}
\texttt{use strict;}
\texttt{use Net::LDAP;}
\texttt{use Net::LDAPS;}
\texttt{sub localauth \{}
\begin{quotation}
\texttt{my (\$username,\$password) = @\_;}
\texttt{my \$ldap\_host\_name = `'; \# insert the host name of your
ldap server, e.g., ldap.msu.edu}
\texttt{my \$ldap\_ca\_file\_name = `'; \# insert the ldap certificate
filename - include absolute path}
\texttt{\# certificate is required if you wish to encrypt the password.}
\texttt{\# e.g., /home/http/perl/lib/local/ldap.certificate}
\texttt{my \$ldap\_search\_base = `'; \# ldap search base, this might
be set to `o=msu.edu'.}
\texttt{my \$ldap = Net::LDAPS->new(}
\begin{quotation}
\texttt{\$ldap\_host\_name, }
\texttt{verify => `require', \# `require' -> a certificate is needed,
-> `none' if no certificate used}
\texttt{cafile => \$ldap\_ca\_file\_name,}
\end{quotation}
\texttt{);}
\texttt{if (!(defined(\$ldap))) \{}
\begin{quotation}
\texttt{return (0);}
\end{quotation}
\texttt{\}}
\texttt{\$ldap->bind;}
\texttt{my \$search\_string = `(uid=``.\$username.'')';}
\texttt{my \$mesg = \$ldap->search (}
\begin{quotation}
\texttt{base => \$ldap\_search\_base,}
\texttt{filter => \$search\_string,}
\texttt{attrs => {[}`dn'] ,}
\end{quotation}
\texttt{);}
\texttt{if (\$mesg->code) \{}
\begin{quotation}
\texttt{\$ldap->unbind;}
\texttt{\$ldap->disconnect;}
\texttt{return (0);}
\end{quotation}
\texttt{\}}
\texttt{my @entries = \$mesg->all\_entries;}
\texttt{if (@entries > 0) \{}
\begin{quotation}
\texttt{\$ldap->unbind;}
\texttt{\$ldap->disconnect;}
\texttt{return (0);}
\end{quotation}
\texttt{\}}
\texttt{\$mesg = \$ldap->bind (}
\begin{quotation}
\texttt{dn => \$entries{[}0]->dn,}
\texttt{password => \$password,}
\end{quotation}
\texttt{);}
\texttt{\$ldap->unbind;}
\texttt{\$ldap->disconnect;}
\texttt{if (\$mesg->code) \{}
\begin{quotation}
\texttt{return (0)}
\end{quotation}
\texttt{\}}
\texttt{return (1);}
\end{quotation}
\texttt{\}}
\texttt{1;}
\end{quotation}
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/back.gif){kind=icon}
Return to Institutional_Integration_Authentication.tex CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom / html / adm / help / tex