Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Proof-of-concept LDAP server that supports authentication-via-bind-only against a Koha patron database.
#!/usr/bin/perl
# Proof-of-concept LDAP server that supports
# authentication-via-bind-only against a Koha
# patron database.
use strict;
use warnings;
package KohaLDAPServer;
use Net::LDAP::Server;
use Net::LDAP::Constant qw(LDAP_SUCCESS LDAP_OPERATIONS_ERROR LDAP_INVALID_CREDENTIALS);
use base 'Net::LDAP::Server';
use C4::Context;
use C4::Auth;
sub bind {
my $self = shift;
my ($req, $fullRequest) = @_;
my ($username) = $req->{name} =~ /uid=([^,]+)/;
my $pw = $req->{authentication}->{simple};
return({
matchedDN => '',
errorMessage => 'username or password not supplied',
resultCode => LDAP_OPERATIONS_ERROR,
}) unless defined($username) && defined($pw);
my $dbh = C4::Context->dbh();
my $valid = C4::Auth::checkpw($dbh, $username, $pw);
if ($valid) {
return({
matchedDN => $req->{name},
errorMessage => '',
resultCode => LDAP_SUCCESS,
});
} else {
return({
matchedDN => '',
errorMessage => 'the password, it does not work!',
resultCode => LDAP_INVALID_CREDENTIALS,
});
}
}
package main;
use IO::Select;
use IO::Socket;
my $socket = IO::Socket::INET->new(
Listen => 5,
Proto => 'tcp',
Reuse => 1,
LocalPort => 9090,
);
my $select = IO::Select->new($socket);
my %handlers;
while (my @ready = $select->can_read) {
foreach my $fh (@ready) {
if ($fh == $socket) {
# let's create a new socket
my $psock = $socket->accept;
$select->add($psock);
$handlers{*$psock} = KohaLDAPServer->new($psock);
} else {
my $result = $handlers{*$fh}->handle;
if ($result) {
# we have finished with the socket
$select->remove($fh);
$fh->close;
delete $handlers{*$fh};
}
}
}
}
# Copyright (C) 2014 Galen Charlton
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
#
# (1) Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#
# (2) Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in
# the documentation and/or other materials provided with the
# distribution.
#
# (3)The name of the author may not be used to
# endorse or promote products derived from this software without
# specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
# IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.