=head1 NAME
-Catalyst::Authentication::Store::LDAP::Backend
+Catalyst::Authentication::Store::LDAP::Backend
- LDAP authentication storage backend.
=head1 SYNOPSIS
'user_field' => 'uid',
'user_search_options' => {
'deref' => 'always',
+ 'attrs' => [qw( distinguishedname name mail )],
},
'user_results_filter' => sub { return shift->pop_entry },
'entry_class' => 'MyApp::LDAP::Entry',
},
'role_search_as_user' => 0,
);
-
+
our $users = Catalyst::Authentication::Store::LDAP::Backend->new(\%config);
=head1 DESCRIPTION
use strict;
use warnings;
-our $VERSION = '1.014';
+our $VERSION = '1.015';
use Catalyst::Authentication::Store::LDAP::User;
use Net::LDAP;
=head2 find_user( I<authinfo>, $c )
Creates a L<Catalyst::Authentication::Store::LDAP::User> object
-for the given User ID. This is the preferred mechanism for getting a
+for the given User ID. This is the preferred mechanism for getting a
given User out of the Store.
I<authinfo> should be a hashref with a key of either C<id> or
=cut
sub ldap_bind {
- my ( $self, $ldap, $binddn, $bindpw, $forauth ) = @_;
- $forauth ||= 0;
+ my ( $self, $ldap, $binddn, $bindpw ) = @_;
$ldap ||= $self->ldap_connect;
if ( !defined($ldap) ) {
Catalyst::Exception->throw("LDAP Server undefined!");
$self->_ldap_bind_anon($ldap);
}
else {
- # Don't fall back to unauthenticated bind when authenticating
- if ($bindpw or $forauth eq 'forauth') {
+ if ($bindpw) {
my $mesg = $ldap->bind( $binddn, 'password' => $bindpw );
if ( $mesg->is_error ) {
-
- # If we're not checking this bind for authentication purposes
- # Go ahead an blow up if we fail.
- if ( $forauth ne 'forauth' ) {
- Catalyst::Exception->throw(
- "Error on Initial Bind: " . $mesg->error );
- }
- else {
- return undef;
- }
+ Catalyst::Exception->throw(
+ "Error on Initial Bind: " . $mesg->error );
}
}
else {
}
}
+=head2 ldap_auth( $binddn, $bindpw )
+
+Connect to the LDAP server and do an authenticated bind against the
+directory. Throws an exception if connecting to the LDAP server fails.
+Returns 1 if binding succeeds, 0 if it fails.
+
+=cut
+
+sub ldap_auth {
+ my ( $self, $binddn, $bindpw ) = @_;
+ my $ldap = $self->ldap_connect;
+ if ( !defined $ldap ) {
+ Catalyst::Exception->throw("LDAP server undefined!");
+ }
+ my $mesg = $ldap->bind( $binddn, password => $bindpw );
+ return $mesg->is_error ? 0 : 1;
+}
+
=head2 lookup_user($id)
Given a User ID, this method will:
=head2 lookup_roles($userobj, [$ldap])
-This method looks up the roles for a given user. It takes a
+This method looks up the roles for a given user. It takes a
L<Catalyst::Authentication::Store::LDAP::User> object
as it's first argument, and can optionally take a I<Net::LDAP> object which
is used rather than the default binding if supplied.
=head2 user_supports
-Returns the value of
+Returns the value of
Catalyst::Authentication::Store::LDAP::User->supports(@_).
=cut