Purdue University

Identity and Access Management

IAMO Home > Services > Web Page / Application Authentication > I2A2 >

I2A2 Examples in Perl

I2A2 Examples in Perl

Many (but not all) of the examples on this page use the Net::Telnet module to make a connection to the I2A2 DBMs.

i2a2-auth.pl

The i2a2-auth.pl file contains a Perl script, written by Ron Kittendorf, that shows how to use the Net::LDAP Perl module to bind via the I2A2 LDAP protocol converter. The script uses the Net::LDAP module, available at the Perl LDAP Homepage. Don't overlook the Net::LDAP module's requirements, described on the Perl LDAP Homepage. Those requirements include the packages Convert::ASN1, Net::SSLeay, and a special package combination requirement for Net::LDAP with IO::Socket::SSL.

The package combination requirement is that Net::LDAP version 0.25 will work with IO::Socket::SSL version 0.80 (It will NOT work with version 0.81.), or Net::LDAP version 0.26 will work with IO::Socket:SSL version 0.901 or 0.95 (It will NOT work with version 0.81 or 0.90.) No other Net::LDAP and IO::Socket:SSL combinations have been tested (e.g., Net::LDAP 0.26 with IO:Socket:SSL 0.80).

$ perl i2a2-auth.perl <puid> <password>
Subject DN: ...
CA: ...
RDN: ...
Successful bind! (or) Error during bind: ...

<puid> must have a coordinated career account alias associated with it, and the alias may be used in place of <puid>

i2a2-ident.pl

The i2a2-ident.pl file contains a Perl script, written by Ron Kittendorf, that shows how to use the Net::LDAP Perl module to do searches via the I2A2 LDAP protocol converter. The script uses the Net::LDAP module, available at the Perl LDAP Homepage Don't overlook the Net::LDAP module's requirements, described on the Perl LDAP Homepage.

$ perl i2a2-ident.perl uid=<alias>

----------------------------------------------------------------
cn: ...
givenname: ...
objectclass: top puidObject uidObject
puid: ...
sn: ...
uid: <alias>
----------------------------------------------------------------

** Entries returned: 1 **

A PUID or a common name may also be used as search keys -- e.g.,

$ perl i2a2-ident.pl puid=...
$ perl i2a2-ident.pl cn=...

lookup.pl

The lookup.pl example allows lookups in the Reflector by PUID, alias, name or regular expression. To make it easier to follow, it doesn't use the constants in puidnetd.ph like the other examples. Therefore, it may not work if the protocol is changed in the future (and would be painful to correct). When writing scripts, you should use the constants in puidnetd.ph like the other examples.

The example determines the type of each of its arguments, (puid, alias, name, or regular expression), and performs the appropriate lookup in the Reflector.

$ perl lookup.pl 'jeff.*stewart' jsmith 00100-99899
The request "lr,,jeff.*stewart": failed:
        Error: 17
        MSG: Person not found (75)
        MSG: There are 2 possible matches:
        MSG:   10226466(jws) JEFF W STEWART
        MSG:   10348429(milllo) JEFFREY BENEDICT STEWART

The request "lajsmith": succeeded:
        Name: JEFFREY M SMITH
        PUID: 10254533
        Alias: jsmith

The request "lp010099899": succeeded:
        Name: WILLIAM I BORMANN
        PUID: 10099899
        Alias: wbormann          
        

DBparse.pl

The DBparse function (DBparse.pl) parses the reply from the DBM into a Perl HASH, where each field is stored by its type. This function uses constants from puidnetd.ph.

$fields = DBparse($reply);
printf "The puid for %s is $s\n",
  $fields{&I2A2::PUIDNETD_DATA_AKA},
  $fields{&I2A2::PUIDNETD_DATA_PUID};        
        

char.pl

The char.pld example looks up each of its arguments, either characteristic numbers or names, and prints the mapping. This example uses constants from puidnetd.ph and the DBparse() function from DBparse.pl.

$ perl char.pl employee "Campus: 1 West Lafayette" 1 3229
w
employee -> 0
Campus: 1 West Lafayette -> 2029
      1 -> Student
   3229 -> Department: 1408 COMPUTING CENTER        
        

charchk.pl

The charchk.pl example is a more complicated one that issues many requests and then processes the responses to get better throughput. This example uses constants from puidnetd.ph.

charchk.pl reads a file of characteristic names and looks them up in the Authorizer. If given the "-l" option, it will print the mapping for the characteristic.

charcvt.pl

The charcvt.pl script contains an even more complicated example. This is the script that converts characteristic names in httpd.conf (or .htaccess) templates into their corresponding characteristic numbers. It will optionally lookup aliases and puids. This example uses constants from puidnetd.ph and the DBparse() function from DBparse.pl.

$ perl charcvt.pl -h
charcvt.pl usage: [-c] [-h] [-l] [-v] [files]
-c  output original "CharsExp" lines as comments
-h  produce help output
-l  lookup PUIDs and aliases
-v  verbose display of PUIDS and aliases 

$ cat input
# Any text that doesn't begin with charsexp (ignoring case) is
# passed through untouched.  Aliases and PUIDs in allowuser and denyuser
# lines will be looked up if '-l' or '-v' is given.
  AllowUser jws junk
  CharsExp ("Employee" | "Student") & "Campus: 1 West Lafayette"

$ perl charcvt.pl -c -v < input > output
 **         jws: 00102-26466 JEFF W STEWART # due to -v option
 ** junk: Person not found (75)

$ cat output
# Any text that doesn't begin with charsexp (ignoring case) is
# passed through untouched.  Aliases and PUIDs in allowuser and denyuser
# lines will be looked up if '-l' or '-v' is given.
  AllowUser jws junk
#   CharsExp ("Employee" | "Student") & "Campus: 1 West Lafayette"
  CharsExp ( 0 | 1 ) & 2029        
        

sslrefl.pl

The sslrefl.pl example contains a sample client that makes an SSL connection to the I2A2 reflector net daemon and exchanges external protocol information with it. Client-side authentication will occur if public and private certificates are provided. This example uses constants from puidnetd.ph and the DBparse() function from DBparse.pl.

This example requires version 1.30 or later of the I2A2::DB package, first released with the 0.5 Beta release of I2A2.

sslrefl.pl [-c cpath] [-d dir] [-h] [pub|priv]
    -c cpath  set Certificate Authority PEM path
    -d dir    set Certificate Authority directory path
              (/opt/openssl/certs)
    -h        print this (Help) output
     pub      path to client's public certificate
     priv     path to client's private certificate        
        

When a client certificate and it's private key are supplied (pub & priv), a client-side SSL connection is attempted. Otherwise, a server-side SSL connection is made.

After a connection is established, commands may be entered in the I2A2 external protocol. Results are parsed and displayed in a more human readable form.