use strict;
use warnings;
-our $VERSION = '0.1005';
+our $VERSION = '1.006';
-BEGIN { __PACKAGE__->mk_accessors(qw/user store/) }
+BEGIN { __PACKAGE__->mk_accessors(qw/user store _ldap_connection_password/) }
use overload '""' => sub { shift->stringify }, fallback => 1;
'forauth' );
if ( defined($ldap) ) {
if ($self->store->role_search_as_user) {
+ # FIXME - This can be removed and made to use the code below..
# Have to do the role lookup _now_, as this is the only time
# that we have the user's password/ldap bind..
$self->roles($ldap);
}
+ # Stash a closure which can be used to retrieve the connection in the users context later.
+ $self->_ldap_connection_password( sub { $password } ); # Close over
+ # password to try to ensure it doesn't come out in debug dumps
+ # or get serialized into sessions etc..
return 1;
}
else {
}
}
+=head2 ldap_connection
+
+Re-binds to the auth store with the credentials of the user you logged in
+as, and returns a L<Net::LDAP> object which you can use to do further queries.
+
+=cut
+
+sub ldap_connection {
+ my $self = shift;
+ $self->store->ldap_bind( undef, $self->ldap_entry->dn,
+ $self->_ldap_connection_password->() );
+}
+
=head2 AUTOLOADed methods
We automatically map the attributes of the underlying L<Net::LDAP::Entry>