Page Menu
Home
VyOS Platform
Search
Configure Global Search
Log In
Files
F2839
vyos-auth-ldap.pl
All Users
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Authored By
jhendryUK
Nov 12 2016, 12:21 PM
2016-11-12 12:21:28 (UTC+0)
Size
1 KB
Referenced Files
None
Subscribers
None
vyos-auth-ldap.pl
View Options
#
!
/
usr
/
bin
/
perl
-
t
use
strict
;
use
warnings
;
use
Net
::
LDAP
;
my
$
LDAP_PEOPLE_BASE
=
"ou=People,ou=Company,o=LDAPRoot"
;
my
$
LDAP_SEARCH_USER
=
"cn=pamclient,ou=System,ou=People,ou=Company,o=LDAPRoot"
;
my
$
LDAP_SEARCH_PASSWORD
=
"PamClientPassword"
;
my
$
LDAP_AUTH_SERVER
=
"8.8.8.8 8.8.4.4"
;
sub
exit_error
;
my
$
ARG
;
if
(
$
ARG
=
shift
@
ARGV
)
{
if
(!
open
(
UPFILE
,
"<$ARG"
))
{
print
"Could not open username/password file: $ARG\n"
;
exit
1
;
}
}
else
{
print
"No username/password file specified on command line\n"
;
exit
1
;
}
my
$
username
=
<
UPFILE
>
;
my
$
password
=
<
UPFILE
>
;
print
"LDAP Auth: $username\n"
;
if
(!
$
username
||
!
$
password
)
{
print
"Username/password not found in file: $ARG\n"
;
exit
1
;
}
chomp
$
username
;
chomp
$
password
;
close
(
UPFILE
);
my
$
auth_server
=
Net
::
LDAP
->
new
(
$
LDAP_AUTH_SERVER
)
or
die
"$@"
;
my
$
mesg
=
$
auth_server->
bind
(
$
LDAP_SEARCH_USER
,
password
=>
$
LDAP_SEARCH_PASSWORD
,
version
=>
3
);
if
(
$
mesg->
code
())
{
exit_error
();
}
my
@attrs
=
(
"ou"
);
$
mesg
=
$
auth_server->
search
(
base
=>
$
LDAP_PEOPLE_BASE
,
scope
=>
"sub"
,
filter
=>
"(&(mail=$username)(accountActive=TRUE))"
,
attrs
=>
\@attrs
);
if
(
$
mesg->
code
())
{
exit_error
();
}
my
@users
=
$
mesg->entries
;
if
(
scalar
(
@users
)
!
=
1
)
{
exit_error
();
}
my
$
udn
=
$
users
[
0
]
->
dn
();
$
auth_server->unbind
;
$
auth_server
=
Net
::
LDAP
->
new
(
$
LDAP_AUTH_SERVER
)
or
die
"$@"
;
$
mesg
=
$
auth_server->
bind
(
$
udn
,
password
=>
$
password
,
version
=>
3
);
if
(
$
mesg->
code
())
{
exit_error
();
}
exit
0
;
sub
exit_error
{
print
"Username or password incorrect\n"
;
$
auth_server->unbind
;
exit
1
;
}
File Metadata
Details
Attached
Mime Type
text/plain
Storage Engine
amazon-s3
Storage Format
Raw Data
Storage Handle
phabricator/wo/4c/mgvmaklov6yvekmp
Default Alt Text
vyos-auth-ldap.pl (1 KB)
Attached To
Mode
T190: two factor authentication for OpenVPN remote VPN tunnels
Attached
Detach File
Event Timeline
Log In to Comment