Proof-of-concept LDAP server that supports authentication-via-bind-only against a Koha patron database.

koha-ldap-server.pl

#!/usr/bin/perl

# Proof-of-concept LDAP server that supports
# authentication-via-bind-only against a Koha
# patron database.

use strict;
use warnings;

package KohaLDAPServer;

use Net::LDAP::Server;
use Net::LDAP::Constant qw(LDAP_SUCCESS LDAP_OPERATIONS_ERROR LDAP_INVALID_CREDENTIALS);
use base 'Net::LDAP::Server';
use C4::Context;
use C4::Auth;

sub bind {
    my $self = shift;
    my ($req, $fullRequest) = @_;

    my ($username) = $req->{name} =~ /uid=([^,]+)/;
    my $pw = $req->{authentication}->{simple};
    return({
        matchedDN => '',
        errorMessage => 'username or password not supplied',
        resultCode   => LDAP_OPERATIONS_ERROR,
    }) unless defined($username) && defined($pw);

    my $dbh = C4::Context->dbh();
    my $valid = C4::Auth::checkpw($dbh, $username, $pw);
    if ($valid) {
        return({
            matchedDN => $req->{name},
            errorMessage => '',
            resultCode => LDAP_SUCCESS,
        });
    } else {
        return({
            matchedDN => '',
            errorMessage => 'the password, it does not work!',
            resultCode   => LDAP_INVALID_CREDENTIALS,
        });
    }
}

package main;

use IO::Select;
use IO::Socket;

my $socket = IO::Socket::INET->new(
    Listen    => 5,
    Proto     => 'tcp',
    Reuse     => 1,
    LocalPort => 9090,
);

my $select = IO::Select->new($socket);
my %handlers;
while (my @ready = $select->can_read) {
    foreach my $fh (@ready) {
        if ($fh == $socket) {
            # let's create a new socket
            my $psock = $socket->accept;
            $select->add($psock);
            $handlers{*$psock} = KohaLDAPServer->new($psock);
        } else {
            my $result = $handlers{*$fh}->handle;
            if ($result) {
                # we have finished with the socket
                $select->remove($fh);
                $fh->close;
                delete $handlers{*$fh};
            }
        }
    }
}

# Copyright (C) 2014 Galen Charlton
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
#
#    (1) Redistributions of source code must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
#
#    (2) Redistributions in binary form must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer in
#    the documentation and/or other materials provided with the
#    distribution.
#
#    (3)The name of the author may not be used to
#    endorse or promote products derived from this software without
#    specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
# IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.