ENH: Added ldap password script.

conf/core/usersources.ini.template

@@ -25,6 +25,7 @@ defaultRealm = PAM
 
 [PAM]
 class = caosdb.server.accessControl.Pam
+; pam_script = "./misc/pam_authentication/pam_authentication.sh"
 default_status = ACTIVE
 ;include.user = [uncomment and put your users here]
 ;include.group = [uncomment and put your groups here]

misc/pam_authentication/ldap.conf

+# This file is sourced by the LDAP authentication script
+
+
+# Set the ldap server here.  This is also used to generate a fully qualified
+# user name.
+
+# LDAP_SERVER="example.com"

misc/pam_authentication/ldap_authentication.sh

+#!/bin/bash
+
+# ** header v3.0
+# This file is a part of the CaosDB Project.
+#
+# Copyright (c) 2020 IndiScale GmbH
+# Copyright (c) 2020 Daniel Hornung <d.hornung@indiscale.com>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
+#
+# ** end header
+
+# Try to authenticate a user ($1) with a password ($2) via LDAP
+
+# set LDAP_SERVER here
+# e.g. `LDAP_SERVER=example.com`
+. ldap.conf
+
+username="${1}@${LDAP_SERVER}"
+pw="$2"
+
+if ldapwhoami -x -H "ldap://$LDAP_SERVER" -D "$username" -w "$pw" ; then
+    echo "[OK]"
+    exit 0
+else
+    echo "[FAILED]"
+    exit 1
+fi
+
+
+