Ldap authentication

Hi Jesse,

I gave up on the external authentication :frowning: … but now I think I like
this approach better.

What I’ve got here is a very quick hack to the autohandler code which
checks passwords against ldap. This uses perl-ldap. It will do it for
all people other than the RT ‘root’ user. If there is an error generated
logging in, I’m passing it back to get displayed.

Jesse, did I put the $session lines in the correct place?

Please let me know if this works for anyone else or if anyone comes up
with better error handling. Thanks to Teo for suggesting to put this in

I should also note, that I changed LookUpExternalUserInfo in config.pm
(this with the ldap mod seems to work) to set the user name like this :

($params(‘Name’), undef) = split(/@/, $EmailAddress,2);


If the user is loging in, let’s authenticate

elsif (defined ($user) && defined ($pass)){

$session{'CurrentUser'} = RT::CurrentUser->new();

# paul rossman 21-Sept-2001
# pdr@fluent.com
# allows the auth of all users but 'root' with ldap
# modify the server and dn vars for your site
# using perl-ldap from http://perl-ldap.sourceforge.net

unless ($user eq "root") {
	use Net::LDAP qw(:all);
	use Net::LDAP::Util qw(ldap_error_text ldap_error_name


	my $server = "ldap.YOURDOMAIN.COM";
	my $dn = "uid=" . $user . ",ou=People,o=YOURDOMAIN";
	my $ldap = Net::LDAP->new($server) or die "$@";
	my $result = $ldap->bind($dn, password=> $pass);
	my $verbosemesg = ldap_error_name($result->code);

	unless ($verbosemesg eq "LDAP_SUCCESS") {
		# add the login failed header to the same mesg var
		$verbosemesg = "Login failed: " . $verbosemesg;
		delete $session{'CurrentUser'};
		$m->comp('/Elements/Login', Error => $verbosemesg, %ARGS);

} else {

	unless ($session{'CurrentUser'}->id() ) {
		delete $session{'CurrentUser'};
		$m->comp('/Elements/Login', %ARGS, Error=> 'Your username or password

is incorrect’);
unless ($session{‘CurrentUser’}->IsPassword($pass)) {
delete $session{‘CurrentUser’};
$m->comp(’/Elements/Login’, Error => ‘Your username or password is
incorrect’, %ARGS);

ldap_autohandler_rt207.txt (1.43 KB)