X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=lib%2FCatalyst%2FAuthentication%2FStore%2FLDAP%2FBackend.pm;h=bd5fbdf53a4f065b17c14ccc068bcce20880a11c;hb=d05c83ddfbb0b15c5f002dab15a16608a42080d8;hp=36df48b96855a105b1db6a57693b7229dd1ed596;hpb=405489b5976c386ddad2a777eb31f75d8319a168;p=catagits%2FCatalyst-Authentication-Store-LDAP.git diff --git a/lib/Catalyst/Authentication/Store/LDAP/Backend.pm b/lib/Catalyst/Authentication/Store/LDAP/Backend.pm index 36df48b..bd5fbdf 100644 --- a/lib/Catalyst/Authentication/Store/LDAP/Backend.pm +++ b/lib/Catalyst/Authentication/Store/LDAP/Backend.pm @@ -31,7 +31,7 @@ Catalyst::Authentication::Store::LDAP::Backend }, 'user_basedn' => 'ou=people,dc=yourcompany,dc=com', 'user_filter' => '(&(objectClass=posixAccount)(uid=%s))', - 'user_scope' => 'one', + 'user_scope' => 'one', # or 'sub' for Active Directory 'user_field' => 'uid', 'user_search_options' => { 'deref' => 'always', @@ -53,19 +53,11 @@ Catalyst::Authentication::Store::LDAP::Backend our $users = Catalyst::Authentication::Store::LDAP::Backend->new(\%config); - sub action : Local { - my ( $self, $c ) = @_; - - $c->login( $users->get_user( $c->req->param("login") ), - $c->req->param("password") ); - } - =head1 DESCRIPTION -You probably want L, unless -you are mixing several stores in a single app and one of them is LDAP. +You probably want L. -Otherwise, this lets you create a store manually. +Otherwise, this lets you create a store manually. See the L documentation for an explanation of the configuration options. @@ -80,7 +72,7 @@ use base qw( Class::Accessor::Fast ); use strict; use warnings; -our $VERSION = '0.1004'; +our $VERSION = '1.012'; use Catalyst::Authentication::Store::LDAP::User; use Net::LDAP; @@ -128,16 +120,17 @@ sub new { $config_hash{'use_roles'} ||= '1'; $config_hash{'start_tls'} ||= '0'; $config_hash{'entry_class'} ||= 'Catalyst::Model::LDAP::Entry'; - $config_hash{'user_class'} ||= 'Catalyst::Authentication::Store::LDAP::User'; + $config_hash{'user_class'} + ||= 'Catalyst::Authentication::Store::LDAP::User'; $config_hash{'role_search_as_user'} ||= 0; - Catalyst::Utils::ensure_class_loaded($config_hash{'user_class'}); + Catalyst::Utils::ensure_class_loaded( $config_hash{'user_class'} ); my $self = \%config_hash; bless( $self, $class ); return $self; } -=head2 find_user( I ) +=head2 find_user( I, $c ) Creates a L object for the given User ID. This is the preferred mechanism for getting a @@ -150,21 +143,22 @@ C. The value will be compared against the LDAP C field. sub find_user { my ( $self, $authinfo, $c ) = @_; - return $self->get_user( $authinfo->{id} || $authinfo->{username} ); + return $self->get_user( $authinfo->{id} || $authinfo->{username}, $c ); } -=head2 get_user($id) +=head2 get_user( I, $c) Creates a L object -for the given User ID. This is the preferred mechanism for getting a -given User out of the Store. +for the given User ID, or calls C on the class specified in +C. This instance of the store object, the results of +C and $c are passed as arguments (in that order) to C. +This is the preferred mechanism for getting a given User out of the Store. =cut sub get_user { - my ( $self, $id ) = @_; - my $user = $self->user_class->new( $self, - $self->lookup_user($id) ); + my ( $self, $id, $c ) = @_; + my $user = $self->user_class->new( $self, $self->lookup_user($id), $c ); return $user; } @@ -216,7 +210,7 @@ If $binddn is "anonymous", an anonymous bind will be performed. sub ldap_bind { my ( $self, $ldap, $binddn, $bindpw, $forauth ) = @_; $forauth ||= 0; - $ldap ||= $self->ldap_connect; + $ldap ||= $self->ldap_connect; if ( !defined($ldap) ) { Catalyst::Exception->throw("LDAP Server undefined!"); } @@ -242,14 +236,14 @@ sub ldap_bind { } } else { - $self->_ldap_bind_anon($ldap, $binddn); + $self->_ldap_bind_anon( $ldap, $binddn ); } } return $ldap; } sub _ldap_bind_anon { - my ($self, $ldap, $dn) = @_; + my ( $self, $ldap, $dn ) = @_; my $mesg = $ldap->bind($dn); if ( $mesg->is_error ) { Catalyst::Exception->throw( "Error on Bind: " . $mesg->error ); @@ -263,11 +257,12 @@ Given a User ID, this method will: A) Bind to the directory using the configured binddn and bindpw B) Perform a search for the User Object in the directory, using user_basedn, user_filter, and user_scope. - C) Assuming we found the object, we will walk it's attributes + C) Assuming we found the object, we will walk it's attributes using L's get_value method. We store the - results in a hashref. - D) Return a hashref that looks like: - + results in a hashref. If we do not find the object, then + undef is returned. + D) Return a hashref that looks like: + $results = { 'ldap_entry' => $entry, # The Net::LDAP::Entry object 'attributes' => $attributes, @@ -284,6 +279,9 @@ sub lookup_user { if ( $id =~ /\*/ ) { Catalyst::Exception->throw("ID $id contains wildcards!"); } + + # Trim trailing space or we confuse ourselves + $id =~ s/\s+$//; my $ldap = $self->ldap_bind; my @searchopts; if ( defined( $self->user_basedn ) ) { @@ -300,10 +298,9 @@ sub lookup_user { push( @searchopts, %{ $self->user_search_options } ); } my $usersearch = $ldap->search(@searchopts); - if ( $usersearch->is_error ) { - Catalyst::Exception->throw( - "LDAP Error while searching for user: " . $usersearch->error ); - } + + return undef if ( $usersearch->is_error ); + my $userentry; my $user_field = $self->user_field; my $results_filter = $self->user_results_filter; @@ -349,8 +346,8 @@ sub lookup_user { $attrhash->{ lc($attr) } = \@attrvalues; } } - - eval { Catalyst::Utils::ensure_class_loaded($self->entry_class) }; + + eval { Catalyst::Utils::ensure_class_loaded( $self->entry_class ) }; if ( !$@ ) { bless( $userentry, $self->entry_class ); $userentry->{_use_unicode}++; @@ -433,7 +430,7 @@ sub user_supports { Catalyst::Authentication::Store::LDAP::User->supports(@_); } -=head2 from_session( I ) +=head2 from_session( I, I<$c> ) Returns get_user() for I. @@ -441,7 +438,7 @@ Returns get_user() for I. sub from_session { my ( $self, $c, $id ) = @_; - $self->get_user($id); + $self->get_user( $id, $c ); } 1;