File Coverage

lib/Net/Squid/Auth/Plugin/SimpleLDAP.pm

Criterion	Covered	Total	%
statement	15	15	100.0
branch			n/a
condition			n/a
subroutine	5	5	100.0
pod			n/a
total	20	20	100.0

line	stmt	sub	time	code
1				package Net::Squid::Auth::Plugin::SimpleLDAP;
2
3	1	1	36443	use warnings;
	1		1
	1		30
4	1	1	5	use strict;
	1		3
	1		44
5
6				# ABSTRACT: A simple LDAP-based credentials validation plugin for Net::Squid::Auth::Engine
7
8				our $VERSION = '0.1.84'; # VERSION
9
10	1	1	4	use Carp;
	1		2
	1		78
11	1	1	1134	use Net::LDAP 0.4001;
	1		193849
	1		9
12	1	1	105	use Scalar::Util qw/reftype/;
	1		3
	1		1347
13
14				sub new {
15				my ( $class, $config ) = @_;
16
17				my $reftype = reftype($config) \|\| '';
18				croak 'Must pass a config hash' unless $reftype eq 'HASH';
19
20				# some reasonable defaults
21				$config->{userattr} = 'cn' unless $config->{userattr};
22				$config->{passattr} = 'userPassword'
23				unless $config->{passattr};
24				$config->{objclass} = 'person' unless $config->{objclass};
25
26				# required information
27				foreach my $required qw(binddn bindpw basedn server) {
28				croak qq{Missing config parameter '$required'}
29				unless $config->{$required};
30				}
31
32				return bless { _cfg => $config }, $class;
33				}
34
35				sub initialize {
36				my $self = shift;
37
38				# connect
39				$self->{ldap} =
40				Net::LDAP->new( $self->config('server'), $self->config('NetLDAP') )
41				\|\| croak "Cannot connect to LDAP server: " . $self->config()->{server};
42
43				# bind
44				my $mesg =
45				$self->{ldap}
46				->bind( $self->config('binddn'), password => $self->config('bindpw') );
47				$mesg->code && croak "Error binding to LDAP server: " . $mesg->error;
48
49				return;
50				}
51
52				sub _search {
53				my ( $self, $search ) = @_;
54
55				# search
56				my $mesg = $self->{ldap}->search(
57				base => $self->config('basedn'),
58				scope => 'sub',
59				filter => '(&(objectClass='
60				. $self->config('objclass') . ')('
61				. $self->config('userattr') . '='
62				. "$search" . '))',
63				attrs => [ $self->config('userattr'), $self->config('passattr') ],
64				);
65
66				# if errors
67				if ( $mesg->code ) {
68				$mesg = $self->{ldap}->unbind;
69				$mesg->code && croak "Error searching LDAP server: " . $mesg->error;
70				}
71
72				# get results
73				my @entries = $mesg->entries();
74				my $result = {};
75
76				my $entry = shift @entries;
77				return $result unless $entry;
78
79				my $user;
80				if ( $self->config('userattr') =~ m/dn/i ) {
81				$user = $entry->dn();
82				}
83				else {
84				$user = $entry->get_value( $self->config('userattr') );
85				}
86				my $pw = $entry->get_value( $self->config('passattr') );
87
88				$result->{$user} = $pw;
89
90				carp "Found more than 1 entry for user ($user)" if shift @entries;
91
92				return $result;
93				}
94
95				sub is_valid {
96				my ( $self, $username, $password ) = @_;
97				my $result = $self->_search("$username");
98				return 0 unless exists $result->{$username};
99
100				return $result->{$username} eq $password;
101				}
102
103				sub config {
104				my ( $self, $key ) = @_;
105
106				return $self->{_cfg}->{$key};
107				}
108
109				1; # End of Net::Squid::Auth::Plugin::SimpleLDAP
110
111
112
113				=pod
114
115				=encoding utf-8
116
117				=head1 NAME
118
119				Net::Squid::Auth::Plugin::SimpleLDAP - A simple LDAP-based credentials validation plugin for Net::Squid::Auth::Engine
120
121				=head1 VERSION
122
123				version 0.1.84
124
125				=head1 SYNOPSIS
126
127				If you're a system administrator trying to use Net::Squid::Auth::Engine to
128				validate your user's credentials using a LDAP server as a credentials
129				repository, do as described here:
130
131				On C<$Config{InstallScript}/squid-auth-engine>'s configuration file:
132
133				plugin = SimpleLDAP
134
135				# LDAP server
136				server = myldap.server.somewhere # mandatory
137
138				# connection options
139				# optional section with
140				port = N # Net::LDAP's
141				scheme = 'ldap' \| 'ldaps' \| 'ldapi' # constructor
142				... # options
143
144
145				# bind options
146				binddn = cn=joedoe # mandatory
147				bindpw = secretpassword # mandatory
148
149				# search options
150				basedn = ou=mydept,o=mycompany.com # mandatory
151				objclass = inetOrgPerson # opt, default "person"
152				userattr = uid # opt, default "cn"
153				passattr = password # opt, default "userPassword"
154
155
156				Unless configured otherwise, this module will assume the users in your LDAP
157				directory belong to the object class C, as defined in section 3.12 of
158				RFC 4519, and the B and B information will be looked for in the
159				C and C attributes, respectively. Although you can choose
160				to use any other pair of attributes, the C can be set to C,
161				while the C can not.
162
163				On your Squid HTTP Cache configuration:
164
165				auth_param basic /usr/bin/squid-auth-engine /etc/squid-auth-engine.conf
166
167				And you're ready to use this module.
168
169				If you're a developer, you might be interested in reading through the source
170				code of this module, in order to learn about it's internals and how it works.
171				It may give you ideas about how to implement other plugin modules for
172				L.
173
174				=head1 METHODS
175
176				=head2 new( $config_hash )
177
178				Constructor. Expects a hash reference with all the configuration under the
179				section I<< >> in the C<$Config{InstallScript}/squid-auth-engine>
180				as parameter. Returns a plugin instance.
181
182				=head2 initialize()
183
184				Initialization method called upon instantiation. This provides an opportunity
185				for the plugin initialize itself, stablish database connections and ensure it
