NAME

Net::Radius::Server::Match::LDAP - Interaction with LDAP servers for RADIUS

SYNOPSIS

use Net::Radius::Server::Match::LDAP;

my $match = Net::Radius::Server::Match::LDAP->new({ ... });
my $match_sub = $match->mk;

DESCRIPTION

Net::Radius::Server::Match::LDAP is a packet match method factory. This allows a Net::Radius::Server(3) RADIUS server to process requests based on information stored in an LDAP directory. Additionally, information obtained from LDAP remains available for further rule methods to process.

See Net::Radius::Server::Match for general usage guidelines. The matching of RADIUS requests is controlled through arguments passed to the constructor, to specific accessors or to the factory method. There are generally, two types of arguments:

Extendable

Those are arguments that are passed directly to a Net::LDAP(3) method. Those arguments can receive either a scalar or a code ref.

If a scalar is supplied, this value is simply passed as-is to the undelying Net::LDAP(3) method.

If a code ref is supplied, it will be called as in

$sub->($obj, $hashref);

Where $obj is the Net::Radius::Server::Match::LDAP object and $hashref is the invocation hashref, as described in Net::Radius::Server(3). Whatever is returned by this sub will be used as the value for this attribute.

Indirect Extendable

The options that will be passed as named arguments to an underlying Net::LDAP(3) method. Generally speaking, those are attribute - value tuples specified within a listref, as in the following example.

->bind_opts([ password => 'mySikritPzwrd' ]);

Arguments are filtered to provide increased functionality. By prepending '_nrs_' to the argument name, Net::Radius::Server::Match::LDAP will use the return value of the supplied code ref as the value of the argument. The following example illustrates this:

->bind_ops([ _nrs_password => sub { 'mySikritPzwrd' } ]);

The code ref is invoked as in

$sub->($obj, $hashref)

Where $obj is the Net::Radius::Server::Match::LDAP object and $hashref is the invocation hashref, as described in Net::Radius::Server(3). Whatever is returned by this sub will be used as the value for this attribute.

The following arguments control the invocation of the Net::LDAP(3) underlying methods:

ldap_uri

The URI or host specification passed as the first argument of Net::LDAP-new()>. See Net::LDAP(3) for more information.

ldap_opts (Indirect Extendable)

The additional, named parameters passed to Net::LDAP-new()>. See Net::LDAP(3) for more information.

bind_dn (Extendable)

The DN specification passed as the first argument of Net::LDAP-bind()>. See Net::LDAP(3) for more information.

bind_opts (Indirect Extendable)

The additional, named parameters passed to Net::LDAP-bind()>. See Net::LDAP(3) for more information.

authenticate_from

Specify an optional RADIUS attribute from which to extract the password for binding to the LDAP directory. A password = $pass> argument tuple will be added to whatever was specified with bind_opts.

Optionally, this parameter can also be a code ref, in which case it will be called as in

$obj->authenticate_from->($hashref)

Where $hashref is the shared invocation hash. The return value of the function will be used as the actual password to use in the LDAP binding.

search_opts (Indirect Extendable)

The named paramenters passed to Net::LDAP-search()>. See Net::LDAP(3) for more information.

The underlying Net::LDAP(3) object first attempts to ->bind() when ->mk() is called. This binding is re-attempted later, when errors are seen, depending on the configuration arguments specified.

The match method will return NRS_MATCH_OK if no error results from the LDAP ->search().

The following methods control other aspects of the Net::Radius::Server::Match::LDAP:

store_result

When this argument is specified, the Net::LDAP::Result(3) object returned by the ->search() method in Net::LDAP(3) will be stored in the invocation hashref. The value of this argument controls the name of the hash key where this result will be stored.

This allows further methods (either on the same rule or in following rules) to use the information returned from an LDAP query for multiple purposes. You could, for example, locate a user's profile and allow later rules to translate that profile into RADIUS attributes in the response packet.

max_tries

When attempting LDAP queries, a failure will cause the re-attempt to issue the ->bind() call. This paramenter controls how many attempts are made. 2 attempts are made by default.

EXPORT

None by default.

HISTORY

$Log$
Revision 1.9  2006/12/14 16:33:17  lem
Rules and methods will only report failures in log level 3 and
above. Level 4 report success and failure, for deeper debugging

Revision 1.8  2006/11/15 03:11:22  lem
Minor indentation tweak

Revision 1.7  2006/11/15 01:57:37  lem
Fix CVS log in the docs

SEE ALSO

Perl(1), NetAddr::IP(3), Net::Radius::Server(3), Net::Radius::Server::Match(3), Net::LDAP(3).

AUTHOR

Luis E. Muñoz, <luismunoz@cpan.org>

COPYRIGHT AND LICENSE

Copyright (C) 2006 by Luis E. Muñoz

This library is free software; you can redistribute it and/or modify it under the same terms as Perl 5.8.6 itself.

1 POD Error

The following errors were encountered while parsing the POD:

Around line 372:

Non-ASCII character seen before =encoding in 'Muñoz,'. Assuming UTF-8