DOKK / manpages / debian 11 / libauthen-simple-ldap-perl / Authen::Simple::LDAP.3pm.en
Authen::Simple::LDAP(3pm) User Contributed Perl Documentation Authen::Simple::LDAP(3pm)

Authen::Simple::LDAP - Simple LDAP authentication

    use Authen::Simple::LDAP;
    
    my $ldap = Authen::Simple::LDAP->new( 
        host    => 'ldap.company.com',
        basedn  => 'ou=People,dc=company,dc=net'
    );
    
    if ( $ldap->authenticate( $username, $password ) ) {
        # successfull authentication
    }
    
    # or as a mod_perl Authen handler
    
    PerlModule Authen::Simple::Apache
    PerlModule Authen::Simple::LDAP
    PerlSetVar AuthenSimpleLDAP_host   "ldap.company.com"
    PerlSetVar AuthenSimpleLDAP_basedn "ou=People,dc=company,dc=net"
    <Location /protected>
      PerlAuthenHandler Authen::Simple::LDAP
      AuthType          Basic
      AuthName          "Protected Area"
      Require           valid-user
    </Location>

Authenticate against a LDAP service.

new

This method takes a hash of parameters. The following options are valid:

  • host

    Connection host, can be a hostname, IP number or a URI. Defaults to "localhost".

        host => ldap.company.com
    host => 10.0.0.1
    host => ldap://ldap.company.com:389
    host => ldaps://ldap.company.com
  • port

    Connection port, default to 389. May be overridden by host if host is a URI.

        port => 389
  • timeout

    Connection timeout, defaults to 60.

        timeout => 60
  • version

    The LDAP version to use, defaults to 3.

        version => 3
  • binddn

    The distinguished name to bind to the server with, defaults to bind anonymously.

        binddn => 'uid=proxy,cn=users,dc=company,dc=com'
  • bindpw

    The credentials to bind with.

        bindpw => 'secret'
  • basedn

    The distinguished name of the search base.

        basedn => 'cn=users,dc=company,dc=com'
  • filter

    LDAP filter to use in search, defaults to "(uid=%s)".

        filter => '(uid=%s)'
  • scope

    The search scope, can be "base", "one" or "sub", defaults to "sub".

        filter => 'sub'
  • log

    Any object that supports "debug", "info", "error" and "warn".

        log => Log::Log4perl->get_logger('Authen::Simple::LDAP')
authenticate( $username, $password )

Returns true on success and false on failure.

    my $ldap = Authen::Simple::LDAP->new(
        host    => 'od.company.com',
        basedn  => 'cn=users,dc=company,dc=com',
        filter  => '(&(objectClass=inetOrgPerson)(objectClass=posixAccount)(uid=%s))'
    );


    my $ldap = Authen::Simple::LDAP->new(
        host    => 'ad.company.com',
        binddn  => 'proxyuser@company.com',
        bindpw  => 'secret',
        basedn  => 'cn=users,dc=company,dc=com',
        filter  => '(&(objectClass=organizationalPerson)(objectClass=user)(sAMAccountName=%s))'
    );

Active Directory by default does not allow anonymous binds. It's recommended that a proxy user is used that has sufficient rights to search the desired tree and attributes.

Authen::Simple::ActiveDirectory.

Authen::Simple.

Net::LDAP.

Christian Hansen "chansen@cpan.org"

This program is free software, you can redistribute it and/or modify it under the same terms as Perl itself.

2021-01-04 perl v5.32.0