From d5e6e50b4f5250444544f7c96118776d2bcf33d1 Mon Sep 17 00:00:00 2001
From: Daniel <daniel@harvey>
Date: Fri, 7 Feb 2020 10:39:41 +0100
Subject: [PATCH] ENH: Added ldap password script.

---
 conf/core/usersources.ini.template            |  1 +
 misc/pam_authentication/ldap.conf             |  7 ++++
 .../pam_authentication/ldap_authentication.sh | 42 +++++++++++++++++++
 3 files changed, 50 insertions(+)
 create mode 100644 misc/pam_authentication/ldap.conf
 create mode 100644 misc/pam_authentication/ldap_authentication.sh

diff --git a/conf/core/usersources.ini.template b/conf/core/usersources.ini.template
index df221ef5..9f821e2c 100644
--- a/conf/core/usersources.ini.template
+++ b/conf/core/usersources.ini.template
@@ -25,6 +25,7 @@ defaultRealm = PAM
 
 [PAM]
 class = caosdb.server.accessControl.Pam
+; pam_script = "./misc/pam_authentication/pam_authentication.sh"
 default_status = ACTIVE
 ;include.user = [uncomment and put your users here]
 ;include.group = [uncomment and put your groups here]
diff --git a/misc/pam_authentication/ldap.conf b/misc/pam_authentication/ldap.conf
new file mode 100644
index 00000000..aca5b049
--- /dev/null
+++ b/misc/pam_authentication/ldap.conf
@@ -0,0 +1,7 @@
+# This file is sourced by the LDAP authentication script
+
+
+# Set the ldap server here.  This is also used to generate a fully qualified
+# user name.
+
+# LDAP_SERVER="example.com"
diff --git a/misc/pam_authentication/ldap_authentication.sh b/misc/pam_authentication/ldap_authentication.sh
new file mode 100644
index 00000000..3b64a295
--- /dev/null
+++ b/misc/pam_authentication/ldap_authentication.sh
@@ -0,0 +1,42 @@
+#!/bin/bash
+
+# ** header v3.0
+# This file is a part of the CaosDB Project.
+#
+# Copyright (c) 2020 IndiScale GmbH
+# Copyright (c) 2020 Daniel Hornung <d.hornung@indiscale.com>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
+#
+# ** end header
+
+# Try to authenticate a user ($1) with a password ($2) via LDAP
+
+# set LDAP_SERVER here
+# e.g. `LDAP_SERVER=example.com`
+. ldap.conf
+
+username="${1}@${LDAP_SERVER}"
+pw="$2"
+
+if ldapwhoami -x -H "ldap://$LDAP_SERVER" -D "$username" -w "$pw" ; then
+    echo "[OK]"
+    exit 0
+else
+    echo "[FAILED]"
+    exit 1
+fi
+
+
+
-- 
GitLab