Re: Pointers required on understanding LDAP Authenticating script for openvpn

Replies are listed 'Best First'.
Re^2: Pointers required on understanding LDAP Authenticating script for openvpn by shekarkcb (Beadle) on Apr 12, 2013 at 05:56 UTC
Thank you all for the reply. But i figured out some kind of workable solution. This code may not be the Perfect one, but it works for me. Any suggetion/ pointers to improve this code is greatly helpful. Thanks #!/usr/bin/perl -w use Net::LDAP; use strict; use Data::Dumper; my $ldap; my $result; my $opt_uri = "ldap://localhost"; my $opt_user = $ENV{'username'}; my $opt_passwd = $ENV{'password'}; my $opt_common = $ENV{'common_name'}; unless (defined $opt_user or defined $opt_passwd) { print qq{ OOPS, I haven't recceived any username/password... Exiting \n }; exit 1; } my $opt_group = "cn=VpnUsers,ou=Groups,dc=mywebsite,dc=com"; my $opt_binddn = "uid=".$opt_user.",ou=People,dc=mywebsite,dc=com"; $ldap = Net::LDAP->new($opt_uri) or die("connect $opt_uri failed!"); $result = $ldap->bind( $opt_binddn, password=>$opt_passwd); $result->code and $result = $ldap->bind("uid=".$opt_user.",ou=firstOU, +dc=mywebsite,dc=com", password=>$opt_passwd); if($result->code) { print "got code froom firstOU check, THIS PERSON IS NOT PART OF fi +rstOU... CHECKING IN secondOU\n"; $result = $ldap->bind($opt_binddn, password=>$opt_passwd); $result->code and $result = $ldap->bind("uid=".$opt_user.",ou=seco +ndOU,dc=mywebsite,dc=com", password=>$opt_passwd); if($result->code) { print "got code from secondOU check, THIS PERSON IS NOT PART O +F secondOU. CHECKING IN thirdOU\n"; $result = $ldap->bind($opt_binddn, password=>$opt_passwd); $result->code and $result = $ldap->bind("uid=".$opt_user.",ou= +thirdOU,dc=mywebsite,dc=com", password=>$opt_passwd); if($result->code) { print "got code from thirdOU check, THIS PERSON IS NOT PAR +T OF thirdOU... CHECKING IN fourthOU\n"; $result = $ldap->bind($opt_binddn, password=>$opt_passwd); $result->code and $result = $ldap->bind("uid=".$opt_user." +,ou=fourthOU,dc=mywebsite,dc=com", password=>$opt_passwd); $result->code and die($result->error); $result = $ldap->search(base=>$opt_group, filter=>"(&(memb +erUid=$opt_user))"); if ($result->count == 1) { print "SEARCHIN IN fourthOU for vpnusers\n"; exit 0; } else { exit 1; } } else { $result = $ldap->search(base=>$opt_group, filter=>"(&(memb +erUid=$opt_user))"); if ($result->count == 1) { print "SEARCHIN IN thirdOU for vpnuser access\n"; exit 0; } else { exit 1; } } } else { $result = $ldap->search(base=>$opt_group, filter=>"(&(memberUi +d=$opt_user))"); if ($result->count == 1) { print "SEARCHIN IN secondOU for vpnuser access\n"; exit 0; } else { exit 1; } } } else { print "THIS PERSON IS IN firstOU...\n"; $result->code and die($result->error); $result = $ldap->search(base=>$opt_group, filter=>"(&(memberUid=$o +pt_user))"); $result->code(); if ($result->count == 1) { exit 0; } else { exit 1; } } [download]	[reply] [d/l]

Replies are listed 'Best First'.

Re^2: Pointers required on understanding LDAP Authenticating script for openvpn
by shekarkcb (Beadle) on Apr 12, 2013 at 05:56 UTC

#!/usr/bin/perl -w
use Net::LDAP;
use strict;
use Data::Dumper;

my $ldap;
my $result;

my $opt_uri = "ldap://localhost";
my $opt_user = $ENV{'username'};
my $opt_passwd = $ENV{'password'};
my $opt_common = $ENV{'common_name'};


unless (defined $opt_user or defined $opt_passwd) {
    print qq{
        OOPS, I haven't recceived any username/password... Exiting
\n    };
    exit 1;
}
    

my $opt_group = "cn=VpnUsers,ou=Groups,dc=mywebsite,dc=com";

my $opt_binddn = "uid=".$opt_user.",ou=People,dc=mywebsite,dc=com";

$ldap = Net::LDAP->new($opt_uri) or die("connect $opt_uri failed!");

$result = $ldap->bind( $opt_binddn, password=>$opt_passwd);


$result->code and $result = $ldap->bind("uid=".$opt_user.",ou=firstOU,
+dc=mywebsite,dc=com", password=>$opt_passwd);
if($result->code) {
    print "got code froom firstOU check, THIS PERSON IS NOT PART OF fi
+rstOU... CHECKING IN secondOU\n";
    $result = $ldap->bind($opt_binddn, password=>$opt_passwd);
    $result->code and $result = $ldap->bind("uid=".$opt_user.",ou=seco
+ndOU,dc=mywebsite,dc=com", password=>$opt_passwd);
    if($result->code) {
        print "got code from secondOU check, THIS PERSON IS NOT PART O
+F secondOU. CHECKING IN thirdOU\n";
        $result = $ldap->bind($opt_binddn, password=>$opt_passwd);
        $result->code and $result = $ldap->bind("uid=".$opt_user.",ou=
+thirdOU,dc=mywebsite,dc=com", password=>$opt_passwd);
        if($result->code) {
            print "got code from thirdOU check, THIS PERSON IS NOT PAR
+T OF thirdOU... CHECKING IN fourthOU\n";
            $result = $ldap->bind($opt_binddn, password=>$opt_passwd);
            $result->code and $result = $ldap->bind("uid=".$opt_user."
+,ou=fourthOU,dc=mywebsite,dc=com", password=>$opt_passwd);
            $result->code and die($result->error);
            $result = $ldap->search(base=>$opt_group, filter=>"(&(memb
+erUid=$opt_user))");
            if ($result->count == 1) {
                print "SEARCHIN IN fourthOU for vpnusers\n"; 
                exit 0; 
            } else {
                exit 1;
            }
        } else {
            $result = $ldap->search(base=>$opt_group, filter=>"(&(memb
+erUid=$opt_user))");
            if ($result->count == 1) { 
                print "SEARCHIN IN thirdOU for vpnuser access\n"; 
                exit 0; 
            } else {
                exit 1;
            }
        }            
    } else {
        $result = $ldap->search(base=>$opt_group, filter=>"(&(memberUi
+d=$opt_user))");
        if ($result->count == 1) { 
                print "SEARCHIN IN secondOU for vpnuser access\n"; 
            exit 0; 
        } else {
            exit 1;
        }
    }
} else {
    print "THIS PERSON IS IN firstOU...\n";
    $result->code and die($result->error);
    $result = $ldap->search(base=>$opt_group, filter=>"(&(memberUid=$o
+pt_user))");
    $result->code();
    if ($result->count == 1) { 
        exit 0; 
    } else {
        exit 1;
    }
 }
[download]

[reply]
[d/l]