use strict;
use warnings;
-our $VERSION = '1.013';
+our $VERSION = '1.015';
use Catalyst::Authentication::Store::LDAP::Backend;
=head1 NAME
-Catalyst::Authentication::Store::LDAP
+Catalyst::Authentication::Store::LDAP
- Authentication from an LDAP Directory.
=head1 SYNOPSIS
user_field => "uid",
user_filter => "(&(objectClass=posixAccount)(uid=%s))",
user_scope => "one", # or "sub" for Active Directory
- user_search_options => { deref => "always" },
+ user_search_options => {
+ deref => 'always',
+ attrs => [qw( distinguishedname name mail )],
+ },
user_results_filter => sub { return shift->pop_entry },
},
},
my ( $self, $c ) = @_;
$c->authenticate({
- id => $c->req->param("login"),
- password => $c->req->param("password")
+ id => $c->req->param("login"),
+ password => $c->req->param("password")
});
$c->res->body("Welcome " . $c->user->username . "!");
}
you are upgrading from a previous version of this plugin.
This plugin uses C<Net::LDAP> to let your application authenticate against
-an LDAP directory. It has a pretty high degree of flexibility, given the
-wide variation of LDAP directories and schemas from one system to another.
+an LDAP directory. It has a pretty high degree of flexibility, given the
+wide variation of LDAP directories and schemas from one system to another.
It authenticates users in two steps:
1) A search of the directory is performed, looking for a user object that
- matches the username you pass. This is done with the bind credentials
+ matches the username you pass. This is done with the bind credentials
supplied in the "binddn" and "bindpw" configuration options.
2) If that object is found, we then re-bind to the directory as that object.
- Assuming this is successful, the user is Authenticated.
+ Assuming this is successful, the user is Authenticated.
=head1 CONFIGURATION OPTIONS
user_basedn: ou=Domain Users,ou=Accounts,dc=mycompany,dc=com
user_field: samaccountname
- user_filter: (sAMAccountName=%s)
+ user_filter: (sAMAccountName=%s)
user_scope: sub
-He also notes: "I found the case in the value of user_field to be significant:
+He also notes: "I found the case in the value of user_field to be significant:
it didn't seem to work when I had the mixed case value there."
=head2 ldap_server
=head2 ldap_server_options
-This should be a hashref containing options to pass to L<Net::LDAP>->new().
+This should be a hashref containing options to pass to L<Net::LDAP>->new().
See L<Net::LDAP> for the full list.
=head2 binddn
=head2 user_filter
-This is the LDAP Search filter used during user lookup. The special string
+This is the LDAP Search filter used during user lookup. The special string
'%s' will be replaced with the username you pass to $c->login. By default
it is set to '(uid=%s)'. Other possibly useful filters:
}
return undef; # i.e., no match
}
-
+
=head2 use_roles
-Whether or not to enable role lookups. It defaults to true; set it to 0 if
+Whether or not to enable role lookups. It defaults to true; set it to 0 if
you want to always avoid role lookups.
=head2 role_basedn
=head2 role_value
-This is the attribute of the User object we want to use in our role_filter.
+This is the attribute of the User object we want to use in our role_filter.
If this is set to "dn", we will use the User Objects DN.
=head2 role_search_options
=head2 new
This method will populate
-L<Catalyst::Plugin::Authentication/default_auth_store> with this object.
+L<Catalyst::Plugin::Authentication/default_auth_store> with this object.
=head1 AUTHORS
L<Catalyst::Authentication::Store::LDAP>,
L<Catalyst::Authentication::Store::LDAP::User>,
L<Catalyst::Authentication::Store::LDAP::Backend>,
-L<Catalyst::Plugin::Authentication>,
+L<Catalyst::Plugin::Authentication>,
L<Net::LDAP>
=head1 COPYRIGHT & LICENSE