Hey Brad,
This is not neat, but attached you'll find some code that can do the job in
a full Mojolicious app. Should be .pm though.
I did use it to login successfully through ldap as discussed.
On Monday, 19 February 2018 14:29:09 UTC-5, Brad Robertson wrote:
>
> On Sun, Feb 18, 2018 at 05:48:08PM -0800, Luc Larochelle wrote:
> > Hey Brad this is looking good ! If you need me to share what I've done
> with net::ldaps + certificates let me know.
> >
> > Would be terrific if the session object was returned in some way so the
> that the AD entries are accessible.
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups "Mojolicious" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an email to [email protected] <javascript:>.
> > To post to this group, send email to [email protected]
> <javascript:>.
> > Visit this group at https://groups.google.com/group/mojolicious.
> > For more options, visit https://groups.google.com/d/optout.
>
> Sure, if you want to share, that would be great, thanks. I'll keep in
> mind your request for the LDAP session object to be returned. :-)
>
> Regards,
>
> --
> Brad Robertson
> <[email protected] <javascript:>>
>
--
You received this message because you are subscribed to the Google Groups
"Mojolicious" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/mojolicious.
For more options, visit https://groups.google.com/d/optout.
package Auth;
use Mojo::Base 'Mojolicious::Controller';
use Net::LDAPS;
use Data::Dumper;
my $SSLMODE = 1;
my $SSLCAFILE = 'mycert.ca';
my $SSLVERIFYCA = 0;
sub connectToLdap($) {
my $url = shift;
my $ldap;
my $verifyca = 'none';
if($SSLMODE) {
if($SSLVERIFYCA) {$verifyca = 'require';}
eval {$ldap = Net::LDAPS->new($url, verify => $verifyca, cafile => $SSLCAFILE)};
if ($@) { logger(0, $@); }
}
else {
$ldap = Net::LDAP->new($url);
}
return $ldap;
}
sub auth_netLDAP {
my $self = shift;
my $username = $self->param('username');
my $password = $self->param('password');
my $BINDUSER='CN=user,OU=unitDC=my,DC=domain,DC=com';
my $BINDPASS='xxxxxxxxxxx';
my $LDAPBASE="OU=unit,DC=my,DC=domain,DC=com";
my $LDAPUID = "samaccountname";
my $LDAPSERVERURL="ldaps://dapserver.domain.com";
my $LDAPError = 0;
# Need to have $username and $password before calling
my $ldap = connectToLdap($LDAPSERVERURL);
my $mesg = $ldap->bind($BINDUSER, password => $BINDPASS);
return unless $mesg;
if ($mesg->code) {
say "Error #" . $mesg->code . " binding to LDAP server.";
return;
}
$mesg = $ldap->search(base => $LDAPBASE, filter => "($LDAPUID=$username)");
if ($mesg->code) {
say "Error #" . $mesg->code . " searching LDAP server for $username.";
$ldap->unbind;
return;
}
my $entry = $mesg->entry(0);
$self->session->{givenName} = $entry->get_value("givenName");
$self->session->{displayName} = $entry->get_value("displayName");
if(!defined($entry)) {
say "User $username not found in LDAP.";
$ldap->unbind;
return;
} else {
my $dn = $entry->dn;
my $result = $ldap->bind(dn => $dn, password => $password);
}
$ldap->unbind;
return $self;
}
sub login {
use Net::LDAPS;
my $c = shift;
my $username = $c->param('username');
my $password = $c->param('password');
if ($c->auth_netLDAP) {
$c->session->{username} = $username;
print Dumper($c->stash);
my $user = {
username => $username,
password => '',
name => $c->session->{givenName},
};
#$c->stash->(givenName => $c->session->{givenName});
print Dumper($user);
$c->model->add_user($user);
}
$c->redirect_to('/');
}
sub logout {
my $c = shift;
$c->session(expires => 1);
$c->redirect_to('/');
}
1;
