(Answer) (Category) Faq-O-Matic Faq-O-Matic : (Category) Administrators' Guide : (Category) Suggestions : (Category) Authentication :
How to configure LDAP authentication
The following patch can be applied to AuthLocal.pm to get LDAP authentication to work. This is a complete hack that will work until FAQ-O-Matic authentication modules are officially written/supported. 
===================================================================
RCS file: /var/cvs/FAQ-OMatic/lib/FAQ/OMatic/AuthLocal.pm,v
retrieving revision 1.1
retrieving revision 1.5
diff -u -r1.1 -r1.5
--- FAQ-OMatic/lib/FAQ/OMatic/AuthLocal.pm      2002/12/19 15:44:23     1.1
+++ FAQ-OMatic/lib/FAQ/OMatic/AuthLocal.pm      2002/12/19 19:50:32     1.5
@@ -24,31 +24,46 @@
 # http://www.gnu.org/copyleft/gpl.html                                       #
 #                                                                            #
 ##############################################################################
+# LDAP authentication changes by Sean Sosik-Hamor <sean@trunkmonkey.com>.    #
+#                                                                            #
+# The cgi-bin/fom-meta/config file must be modified to change $adminAuth     #
+# from the administrator's email address to the administrator's LDAP uid or  #
+# the administrator will no longer be able to login.  $adminEmail must also  #
+# be changed to a valid email address for receiving errors.                  #
+#                                                                            #
+# This modification is an unfinished hack.  All new FAQ items created by a   #
+# user logged in using LDAP authentication will have an invalid mailto: on   #
+# the author's username.  $antiSpam can be changed to nameonly to eliminate  #
+# the bad mailto:.                                                           #
+#                                                                            #
+##############################################################################
 
 use strict;
+use Net::LDAP;
 
 package FAQ::OMatic::AuthLocal;
 
-# To implement a local authentication scheme, return a true value
-# if the id and password are valid, else return a false value.
-#
-# (There should be a way for you to also hide or override the
-# 'set a new password' mechanism, but there isn't as of this writing,
-# version 2.504.)
-
 sub checkPassword {
        my $id = shift;
        my $pass = shift;
 
-       my ($idf,$passf,@rest) = FAQ::OMatic::Auth::readIDfile($id);
-       if ((defined $idf)
-               and ($idf eq $id)
-               and ($passf ne '__INVALID__')   # avoid the obvious vandal's hole...
-               and FAQ::OMatic::Auth::checkCryptPass($pass, $passf)) {
-               return 'true';
-       }
+    # Change variables to appropriate values once deployed on server. 
+    my $host          = 'ldap.company.com';
+    my $base          = "ou=People,dc=company,dc=com";
+    my $port          = 389;
+    my $bind_dn       = "uid=$id,$base";
+
+    my $ldap = Net::LDAP->new( $host, port => 389 );
+
+    my $ldap_msg = $ldap->bind( dn => $bind_dn, password => $pass );
+    if ( my $code = $ldap_msg->code ) {
+        # Fail login if authentication fails.
+        return undef;
+    }
+
+$ldap->unbind;
+return 'true';
 
-       return undef;
 }
 
 1;
[Append to This Answer]
Previous: (Answer) using existing user-databases for authentication
This document is: http://www.jonh.net/cgi-bin/faqomatic/fom?file=1791
[Search] [Appearance]
This is a Faq-O-Matic 2.718d.
Hosted by SourceForge Logo and jonh.net.