NAME

Net::Squid::Auth::Plugin::SimpleLDAP - A simple LDAP-based credentials validation plugin for Net::Squid::Auth::Engine

VERSION

version 0.1.84

SYNOPSIS

If you're a system administrator trying to use Net::Squid::Auth::Engine to validate your user's credentials using a LDAP server as a credentials repository, do as described here:

On $Config{InstallScript}/squid-auth-engine's configuration file:

plugin = SimpleLDAP
<SimpleLDAP>
  # LDAP server
  server = myldap.server.somewhere       # mandatory

  # connection options
  <NetLDAP>                              # optional section with
    port = N                             #   Net::LDAP's
    scheme = 'ldap' | 'ldaps' | 'ldapi'  #     constructor
    ...                                  #     options
  </NetLDAP>

  # bind options
  binddn = cn=joedoe                     # mandatory
  bindpw = secretpassword                # mandatory

  # search options
  basedn = ou=mydept,o=mycompany.com     # mandatory
  objclass = inetOrgPerson               # opt, default "person"
  userattr = uid                         # opt, default "cn"
  passattr = password                    # opt, default "userPassword"
</SimpleLDAP>

Unless configured otherwise, this module will assume the users in your LDAP directory belong to the object class person, as defined in section 3.12 of RFC 4519, and the user and password information will be looked for in the cn and userPassword attributes, respectively. Although you can choose to use any other pair of attributes, the userattr can be set to DN, while the passattr can not.

On your Squid HTTP Cache configuration:

auth_param basic /usr/bin/squid-auth-engine /etc/squid-auth-engine.conf

And you're ready to use this module.

If you're a developer, you might be interested in reading through the source code of this module, in order to learn about it's internals and how it works. It may give you ideas about how to implement other plugin modules for Net::Squid::Auth::Engine.

METHODS

new( $config_hash )

Constructor. Expects a hash reference with all the configuration under the section <SimpleLDAP> in the $Config{InstallScript}/squid-auth-engine as parameter. Returns a plugin instance.

initialize()

Initialization method called upon instantiation. This provides an opportunity for the plugin initialize itself, stablish database connections and ensure it have all the necessary resources to verify the credentials presented. It receives no parameters and expect no return values.

_search()

Searches the LDAP server. It expects one parameter with a search string for the username. The search string must conform with the format used in LDAP queries, as defined in section 3 of RFC 4515.

is_valid( $username, $password )

This is the credential validation interface. It expects a username and password as parameters and returns a boolean indicating if the credentials are valid (i.e., are listed in the configuration file) or not.

config( $key )

Accessor for a configuration setting given by key.

ACKNOWLEDGEMENTS

Luis "Fields" Motta Campos <lmc at cpan.org>, who could now say:

"The circle is now complete. When I left you, I was but the learner; now *I* am the master."

To what I'd reply:

"Only a master of Perl, Fields"

SUPPORT

Perldoc

You can find documentation for this module with the perldoc command.

perldoc Net::Squid::Auth::Plugin::SimpleLDAP

Websites

The following websites have more information about this module, and may be of help to you. As always, in addition to those websites please use your favorite search engine to discover more resources.

Email

You can email the author of this module at RUSSOZ at cpan.org asking for help with any problems you have.

Internet Relay Chat

You can get live help by using IRC ( Internet Relay Chat ). If you don't know what IRC is, please read this excellent guide: http://en.wikipedia.org/wiki/Internet_Relay_Chat. Please be courteous and patient when talking to us, as we might be busy or sleeping! You can join those networks/channels and get help:

  • irc.perl.org

    You can connect to the server at 'irc.perl.org' and join this channel: #sao-paulo.pm then talk to this person for help: russoz.

Bugs / Feature Requests

Please report any bugs or feature requests by email to bug-net-squid-auth-plugin-simpleldap at rt.cpan.org, or through the web interface at http://rt.cpan.org/NoAuth/ReportBug.html?Queue=Net-Squid-Auth-Plugin-SimpleLDAP. You will be automatically notified of any progress on the request by the system.

Source Code

The code is open to the world, and available for you to hack on. Please feel free to browse it and play with it, or whatever. If you want to contribute patches, please send me a diff or prod me to pull from your repository :)

https://github.com/russoz/Net-Squid-Auth-Plugin-SimpleLDAP

git clone https://github.com/russoz/Net-Squid-Auth-Plugin-SimpleLDAP.git

AUTHOR

Alexei Znamensky <russoz@cpan.org>

COPYRIGHT AND LICENSE

This software is copyright (c) 2012 by Alexei Znamensky.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.

BUGS AND LIMITATIONS

You can make new bug reports, and view existing ones, through the web interface at http://rt.cpan.org.

DISCLAIMER OF WARRANTY

BECAUSE THIS SOFTWARE IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE SOFTWARE, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE SOFTWARE "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE SOFTWARE IS WITH YOU. SHOULD THE SOFTWARE PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR, OR CORRECTION.

IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE SOFTWARE AS PERMITTED BY THE ABOVE LICENCE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE SOFTWARE (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE SOFTWARE TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.