Authen::Simple::LDAP (3pm)

Simple ldap authentication

  1. Carta.tech
  2. Man Pages
  3. MISSING SECTION
  4. Authen::Simple::LDAP: Simple ldap authentication
  1. Carta.tech
  2. Packages
  3. libauthen-simple-ldap-perl
  4. Authen::Simple::LDAP: Simple ldap authentication

SYNOPSIS

    use Authen::Simple::LDAP;

    my $ldap = Authen::Simple::LDAP->new(
        host    => 'ldap.company.com',
        basedn  => 'ou=People,dc=company,dc=net'
    );

    if ( $ldap->authenticate( $username, $password ) ) {
        # successfull authentication
    }

    # or as a mod_perl Authen handler

    PerlModule Authen::Simple::Apache
    PerlModule Authen::Simple::LDAP

    PerlSetVar AuthenSimpleLDAP_host   "ldap.company.com"
    PerlSetVar AuthenSimpleLDAP_basedn "ou=People,dc=company,dc=net"

    <Location /protected>
      PerlAuthenHandler Authen::Simple::LDAP
      AuthType          Basic
      AuthName          "Protected Area"
      Require           valid-user
    </Location>

DESCRIPTION

Authenticate against a \s-1LDAP\s0 service.

METHODS

  • new This method takes a hash of parameters. The following options are valid:

    • host Connection host, can be a hostname, \s-1IP\s0 number or a \s-1URI\s0. Defaults to \*(C`localhost\*(C'. host => ldap.company.com host => 10.0.0.1 host => ldap://ldap.company.com:389 host => ldaps://ldap.company.com

    • port Connection port, default to 389. May be overridden by host if host is a \s-1URI\s0. port => 389

    • timeout Connection timeout, defaults to 60. timeout => 60

    • version The \s-1LDAP\s0 version to use, defaults to 3. version => 3

    • binddn The distinguished name to bind to the server with, defaults to bind anonymously. binddn => 'uid=proxy,cn=users,dc=company,dc=com'

    • bindpw The credentials to bind with. bindpw => 'secret'

    • basedn The distinguished name of the search base. basedn => 'cn=users,dc=company,dc=com'

    • filter \s-1LDAP\s0 filter to use in search, defaults to \*(C`(uid=%s)\*(C'. filter => '(uid=%s)'

    • scope The search scope, can be \*(C`base\*(C', \*(C`one\*(C' or \*(C`sub\*(C', defaults to \*(C`sub\*(C'. filter => 'sub'

    • log Any object that supports \*(C`debug\*(C', \*(C`info\*(C', \*(C`error\*(C' and \*(C`warn\*(C'. log => Log::Log4perl->get_logger('Authen::Simple::LDAP')

  • authenticate( $username, $password ) Returns true on success and false on failure.

EXAMPLE USAGE

Apple Open Directory

my $ldap = Authen::Simple::LDAP->new( host => 'od.company.com', basedn => 'cn=users,dc=company,dc=com', filter => '(&(objectClass=inetOrgPerson)(objectClass=posixAccount)(uid=%s))' );

Microsoft Active Directory

my $ldap = Authen::Simple::LDAP->new( host => 'ad.company.com', binddn => '[email protected]', bindpw => 'secret', basedn => 'cn=users,dc=company,dc=com', filter => '(&(objectClass=organizationalPerson)(objectClass=user)(sAMAccountName=%s))' );

Active Directory by default does not allow anonymous binds. It's recommended that a proxy user is used that has sufficient rights to search the desired tree and attributes.

RELATED TO Authen::Simple::LDAP…

Authen::Simple::ActiveDirectory.

Authen::Simple.

Net::LDAP.

AUTHOR

Christian Hansen \*(C`[email protected]\*(C'

COPYRIGHT

This program is free software, you can redistribute it and/or modify it under the same terms as Perl itself.