Day: January 31, 2013

Simple LDAP Caching Unix Daemon

Simple LDAP Caching Unix Daemon

Introduction-

I wrote this simple LDAP Caching unix daemon 2 yrs back when we faced lot of issue with Integrating Apache with LDAP authentication
using Apache ldap auth module. We were able to configure it properly however we faced slowness issue.

Basically We wanted to use Nagios (Check_mk Multisite) with LDAP authentication. So we wrote this unix daemon.
As of now this is very simple (no theading/forking and it is blocking) However it is working perfectly without any issue (for Nagios web interface authentication and few other web based tools, around 300+ users).

Download Perl files-

* ldapcached.pl
http://www.indiangnu.org/wp-content/uploads/2013/ldapcached-pl.txt

* ldapcached-client.pl
http://www.indiangnu.org/wp-content/uploads/2013/ldapcached-client-pl.txt

* Custom Apache Handler – to use this daemon for basic authentication
http://www.indiangnu.org/wp-content/uploads/2013/MyHandler-pm.txt

root@arunb:~# cat /etc/init.d/ldapcached-initd.pl
#!/usr/bin/perl
use strict;
use warnings;
use Proc::Daemon;

no warnings ‘uninitialized’;
if ( $ARGV[0] =~ m/start/ ) {
Proc::Daemon::Init;
my $continue = 1;
$SIG{TERM} = sub { $continue = 0 };
while ($continue) { eval { `/usr/local/ldapcached.pl –daemon`;};}

} else { print ” * Usage: $0 {start}”;}
#end
print “\n”;
root@arunb:~#

Step 1] Run Daemon – (edit LDAP related varibles)

Copy ldapcached.pl perl file at following location on your system /usr/local/ldapcached.pl
OR Change path in “ldapcached-initd.pl” startup file

* Start process-

root@:~# /etc/init.d/ldapcached-initd.pl start
root@:~#

* Make sure only one ldapcached process running?

root@:~# ps aux | grep ldap | grep -v grep
root 19441 0.0 0.0 6212 1408 ? S 15:03 0:00 /usr/bin/perl /etc/init.d/ldapcached-initd.pl start
root 19442 0.0 0.2 8656 4916 ? S 15:03 0:00 ldapcached
root@:~#

Step 2] How to test-

root@:~$ perl ldapcached-client.pl –client ‘my-ldap-user’ ‘my-ldap-pass’
Failed
root@:~$

root@:~$ perl ldapcached-client.pl –client ‘my-ldap-user’ ‘my-ldap-pass’
Pass
root@:~$

Step 3] How I should use/integrate in Application-

Say I want to use this ldapcached unix daemon for Apache/Basic Authentication –

NOTE- Make sure to copy MyHandler.pm module in Perl module directory or Check Apache error log for any error.

ScriptAlias /nagios/cgi-bin “/usr/lib64/nagios/cgi”

<Directory “/usr/lib64/nagios/cgi”>
Order allow,deny
Allow from all
AuthType Basic
AuthName “Nagios GUI”
PerlAuthenHandler Apache::MyHandler
Require valid-user
</Directory>

Thank you,
Arun