Index

NAME
SYNOPSIS
DESCRIPTION
METHODS
- * new
- - * host
  - * port
  - * timeout
  - * version
  - * binddn
  - * bindpw
  - * basedn
  - * filter
  - * scope
  - * log
- * authenticate( $username, $password )
EXAMPLE USAGE
- Apple Open Directory
- Microsoft Active Directory
SEE ALSO
AUTHOR
COPYRIGHT

NAME

Authen::Simple::LDAP - Simple LDAP authentication

SYNOPSIS

    use Authen::Simple::LDAP;

    my $ldap = Authen::Simple::LDAP->new( 
        host    => 'ldap.company.com',
        basedn  => 'ou=People,dc=company,dc=net'
    );

    if ( $ldap->authenticate( $username, $password ) ) {
        # successfull authentication
    }

    # or as a mod_perl Authen handler

    PerlModule Authen::Simple::Apache
    PerlModule Authen::Simple::LDAP

    PerlSetVar AuthenSimpleLDAP_host   "ldap.company.com"
    PerlSetVar AuthenSimpleLDAP_basedn "ou=People,dc=company,dc=net"

    <Location /protected>
      PerlAuthenHandler Authen::Simple::LDAP
      AuthType          Basic
      AuthName          "Protected Area"
      Require           valid-user
    </Location>

DESCRIPTION

Authenticate against a LDAP service.

METHODS

* new

This method takes a hash of parameters. The following options are valid:

* host

Connection host, can be a hostname, IP number or a URI. Defaults to localhost.

    host => ldap.company.com
    host => 10.0.0.1
    host => ldap://ldap.company.com:389
    host => ldaps://ldap.company.com

* port

Connection port, default to 389. May be overriden by host if host is a URI.

    port => 389

* timeout

Connection timeout, defaults to 60.

    timeout => 60

* version

The LDAP version to use, defaults to 3.

    version => 3

* binddn

The distinguished name to bind to the server with, defaults to bind anonymously.

    binddn => 'uid=proxy,cn=users,dc=company,dc=com'

* bindpw

The credentials to bind with.

    bindpw => 'secret'

* basedn

The distinguished name of the search base.

    basedn => 'cn=users,dc=company,dc=com'

* filter

LDAP filter to use in search, defaults to (uid=%s).

    filter => '(uid=%s)'

* scope

The search scope, can be base, one or sub, defaults to sub.

    filter => 'sub'

* log

Any object that supports debug, info, error and warn.

    log => Log::Log4perl->get_logger('Authen::Simple::LDAP')

* authenticate( $username, $password )

Returns true on success and false on failure.

EXAMPLE USAGE

Apple Open Directory

    my $ldap = Authen::Simple::LDAP->new(
        host    => 'od.company.com',
        basedn  => 'cn=users,dc=company,dc=com',
        filter  => '(&(objectClass=inetOrgPerson)(objectClass=posixAccount)(uid=%s))'
    );

Microsoft Active Directory

    my $ldap = Authen::Simple::LDAP->new(
        host    => 'ad.company.com',
        binddn  => 'proxyuser@company.com',
        bindpw  => 'secret',
        basedn  => 'cn=users,dc=company,dc=com',
        filter  => '(&(objectClass=organizationalPerson)(objectClass=user)(sAMAccountName=%s))'
    );

Active Directory by default does not allow anonymous binds. It's recommended that a proxy user is used that has sufficient rights to search the desired tree and attributes.

AUTHOR

Christian Hansen ch@ngmedia.com

COPYRIGHT

This program is free software, you can redistribute it and/or modify it under the same terms as Perl itself.