#!/usr/bin/perl -t
use strict;
use warnings;
use Net::LDAP;

my $LDAP_PEOPLE_BASE="ou=People,ou=Company,o=LDAPRoot";
my $LDAP_SEARCH_USER="cn=pamclient,ou=System,ou=People,ou=Company,o=LDAPRoot";
my $LDAP_SEARCH_PASSWORD="PamClientPassword";
my $LDAP_AUTH_SERVER="8.8.8.8 8.8.4.4";
sub exit_error;
my $ARG;


if ($ARG = shift @ARGV) {
    if (!open (UPFILE, "<$ARG")) {
    print "Could not open username/password file: $ARG\n";
    exit 1;
    }
} else {
    print "No username/password file specified on command line\n";
    exit 1;
}

my $username = <UPFILE>;
my $password = <UPFILE>;

print "LDAP Auth: $username\n";

if (!$username || !$password) {
    print "Username/password not found in file: $ARG\n";
    exit 1;
}

chomp $username;
chomp $password;

close (UPFILE);

my $auth_server = Net::LDAP->new($LDAP_AUTH_SERVER) or die "$@";
my $mesg = $auth_server->bind( $LDAP_SEARCH_USER, password => $LDAP_SEARCH_PASSWORD,  version => 3);
if ($mesg->code()) { 
    exit_error();
}

my @attrs = ("ou");
$mesg = $auth_server->search(
    base   => $LDAP_PEOPLE_BASE,
    scope => "sub",
    filter => "(&(mail=$username)(accountActive=TRUE))",
    attrs => \@attrs
    );
if ($mesg->code()) {
    exit_error();
}
my @users = $mesg->entries;
if (scalar(@users) != 1) {
    exit_error();
}
my $udn = $users[0]->dn();
$auth_server->unbind;

$auth_server = Net::LDAP->new($LDAP_AUTH_SERVER) or die "$@";
$mesg = $auth_server->bind( $udn, password => $password,  version => 3);
if ($mesg->code()) { 
    exit_error();
}

exit 0;
sub exit_error {
    print "Username or password incorrect\n";
    $auth_server->unbind;
    exit 1; 

}