NAME
Catalyst::Authentication::Store::LDAP::Backend - LDAP authentication storage backend.
SYNOPSIS
# you probably just want Store::LDAP under most cases,
# but if you insist you can instantiate your own store:
use Catalyst::Authentication::Store::LDAP::Backend;
use Catalyst qw/
Authentication
Authentication::Credential::Password
/;
my %config = (
'ldap_server' => 'ldap1.yourcompany.com',
'ldap_server_options' => {
'timeout' => 30,
},
'binddn' => 'anonymous',
'bindpw' => 'dontcarehow',
'start_tls' => 1,
'start_tls_options' => {
'verify' => 'none',
},
'user_basedn' => 'ou=people,dc=yourcompany,dc=com',
'user_filter' => '(&(objectClass=posixAccount)(uid=%s))',
'user_scope' => 'one', # or 'sub' for Active Directory
'user_field' => 'uid',
'user_search_options' => {
'deref' => 'always',
},
'user_results_filter' => sub { return shift->pop_entry },
'entry_class' => 'MyApp::LDAP::Entry',
'user_class' => 'MyUser',
'use_roles' => 1,
'role_basedn' => 'ou=groups,dc=yourcompany,dc=com',
'role_filter' => '(&(objectClass=posixGroup)(member=%s))',
'role_scope' => 'one',
'role_field' => 'cn',
'role_value' => 'dn',
'role_search_options' => {
'deref' => 'always',
},
'role_search_as_user' => 0,
);
our $users = Catalyst::Authentication::Store::LDAP::Backend->new(\%config);
DESCRIPTION
You probably want Catalyst::Authentication::Store::LDAP.
Otherwise, this lets you create a store manually.
See the Catalyst::Authentication::Store::LDAP documentation for an explanation of the configuration options.
METHODS
new($config)
Creates a new Catalyst::Authentication::Store::LDAP::Backend object. $config should be a hashref, which should contain the configuration options listed in Catalyst::Authentication::Store::LDAP's documentation.
Also sets a few sensible defaults.
find_user( authinfo, $c )
Creates a Catalyst::Authentication::Store::LDAP::User object for the given User ID. This is the preferred mechanism for getting a given User out of the Store.
authinfo should be a hashref with a key of either id
or username
. The value will be compared against the LDAP user_field
field.
get_user( id, $c)
Creates a Catalyst::Authentication::Store::LDAP::User object for the given User ID, or calls new
on the class specified in user_class
. This instance of the store object, the results of lookup_user
and $c are passed as arguments (in that order) to new
. This is the preferred mechanism for getting a given User out of the Store.
ldap_connect
Returns a Net::LDAP object, connected to your LDAP server. (According to how you configured the Backend, of course)
ldap_bind($ldap, $binddn, $bindpw)
Bind's to the directory. If $ldap is undef, it will connect to the LDAP server first. $binddn should be the DN of the object you wish to bind as, and $bindpw the password.
If $binddn is "anonymous", an anonymous bind will be performed.
ldap_auth( $binddn, $bindpw )
Connect to the LDAP server and do an authenticated bind against the directory. Throws an exception if connecting to the LDAP server fails. Returns 1 if binding succeeds, 0 if it fails.
lookup_user($id)
Given a User ID, this method will:
A) Bind to the directory using the configured binddn and bindpw
B) Perform a search for the User Object in the directory, using
user_basedn, user_filter, and user_scope.
C) Assuming we found the object, we will walk it's attributes
using L<Net::LDAP::Entry>'s get_value method. We store the
results in a hashref. If we do not find the object, then
undef is returned.
D) Return a hashref that looks like:
$results = {
'ldap_entry' => $entry, # The Net::LDAP::Entry object
'attributes' => $attributes,
}
This method is usually only called by find_user().
lookup_roles($userobj, [$ldap])
This method looks up the roles for a given user. It takes a Catalyst::Authentication::Store::LDAP::User object as it's first argument, and can optionally take a Net::LDAP object which is used rather than the default binding if supplied.
It returns an array containing the role_field attribute from all the objects that match it's criteria.
user_supports
Returns the value of Catalyst::Authentication::Store::LDAP::User->supports(@_).
from_session( id, $c )
Returns get_user() for id.
AUTHORS
Adam Jacob <holoway@cpan.org>
Some parts stolen shamelessly and entirely from Catalyst::Plugin::Authentication::Store::Htpasswd.
Currently maintained by Peter Karman <karman@cpan.org>.
THANKS
To nothingmuch, ghenry, castaway and the rest of #catalyst for the help. :)
SEE ALSO
Catalyst::Authentication::Store::LDAP, Catalyst::Authentication::Store::LDAP::User, Catalyst::Plugin::Authentication, Net::LDAP
COPYRIGHT & LICENSE
Copyright (c) 2005 the aforementioned authors. All rights reserved. This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.