use strict;
use warnings;
-our $VERSION = '0.1003';
+our $VERSION = '1.015';
use Catalyst::Authentication::Store::LDAP::Backend;
role_scope => "one",
role_search_options => { deref => "always" },
role_value => "dn",
+ role_search_as_user => 0,
start_tls => 1,
start_tls_options => { verify => "none" },
entry_class => "MyApp::LDAP::Entry",
user_basedn => "ou=people,dc=yourcompany,dc=com",
user_field => "uid",
user_filter => "(&(objectClass=posixAccount)(uid=%s))",
- user_scope => "one",
+ user_scope => "one", # or "sub" for Active Directory
user_search_options => { deref => "always" },
user_results_filter => sub { return shift->pop_entry },
},
user_basedn: ou=Domain Users,ou=Accounts,dc=mycompany,dc=com
user_field: samaccountname
user_filter: (sAMAccountName=%s)
+ user_scope: sub
He also notes: "I found the case in the value of user_field to be significant:
it didn't seem to work when I had the mixed case value there."
As they are already taken care of by other configuration options.
+=head2 role_search_as_user
+
+By default this setting is false, and the role search will be performed
+by binding to the directory with the details in the I<binddn> and I<bindpw>
+fields. If this is set to false, then the role search will instead be
+performed when bound as the user you authenticated as.
+
+=head2 entry_class
+
+The name of the class of LDAP entries returned. This class should
+exist and is expected to be a subclass of Net::LDAP::Entry
+
+=head2 user_class
+
+The name of the class of user object returned. By default, this is
+L<Catalyst::Authentication::Store::LDAP::User>.
+
=head1 METHODS
=head2 new