X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=README;h=7955caa35ca9269f01ec5c2c6ea46846ca1a8f3b;hb=HEAD;hp=103a24cadd1c26dea69b14915930a20dd50a2040;hpb=a93dbce7a04c711befe2f5ff07ca81ea728ed986;p=catagits%2FCatalyst-Authentication-Store-LDAP.git diff --git a/README b/README index 103a24c..7955caa 100644 --- a/README +++ b/README @@ -37,9 +37,13 @@ SYNOPSIS user_basedn => "ou=people,dc=yourcompany,dc=com", user_field => "uid", user_filter => "(&(objectClass=posixAccount)(uid=%s))", - user_scope => "one", - user_search_options => { deref => "always" }, + user_scope => "one", # or "sub" for Active Directory + user_search_options => { + deref => 'always', + attrs => [qw( distinguishedname name mail )], + }, user_results_filter => sub { return shift->pop_entry }, + persist_in_session => 'all', }, }, }, @@ -50,8 +54,8 @@ SYNOPSIS my ( $self, $c ) = @_; $c->authenticate({ - id => $c->req->param("login"), - password => $c->req->param("password") + id => $c->req->param("login"), + password => $c->req->param("password") }); $c->res->body("Welcome " . $c->user->username . "!"); } @@ -131,7 +135,8 @@ CONFIGURATION OPTIONS user_basedn: ou=Domain Users,ou=Accounts,dc=mycompany,dc=com user_field: samaccountname - user_filter: (sAMAccountName=%s) + user_filter: (sAMAccountName=%s) + user_scope: sub He also notes: "I found the case in the value of user_field to be significant: it didn't seem to work when I had the mixed case value @@ -188,7 +193,7 @@ CONFIGURATION OPTIONS identifier for the user. user_search_options - This takes a hashref. It will append it's values to the call to + This takes a hashref. It will append its values to the call to Net::LDAP's "search" method during the initial user lookup. See Net::LDAP for valid options. @@ -220,7 +225,7 @@ CONFIGURATION OPTIONS } return undef; # i.e., no match } - + use_roles Whether or not to enable role lookups. It defaults to true; set it to 0 if you want to always avoid role lookups. @@ -251,7 +256,7 @@ CONFIGURATION OPTIONS role_filter. If this is set to "dn", we will use the User Objects DN. role_search_options - This takes a hashref. It will append it's values to the call to + This takes a hashref. It will append its values to the call to Net::LDAP's "search" method during the user's role lookup. See Net::LDAP for valid options. @@ -269,6 +274,22 @@ CONFIGURATION OPTIONS *bindpw* fields. If this is set to false, then the role search will instead be performed when bound as the user you authenticated as. + persist_in_session + Can take one of the following values, defaults to "username": + + "username" + Only store the username in the session and lookup the user and its + roles on every request. That was how the module worked until version + 1.015 and is also the default for backwards compatibility. + + "all" + Store the user object and its roles in the session and never look it + up in the store after login. + + NOTE: It's recommended to limit the user attributes fetched from + LDAP using "user_search_options" / "attrs" to not exhaust the + session store. + entry_class The name of the class of LDAP entries returned. This class should exist and is expected to be a subclass of Net::LDAP::Entry @@ -283,12 +304,13 @@ METHODS Catalyst::Plugin::Authentication with this object. AUTHORS - Adam Jacob + Adam Jacob Peter Karman Alexander + Hartmaier Some parts stolen shamelessly and entirely from Catalyst::Plugin::Authentication::Store::Htpasswd. - Currently maintained by Peter Karman . + Currently maintained by Dagfinn Ilmari Mannsåker . THANKS To nothingmuch, ghenry, castaway and the rest of #catalyst for the help.