I'm still completely at a loss as to how to make the plaintext password
supplied in the radius packet available to the module I am hacking for LDAP
authentication. My perl isnt up to spotting how to get the routines
elsewhere in Radiator to work for me and supply this. Please could someone
talk me through it? (slowly and with no long words, for preference!)
I'm running Radiator-2.14 under FreeBSD 3.2-Release with Perl version
5.005_03 built for i386-freebsd.
The relevant part of my config for testing this function is:
<Realm>
MaxSessions 2
<AuthBy NEWLDAP>
Host xxxxx.mcc.ac.uk
Port 389
BaseDN c=UK
UsernameAttr uid
CheckAttr checkitems
ReplyAttr replyitems
</AuthBy>
AcctLogFileName %L/LDAP-detail.%m%y
PasswordLogFileName %L/LDAP-passwd-log.%m%y
ExcludeFromPasswordLog xxxxxxxx yyyyyyy
RejectHasReason
</Realm>
The relevant portion of my optimistically-named NEWLDAP module is:
sub findUser
{
my ($self, $name, $p) = @_;
return (undef, 1) unless $self->reconnect;
return (undef, 1) unless $self->anonbind;
my $user;
my @attrs;
push(@attrs, $self->{CheckAttr}) if defined $self->{CheckAttr};
push(@attrs, $self->{ReplyAttr}) if defined $self->{ReplyAttr};
my $result = $self->{ld}->search
(base => $self->{BaseDN},
scope => 'sub',
filter => "($self->{UsernameAttr}=$name)",
attrs => \@attrs);
if (!$result || $result->code() != LDAP_SUCCESS)
{
my $code = $result ? $result->code() : -1;
my $errname = ldap_error_name($code);
$self->log($main::LOG_ERR, "ldap search failed with error
$errn
$self->{ld} = undef;
return (undef, 1);
}
my $entry = $result->entry(0);
if ($entry)
{
$user = new Radius::User;
my $dn = $entry->dn;
$self->log($main::LOG_DEBUG, "LDAP got result for $dn");
my ($attr);
foreach $attr ($entry->attributes())
{
my @vals = $entry->get($attr);
$self->log($main::LOG_DEBUG, "LDAP got $attr: @vals");
$attr = lc $attr;
if ($attr eq lc $self->{CheckAttr})
{
$user->get_check->parse(join ',', @vals);
}
elsif ($attr eq lc $self->{ReplyAttr})
{
$user->get_reply->parse(join ',', @vals);
}
}
}
else
{
$self->log($main::LOG_DEBUG, "No entries for $name found in LDAP
database");
$self->unbind;
return 0;
}
$self->unbind;
# Now we connect and do the login as the user.
return (undef, 1) unless $self->reconnect;
# THIS NEEDS TO BE FIXED
# As you can see, for testing, I've hard-coded a password, because
# trying to extract it directly doesnt seem to work... yet!
my $password = "monday";
# The commented out line below doesnt work!
# my $password = $self->decode_password($self->{Client}->{Secret});
my $result = $self->{ld}->bind ( dn => $entry->dn, password => $password);
if (!$result || $result->code() != LDAP_SUCCESS)
{
$self->log($main::LOG_DEBUG, "USER FAILED TO AUTHENTICATE");
my $code = $result ? $result->code() : -1;
my $error = ldap_error_name($code);
$self->log($main::LOG_DEBUG, "Error Code: $code\nError Name: $error");
$self->unbind;
return 0;
}
$self->log($main::LOG_DEBUG, "USER AUTHENTICATED!");
return $user;
}
1;
Advice, please?
I want to purchase Radiator (its currently on evaluation), but can't unless
what I'm trying to do is at least possible...
Thanks,
M.
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Mark O'Leary, | Voice: +44 (0161) 2756110 | Mark O'Leary,
Network Support Officer, | Fax: +44 (0161) 2756040 | Deputy Warden,
Manchester Computing, UK | Email: [EMAIL PROTECTED] | Moberly Hall, UoM.
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
