#!/usr/bin/perl -w {% if openvpn_ldap_perl_auth_ssl %} use Net::LDAPS; {% else %} use Net::LDAP; {% endif %} use strict; my $ldap; my $result; my $opt_uri = "{{ openvpn_ldap_host }}"; my $opt_user = $ENV{'username'}; my $opt_passwd = $ENV{'password'}; my $opt_group = "cn={{ openvpn_ldap_perl_auth_group }},{{ openvpn_ldap_group_base }}"; my $opt_binddn = "uid=".$opt_user.",{{ openvpn_ldap_base_dn }}"; {% if openvpn_ldap_perl_auth_ssl %} $ldap = Net::LDAPS->new($opt_uri, version => 3, port => '{{ openvpn_ldap_perl_auth_sslport }}', verify => 'require', {% if openvpn_ca_dir %} capath => '{{ openvpn_ldap_ca }}' {% else %} cafile => '{{ openvpn_ldap_ca }}' {% endif %} ) or die("LDAPS connect to $opt_uri failed!"); {% else %} $ldap = Net::LDAP->new($opt_uri) or die("LDAP connect to $opt_uri failed!"); {% endif %} {% if openvpn_ldap_nonanon_bind %} $result = $ldap->bind('{{ openvpn_ldap_binddn }}', password => '{{ openvpn_ldap_bindpwd }}'); {% else %} $result = $ldap->bind($opt_binddn, password => $opt_passwd); {% endif %} $result->code and die($result->error); $result = $ldap->search(base=>$opt_group, filter => "(&({{ openvpn_ldap_group_member_attr }}=$opt_user))"); $result->code(); if ($result->count == 1) { exit 0; } unless($result->count){ exit 1; }