Skip to content

xcir/libvmod-ldap

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
m4
m4
 
 
src
src
 
 
.gitignore
.gitignore
 
 
COPYING
COPYING
 
 
LICENSE
LICENSE
 
 
Makefile.am
Makefile.am
 
 
README
README
 
 
README.rst
README.rst
 
 
autogen.sh
autogen.sh
 
 
configure.ac
configure.ac
 
 

Repository files navigation

vmod_ldap

LDAP module for Varnish

Author: Syohei Tanaka(@xcir)
Date: 2012-10-23
Version: 0.2
Manual section:3

SYNOPSIS

import ldap;

DESCRIPTION

simple authenticate

import ldap;

sub vcl_error {
  if (obj.status == 401) {
    set obj.http.WWW-Authenticate = {"Basic realm="Authorization Required""};
    synthetic {"Error 401 Unauthorized"};
    return(deliver);
  }
}

sub vcl_recv{

if(req.url ~ "^/member/"){
        if(!(req.http.Authorization && ldap.simple_auth(
                true,
                "cn=Manager,dc=ldap,dc=example,dc=com",
                "password",
                "ldap://192.168.1.1/ou=people,dc=ldap,dc=example,dc=com?uid?sub?(objectClass=*)",
                ldap.get_basicuser(),
                ldap.get_basicpass()
        ))){
                error 401;
        }
}

advanced authenticate

import ldap;

sub vcl_deliver {
  //close ldap
  ldap.close();
}
sub vcl_error {
  if (obj.status == 401) {
    set obj.http.WWW-Authenticate = {"Basic realm="Authorization Required""};
    synthetic {"Error 401 Unauthorized"};
    return(deliver);
  }
}

sub vcl_recv{

  if(req.url ~ "^/member/"){
        if(!(req.http.Authorization && ldap.open(
          true,
          "cn=Manager,dc=ldap,dc=example,dc=com",
          "password",
          "ldap://192.168.1.1/ou=people,dc=ldap,dc=example,dc=com?uid?sub?(objectClass=*)",
          ldap.get_basicuser(),
          ldap.get_basicpass()
        ))){
                error 401;
        }
        //compare group
        if(!ldap.compare("cn=test,ou=people,dc=ldap,dc=example,dc=com","memberUid")){ldap.close();error 401;}
        //compare user
        if(!require_user("uid=hogehoge,ou=people,dc=ldap,dc=example,dc=com")){ldap.close();error 401;}
        //authenticate user
        if(!ldap.bind()){ldap.close();error 401;}
        //close ldap
        ldap.close();
  }
}

FUNCTIONS

get_basicuser

Prototype
get_basicuser()
Return value
STRING
Description
get user name from Authorization header
Example
ldap.get_basicuser();

get_basicpass

Prototype
get_basicpass()
Return value
STRING
Description
get password from Authorization header
Example
ldap.get_basicpass();

simple_auth

Prototype
simple_auth(
    BOOL   isV3,
    STRING basedn,
    STRING pasepw,
    STRING searchdn,
    STRING user,
    STRING pass)
Return value
BOOL
Description
authenticate users
Example
import ldap;

sub vcl_recv{
  if(req.url ~ "^/member/"){
    if(!(req.http.Authorization && ldap.simple_auth(
        true,
        "cn=Manager,dc=ldap,dc=example,dc=com",
        "password",
        "ldap://192.168.1.1/ou=people,dc=ldap,dc=example,dc=com?uid?sub?(objectClass=*)",
        ldap.get_basicuser(),
        ldap.get_basicpass()
    ))){
        error 401;
    }
  }
}

open

Prototype
open(
    BOOL   isV3,
    STRING basedn,
    STRING pasepw,
    STRING searchdn,
    STRING user,
    STRING pass)
Return value
BOOL
Description
init ldap connection
Example
import ldap;

sub vcl_recv{
  if(req.url ~ "^/member/"){
    if(!(req.http.Authorization && ldap.simple_auth(
        true,
        "cn=Manager,dc=ldap,dc=example,dc=com",
        "password",
        "ldap://192.168.1.1/ou=people,dc=ldap,dc=example,dc=com?uid?sub?(objectClass=*)",
        ldap.get_basicuser(),
        ldap.get_basicpass()
    ))){
        error 401;
    }
  }
}

close

Prototype
close()
Return value
VOID
Description
close ldap connection
Example
ldap.close();

get_dn

Prototype
get_dn()
Return value
STRING
Description
get DN
Example
ldap.get_dn();

bind

Prototype
bind()
Return value
BOOL
Description
bind
Example
if(!ldap.bind()) {error 401;}

require_user

Prototype
require_user(STRING)
Return value
BOOL
Description
compare user
Example
if(!ldap.require_user("uid=hogehoge,ou=people,dc=ldap,dc=example,dc=com")) {error 401;}

compare

Prototype
compare(STRING, STRING)
Return value
BOOL
Description
compare
Example
if(!ldap.compare("cn=test,ou=people,dc=ldap,dc=example,dc=com","memberUid")) {error 401;}

compare_dn

Prototype
compare_dn(STRING, STRING)
Return value
BOOL
Description
compare
Example
if(!ldap.compare_dn("cn=test,ou=people,dc=ldap,dc=example,dc=com","memberUid")) {error 401;}

compare_attribute

Prototype
compare_attribute(STRING, STRING)
Return value
BOOL
Description
compare
Example
if(!ldap.compare_attribute("test","initials")) {error 401;}

INSTALLATION

Installation requires Varnish source tree.

Usage:

./autogen.sh
./configure VARNISHSRC=DIR [VMODDIR=DIR]

VARNISHSRC is the directory of the Varnish source tree for which to compile your vmod. Both the VARNISHSRC and VARNISHSRC/include will be added to the include search paths for your module.

Optionally you can also set the vmod install directory by adding VMODDIR=DIR (defaults to the pkg-config discovered directory from your Varnish installation).

Make targets:

  • make - builds the vmod
  • make install - installs your vmod in VMODDIR
  • make check - runs the unit tests in src/tests/*.vtc

HISTORY

Version 0.2: Bugfix: sometimes segfault on x86_64. Version 0.1: initial

COPYRIGHT

This document is licensed under the same license as the libvmod-rewrite project. See LICENSE for details.

  • Copyright (c) 2012 Syohei Tanaka(@xcir)

File layout and configuration based on libvmod-example

  • Copyright (c) 2011 Varnish Software AS

base64 based on libvmod-digest( https://github.com/varnish/libvmod-digest )

About

LDAP module for Varnish

Resources

Readme

License

Unknown, Unknown licenses found

Licenses found

Unknown
LICENSE
Unknown
COPYING
Activity

Stars

14 stars

Watchers

4 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages