vyos-auth-ldap.pl
All Users
Actions

Authored By

	jhendryUK
	Nov 12 2016, 12:21 PM

Size

1 KB

Referenced Files

None

Subscribers

None

vyos-auth-ldap.pl
View Options

	#!/usr/bin/perl -t
	use strict;
	use warnings;
	use Net::LDAP;

	my $LDAP_PEOPLE_BASE="ou=People,ou=Company,o=LDAPRoot";
	my $LDAP_SEARCH_USER="cn=pamclient,ou=System,ou=People,ou=Company,o=LDAPRoot";
	my $LDAP_SEARCH_PASSWORD="PamClientPassword";
	my $LDAP_AUTH_SERVER="8.8.8.8 8.8.4.4";
	sub exit_error;
	my $ARG;


	if ($ARG = shift @ARGV) {
	if (!open (UPFILE, "<$ARG")) {
	print "Could not open username/password file: $ARG\n";
	exit 1;
	}
	} else {
	print "No username/password file specified on command line\n";
	exit 1;
	}

	my $username = <UPFILE>;
	my $password = <UPFILE>;

	print "LDAP Auth: $username\n";

	if (!$username \|\| !$password) {
	print "Username/password not found in file: $ARG\n";
	exit 1;
	}

	chomp $username;
	chomp $password;

	close (UPFILE);

	my $auth_server = Net::LDAP->new($LDAP_AUTH_SERVER) or die "$@";
	my $mesg = $auth_server->bind( $LDAP_SEARCH_USER, password => $LDAP_SEARCH_PASSWORD, version => 3);
	if ($mesg->code()) {
	exit_error();
	}

	my @attrs = ("ou");
	$mesg = $auth_server->search(
	base => $LDAP_PEOPLE_BASE,
	scope => "sub",
	filter => "(&(mail=$username)(accountActive=TRUE))",
	attrs => \@attrs
	);
	if ($mesg->code()) {
	exit_error();
	}
	my @users = $mesg->entries;
	if (scalar(@users) != 1) {
	exit_error();
	}
	my $udn = $users[0]->dn();
	$auth_server->unbind;

	$auth_server = Net::LDAP->new($LDAP_AUTH_SERVER) or die "$@";
	$mesg = $auth_server->bind( $udn, password => $password, version => 3);
	if ($mesg->code()) {
	exit_error();
	}

	exit 0;
	sub exit_error {
	print "Username or password incorrect\n";
	$auth_server->unbind;
	exit 1;

	}