NAME

Catalyst::Authentication::Store::LDAP::Backend - LDAP authentication storage backend.

SYNOPSIS

# you probably just want Store::LDAP under most cases,
# but if you insist you can instantiate your own store:

use Catalyst::Authentication::Store::LDAP::Backend;

use Catalyst qw/
    Authentication
    Authentication::Credential::Password
/;

my %config = (
        'ldap_server' => 'ldap1.yourcompany.com',
        'ldap_server_options' => {
            'timeout' => 30,
        },
        'binddn' => 'anonymous',
        'bindpw' => 'dontcarehow',
        'start_tls' => 1,
        'start_tls_options' => {
            'verify' => 'none',
        },
        'user_basedn' => 'ou=people,dc=yourcompany,dc=com',
        'user_filter' => '(&(objectClass=posixAccount)(uid=%s))',
        'user_scope' => 'one',  # or 'sub' for Active Directory
        'user_field' => 'uid',
        'user_search_options' => {
            'deref' => 'always',
        },
        'user_results_filter' => sub { return shift->pop_entry },
        'entry_class' => 'MyApp::LDAP::Entry',
        'user_class' => 'MyUser',
        'use_roles' => 1,
        'role_basedn' => 'ou=groups,dc=yourcompany,dc=com',
        'role_filter' => '(&(objectClass=posixGroup)(member=%s))',
        'role_scope' => 'one',
        'role_field' => 'cn',
        'role_value' => 'dn',
        'role_search_options' => {
            'deref' => 'always',
        },
        'role_search_as_user' => 0,
);

our $users = Catalyst::Authentication::Store::LDAP::Backend->new(\%config);

DESCRIPTION

You probably want Catalyst::Authentication::Store::LDAP.

Otherwise, this lets you create a store manually.

See the Catalyst::Authentication::Store::LDAP documentation for an explanation of the configuration options.

METHODS

new($config)

Creates a new Catalyst::Authentication::Store::LDAP::Backend object. $config should be a hashref, which should contain the configuration options listed in Catalyst::Authentication::Store::LDAP's documentation.

Also sets a few sensible defaults.

find_user( authinfo, $c )

Creates a Catalyst::Authentication::Store::LDAP::User object for the given User ID. This is the preferred mechanism for getting a given User out of the Store.

authinfo should be a hashref with a key of either id or username. The value will be compared against the LDAP user_field field.

get_user( id, $c)

Creates a Catalyst::Authentication::Store::LDAP::User object for the given User ID, or calls new on the class specified in user_class. This instance of the store object, the results of lookup_user and $c are passed as arguments (in that order) to new. This is the preferred mechanism for getting a given User out of the Store.

ldap_connect

Returns a Net::LDAP object, connected to your LDAP server. (According to how you configured the Backend, of course)

ldap_bind($ldap, $binddn, $bindpw)

Bind's to the directory. If $ldap is undef, it will connect to the LDAP server first. $binddn should be the DN of the object you wish to bind as, and $bindpw the password.

If $binddn is "anonymous", an anonymous bind will be performed.

ldap_auth( $binddn, $bindpw )

Connect to the LDAP server and do an authenticated bind against the directory. Throws an exception if connecting to the LDAP server fails. Returns 1 if binding succeeds, 0 if it fails.

lookup_user($id)

Given a User ID, this method will:

A) Bind to the directory using the configured binddn and bindpw
B) Perform a search for the User Object in the directory, using
   user_basedn, user_filter, and user_scope.
C) Assuming we found the object, we will walk it's attributes
   using L<Net::LDAP::Entry>'s get_value method.  We store the
   results in a hashref. If we do not find the object, then
   undef is returned.
D) Return a hashref that looks like:

   $results = {
      'ldap_entry' => $entry, # The Net::LDAP::Entry object
      'attributes' => $attributes,
   }

This method is usually only called by find_user().

lookup_roles($userobj, [$ldap])

This method looks up the roles for a given user. It takes a Catalyst::Authentication::Store::LDAP::User object as it's first argument, and can optionally take a Net::LDAP object which is used rather than the default binding if supplied.

It returns an array containing the role_field attribute from all the objects that match it's criteria.

user_supports

Returns the value of Catalyst::Authentication::Store::LDAP::User->supports(@_).

from_session( id, $c )

Returns get_user() for id.

AUTHORS

Adam Jacob <holoway@cpan.org>

Some parts stolen shamelessly and entirely from Catalyst::Plugin::Authentication::Store::Htpasswd.

Currently maintained by Peter Karman <karman@cpan.org>.

THANKS

To nothingmuch, ghenry, castaway and the rest of #catalyst for the help. :)

SEE ALSO

Catalyst::Authentication::Store::LDAP, Catalyst::Authentication::Store::LDAP::User, Catalyst::Plugin::Authentication, Net::LDAP

COPYRIGHT & LICENSE

Copyright (c) 2005 the aforementioned authors. All rights reserved. This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.