forked from ISTI-ansible-roles/ansible-roles
43 lines
1.4 KiB
Django/Jinja
43 lines
1.4 KiB
Django/Jinja
#!/usr/bin/perl -w
|
|
|
|
{% if openvpn_ldap_perl_auth_ssl %}
|
|
use Net::LDAPS;
|
|
{% else %}
|
|
use Net::LDAP;
|
|
{% endif %}
|
|
use strict;
|
|
|
|
my $ldap;
|
|
my $result;
|
|
|
|
my $opt_uri = "{{ openvpn_ldap_host }}";
|
|
my $opt_user = $ENV{'username'};
|
|
my $opt_passwd = $ENV{'password'};
|
|
my $opt_group = "cn={{ openvpn_ldap_perl_auth_group }},{{ openvpn_ldap_group_base }}";
|
|
my $opt_binddn = "uid=".$opt_user.",{{ openvpn_ldap_base_dn }}";
|
|
|
|
{% if openvpn_ldap_perl_auth_ssl %}
|
|
$ldap = Net::LDAPS->new($opt_uri, version => 3,
|
|
port => '{{ openvpn_ldap_perl_auth_sslport }}',
|
|
verify => 'require',
|
|
{% if openvpn_ca_dir %}
|
|
capath => '{{ openvpn_ldap_ca }}'
|
|
{% else %}
|
|
cafile => '{{ openvpn_ldap_ca }}'
|
|
{% endif %}
|
|
) or die("LDAPS connect to $opt_uri failed!");
|
|
{% else %}
|
|
$ldap = Net::LDAP->new($opt_uri) or die("LDAP connect to $opt_uri failed!");
|
|
{% endif %}
|
|
|
|
{% if openvpn_ldap_nonanon_bind %}
|
|
$result = $ldap->bind('{{ openvpn_ldap_binddn }}', password => '{{ openvpn_ldap_bindpwd | default('') }}');
|
|
{% else %}
|
|
$result = $ldap->bind($opt_binddn, password => $opt_passwd);
|
|
{% endif %}
|
|
$result->code and die($result->error);
|
|
$result = $ldap->search(base=>$opt_group, filter => "(&({{ openvpn_ldap_group_member_attr }}=$opt_user))");
|
|
$result->code();
|
|
if ($result->count == 1) { exit 0; }
|
|
unless($result->count){ exit 1; }
|