use CGI qw(:standard :cgi-lib); use strict; use Net::LDAP; print header; print "<html>"; foreach my $key (keys %ENV) { # print "$key $ENV{$key}<br />"; } # get the authenticated user (username@mit.edu) from the environment variable my $authuser = $ENV{SSL_CLIENT_S_DN_Email}; # strip off "@mit.edu" my @authuser = split(/@/, $authuser); $authuser = @authuser[0]; print "<p> The undecorated authenticated username is $authuser</p>"; # Now a connect to the ldap server my($ldap) = Net::LDAP->new("ldap.mit.edu") or die "Can't bind to ldap: $!\n"; # Note for a simple anonymous search using ldapv3 we don't need to perform a bind #$ldap->bind; # In this case we are search from the top of the directory and are searching subtrees. my($mesg) = $ldap->search( base =>"dc=mit,dc=edu", filter =>"(uid=$authuser)", scope =>"sub"); $mesg->code && die $mesg->error; # Since $mesg-code == 0, we found $authuser in the directory if( $mesg->count == 1){ print"<p>The entire directory was searched and one user ($authuser) was found.</p>"; } # Now, just for debugging / demonstration purposes we're going to print the retrieved entry #------------ # # Accessing the data as if in a structure # i.e. Using the "as_struct" method # my $href = $mesg->as_struct; # get an array of the DN names my @arrayOfDNs = keys %$href; # use DN hashes # process each DN using it as a key foreach ( @arrayOfDNs ) { print $_, "<p>"; my $valref = $$href{$_}; # get an array of the attribute names # passed for this one DN. my @arrayOfAttrs = sort keys %$valref; #use Attr hashes my $attrName; foreach $attrName (@arrayOfAttrs) { # skip any binary data: yuck! next if ( $attrName =~ /;binary$/ ); # get the attribute value (pointer) using the # attribute name as the hash my $attrVal = @$valref{$attrName}; print "\t $attrName: @$attrVal \n"; } print "</p>"; # End of that DN } # # end of as_struct method # #-------- # ------------------------ print "<br>"; print "<p> Now were going to search specific portions of the directory to determine what type "; print "of affiliation this user has to MIT."; print " This information can be used to make an authorization decision, if this is appropriate"; print " for your application or service.</p>"; # In this case we are search just the employees OU in the directory. my($mesg) = $ldap->search( base =>"ou=employees,dc=mit,dc=edu", filter =>"(uid=$authuser)", scope =>"one"); $mesg->code && die $mesg->error; if( $mesg->count == 0){ print"<p>$authuser does not appear as an employee in the directory</p>"; } if( $mesg->count == 1){ # if only one value was returned, then a pretty good assumption that we found # $authuser in the employee OU, but for this demonstration let's be sure to prove it #------------ # # Accessing the data as if in a structure # i.e. Using the "as_struct" method # my $href = $mesg->as_struct; # get an array of the DN names my @arrayOfDNs = keys %$href; # use DN hashes # process each DN using it as a key foreach ( @arrayOfDNs ) { my $valref = $$href{$_}; # get an array of the attribute names # passed for this one DN. my @arrayOfAttrs = sort keys %$valref; #use Attr hashes my $attrName; foreach $attrName (@arrayOfAttrs) { # skip any binary data: yuck! next if ( $attrName =~ /;binary$/ ); # get the attribute value (pointer) using the # attribute name as the hash my $attrVal = @$valref{$attrName}; #print "\t $attrName: @$attrVal \n"; if( $attrName eq "uid"){ print "<p>@$attrVal is an employee</p>"; } } # End of that DN } # # end of as_struct method # #-------- } #end of mesg-count == 1 # In this case we are search just the students OU in the directory. my($mesg) = $ldap->search( base =>"ou=students,dc=mit,dc=edu", filter =>"(uid=$authuser)", scope =>"one"); $mesg->code && die $mesg->error; if( $mesg->count == 0){ print"<p>$authuser does not appear as an student in the directory</p>"; } if( $mesg->count == 1){ # if only one value was returned, then a pretty good assumption that we found # $authuser in the student OU, but for this demonstration let's be sure to prove it #------------ # # Accessing the data as if in a structure # i.e. Using the "as_struct" method # my $href = $mesg->as_struct; # get an array of the DN names my @arrayOfDNs = keys %$href; # use DN hashes # process each DN using it as a key foreach ( @arrayOfDNs ) { my $valref = $$href{$_}; # get an array of the attribute names # passed for this one DN. my @arrayOfAttrs = sort keys %$valref; #use Attr hashes my $attrName; foreach $attrName (@arrayOfAttrs) { # skip any binary data: yuck! next if ( $attrName =~ /;binary$/ ); # get the attribute value (pointer) using the # attribute name as the hash my $attrVal = @$valref{$attrName}; #print "\t $attrName: @$attrVal \n"; if( $attrName eq "uid"){ print "<p>@$attrVal is an student</p>"; } } # End of that DN } # # end of as_struct method # #-------- } #end of mesg-count == 1 # In this case we are search just the affiliates OU in the directory. my($mesg) = $ldap->search( base =>"ou=affiliates,dc=mit,dc=edu", filter =>"(uid=$authuser)", scope =>"one"); $mesg->code && die $mesg->error; if( $mesg->count == 0){ print"<p>$authuser does not appear as an affiliate in the directory</p>"; } if( $mesg->count == 1){ # if only one value was returned, then a pretty good assumption that we found # $authuser in the affiliate OU, but for this demonstration let's be sure to prove it #------------ # # Accessing the data as if in a structure # i.e. Using the "as_struct" method # my $href = $mesg->as_struct; # get an array of the DN names my @arrayOfDNs = keys %$href; # use DN hashes # process each DN using it as a key foreach ( @arrayOfDNs ) { my $valref = $$href{$_}; # get an array of the attribute names # passed for this one DN. my @arrayOfAttrs = sort keys %$valref; #use Attr hashes my $attrName; foreach $attrName (@arrayOfAttrs) { # skip any binary data: yuck! next if ( $attrName =~ /;binary$/ ); # get the attribute value (pointer) using the # attribute name as the hash my $attrVal = @$valref{$attrName}; #print "\t $attrName: @$attrVal \n"; if( $attrName eq "uid"){ print "<p>@$attrVal is an affiliate</p>"; } } # End of that DN } # # end of as_struct method # #-------- } #end of mesg-count == 1 #$ldap->unbind; print "</html>";