186				have all the necessary resources to verify the credentials presented. It
187				receives no parameters and expect no return values.
188
189				=head2 _search()
190
191				Searches the LDAP server. It expects one parameter with a search string for
192				the username. The search string must conform with the format used in LDAP
193				queries, as defined in section 3 of RFC 4515.
194
195				=head2 is_valid( $username, $password )
196
197				This is the credential validation interface. It expects a username and password
198				as parameters and returns a boolean indicating if the credentials are valid
199				(i.e., are listed in the configuration file) or not.
200
201				=head2 config( $key )
202
203				Accessor for a configuration setting given by key.
204
205				=head1 ACKNOWLEDGEMENTS
206
207				Luis "Fields" Motta Campos C<< >>, who could now say:
208
209				"The circle is now complete. When I left you, I was but the learner; now I am the master."
210
211				To what I'd reply:
212
213				"Only a master of Perl, Fields"
214
215				=for :stopwords cpan testmatrix url annocpan anno bugtracker rt cpants kwalitee diff irc mailto metadata placeholders metacpan
216
217				=head1 SUPPORT
218
219				=head2 Perldoc
220
221				You can find documentation for this module with the perldoc command.
222
223				perldoc Net::Squid::Auth::Plugin::SimpleLDAP
224
225				=head2 Websites
226
227				The following websites have more information about this module, and may be of help to you. As always,
228				in addition to those websites please use your favorite search engine to discover more resources.
229
230				=over 4
231
232				=item *
233
234				Search CPAN
235
236				The default CPAN search engine, useful to view POD in HTML format.
237
238				L
239
240				=item *
241
242				AnnoCPAN
243
244				The AnnoCPAN is a website that allows community annotations of Perl module documentation.
245
246				L
247
248				=item *
249
250				CPAN Ratings
251
252				The CPAN Ratings is a website that allows community ratings and reviews of Perl modules.
253
254				L
255
256				=item *
257
258				CPAN Forum
259
260				The CPAN Forum is a web forum for discussing Perl modules.
261
262				L
263
264				=item *
265
266				CPANTS
267
268				The CPANTS is a website that analyzes the Kwalitee ( code metrics ) of a distribution.
269
270				L
271
272				=item *
273
274				CPAN Testers
275
276				The CPAN Testers is a network of smokers who run automated tests on uploaded CPAN distributions.
277
278				L
279
280				=item *
281
282				CPAN Testers Matrix
283
284				The CPAN Testers Matrix is a website that provides a visual overview of the test results for a distribution on various Perls/platforms.
285
286				L
287
288				=back
289
290				=head2 Email
291
292				You can email the author of this module at C asking for help with any problems you have.
293
294				=head2 Internet Relay Chat
295
296				You can get live help by using IRC ( Internet Relay Chat ). If you don't know what IRC is,
297				please read this excellent guide: L. Please
298				be courteous and patient when talking to us, as we might be busy or sleeping! You can join
299				those networks/channels and get help:
300
301				=over 4
302
303				=item *
304
305				irc.perl.org
306
307				You can connect to the server at 'irc.perl.org' and join this channel: #sao-paulo.pm then talk to this person for help: russoz.
308
309				=back
310
311				=head2 Bugs / Feature Requests
312
313				Please report any bugs or feature requests by email to C, or through
314				the web interface at L. You will be automatically notified of any
315				progress on the request by the system.
316
317				=head2 Source Code
318
319				The code is open to the world, and available for you to hack on. Please feel free to browse it and play
320				with it, or whatever. If you want to contribute patches, please send me a diff or prod me to pull
321				from your repository :)
322
323				L
324
325				git clone https://github.com/russoz/Net-Squid-Auth-Plugin-SimpleLDAP.git
326
327				=head1 AUTHOR
328
329				Alexei Znamensky
330
331				=head1 COPYRIGHT AND LICENSE
332
333				This software is copyright (c) 2012 by Alexei Znamensky.
334
335				This is free software; you can redistribute it and/or modify it under
336				the same terms as the Perl 5 programming language system itself.
337
338				=head1 BUGS AND LIMITATIONS
339
340				You can make new bug reports, and view existing ones, through the
341				web interface at L.
342
343				=head1 DISCLAIMER OF WARRANTY
344
345				BECAUSE THIS SOFTWARE IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
346				FOR THE SOFTWARE, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT
347				WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER
348				PARTIES PROVIDE THE SOFTWARE "AS IS" WITHOUT WARRANTY OF ANY KIND,
349				EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE
350				IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
351				PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
352				SOFTWARE IS WITH YOU. SHOULD THE SOFTWARE PROVE DEFECTIVE, YOU ASSUME
353				THE COST OF ALL NECESSARY SERVICING, REPAIR, OR CORRECTION.
354
355				IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
356				WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
357				REDISTRIBUTE THE SOFTWARE AS PERMITTED BY THE ABOVE LICENCE, BE LIABLE
358				TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL, OR
359				CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE
360				SOFTWARE (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING
361				RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
362				FAILURE OF THE SOFTWARE TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
363				SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
364				DAMAGES.
365
366				=cut
367
368
369				__END__