# -*- tab-width: 8 -*-
# NOTE: This file uses 8-character tabs; do not change the tab size!

package C4::Auth_ldap;

# Copyright 2000-2002 Katipo Communications
#
# This file is part of Koha.
#
# Koha is free software; you can redistribute it and/or modify it under the
# terms of the GNU General Public License as published by the Free Software
# Foundation; either version 2 of the License, or (at your option) any later
# version.
#
# Koha is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with
# Koha; if not, write to the Free Software Foundation, Inc., 59 Temple Place,
# Suite 330, Boston, MA  02111-1307 USA

use strict;

use C4::Context;
use C4::Output;              # to get the template

use C4::Circulation::Circ2;  # getpatroninformation
use C4::Members;
use Net::LDAP;
use Net::LDAP qw(:all);

use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS);

# set the version for version checking
$VERSION = 0.01;

=head1 NAME

C4::Auth_ldap - Authenticates Koha users with Ldap password

=head1 SYNOPSIS
    
=head1 DESCRIPTION

    The main function of this module is to provide
    ldap authentification.

=head1 LDAP specific

    This module is specific to LDAP authentification. It requires Net::LDAP package and a working LDAP server.
	To use it :
	   * put ldap=1 in your koha.conf file.

	That should be enough.

=head1 FUNCTIONS

=over 2

=cut

# this checkpw is a LDAP based one
# it connects to LDAP (anonymous)
# it retrieve $userid a-login
# then compare $password with a-weak
# then get the LDAP entry
# and calls the memberadd if necessary

sub checkpw {
	my ($dbh, $userid, $password) = @_;
	if ($userid eq C4::Context->config('user') && $password eq C4::Context->config('pass')) {
		# Koha superuser account
		return 2;
	}
	##################################################
	### LOCAL
	### Change the code below to match your own LDAP server.
	##################################################
	# LDAP connexion parameters
	my $ldapserver = 'ldap1-serv.inrialpes.fr';
	# Infos to do an anonymous bind
	my $ldapinfos = 'ou=people,dc=inrialpes,dc=fr ';
	my $name  = "ou=people,dc=inrialpes,dc=fr";
	my $db = Net::LDAP->new( $ldapserver );
	
	# do an anonymous bind
	my $res =$db->bind( "uid=$userid,$name",password => $password);
	if (!defined($db)) {
	    print STDERR "Connection au serveur LDAP impossible!\n";
	    return 0;
	};
	# check connexion
	if($res->code) {
		# auth refused
		#warn "LDAP Auth: not binded";
		return 0;
	# search user
	} else {
		my $userdnsearch = $db->search(base => $name,
				filter =>"(uid=$userid)",
				);
		# compare a-weak with $password.
		# The a-weak LDAP field contains the password
		my $userldapentry=$userdnsearch -> shift_entry;
		
		# build LDAP hash
		my %memberhash;
		my $x =$userldapentry->{asn}{attributes};
		my $key;
		foreach my $k ( @$x) {
			foreach my $k2 (keys %$k) {
				if ($k2 eq 'type') {
					$key = $$k{$k2};
				} else {
					my $a = @$k{$k2};
					foreach my $k3 (@$a) {
						$memberhash{$key} .= $k3." ";
					}
				}
			}
		}
		#warn("Identification LDAP reussi pour $userid");
		return 1;
	}

	return 0;
}

END { }       # module clean-up code here (global destructor)
1;
__END__

=back

=head1 SEE ALSO

CGI(3)

C4::Output(3)

Digest::MD5(3)

=cut