X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=lib%2FCatalyst%2FAuthentication%2FStore%2FLDAP.pm;h=cdd025d875d85af8aadc31a74be0a9db16e06caf;hb=62534b1b4eb2c8f2ab4208768f6924c25eb80e7b;hp=896806b70287e876124555f3073bc3c4171e91af;hpb=1f800a61d6c9bc955ebf578cd8fbf1059f6896bc;p=catagits%2FCatalyst-Authentication-Store-LDAP.git

diff --git a/lib/Catalyst/Authentication/Store/LDAP.pm b/lib/Catalyst/Authentication/Store/LDAP.pm
index 896806b..cdd025d 100644
--- a/lib/Catalyst/Authentication/Store/LDAP.pm
+++ b/lib/Catalyst/Authentication/Store/LDAP.pm
@@ -3,7 +3,7 @@ package Catalyst::Authentication::Store::LDAP;
 use strict;
 use warnings;
 
-our $VERSION = '0.1003';
+our $VERSION = '1.014';
 
 use Catalyst::Authentication::Store::LDAP::Backend;
 
@@ -52,6 +52,7 @@ Catalyst::Authentication::Store::LDAP
                role_scope          => "one",
                role_search_options => { deref => "always" },
                role_value          => "dn",
+               role_search_as_user => 0,
                start_tls           => 1,
                start_tls_options   => { verify => "none" },
                entry_class         => "MyApp::LDAP::Entry",
@@ -59,7 +60,7 @@ Catalyst::Authentication::Store::LDAP
                user_basedn         => "ou=people,dc=yourcompany,dc=com",
                user_field          => "uid",
                user_filter         => "(&(objectClass=posixAccount)(uid=%s))",
-               user_scope          => "one",
+               user_scope          => "one", # or "sub" for Active Directory
                user_search_options => { deref => "always" },
                user_results_filter => sub { return shift->pop_entry },
              },
@@ -155,6 +156,7 @@ tweeks to the example configuration will work:
     user_basedn: ou=Domain Users,ou=Accounts,dc=mycompany,dc=com
     user_field:  samaccountname
     user_filter: (sAMAccountName=%s) 
+    user_scope: sub
 
 He also notes: "I found the case in the value of user_field to be significant: 
 it didn't seem to work when I had the mixed case value there."
@@ -301,6 +303,23 @@ Be careful not to specify:
 
 As they are already taken care of by other configuration options.
 
+=head2 role_search_as_user
+
+By default this setting is false, and the role search will be performed
+by binding to the directory with the details in the I<binddn> and I<bindpw>
+fields. If this is set to false, then the role search will instead be
+performed when bound as the user you authenticated as.
+
+=head2 entry_class
+
+The name of the class of LDAP entries returned. This class should
+exist and is expected to be a subclass of Net::LDAP::Entry
+
+=head2 user_class
+
+The name of the class of user object returned. By default, this is
+L<Catalyst::Authentication::Store::LDAP::User>.
+
 =head1 METHODS
 
 =head2 new