- Document how to limit the attributes returned from the LDAP search
- Add persist_in_session config option to allow storing of user and its
roles in the session without hitting the LDAP store on each request
+ - fix use_roles enabled if explicitly disabled
1.015 20 February 2015
- Escape special characters in user/role names
$config_hash{'role_filter'} ||= '(memberUid=%s)';
$config_hash{'role_scope'} ||= 'sub';
$config_hash{'role_field'} ||= 'cn';
- $config_hash{'use_roles'} ||= '1';
+ $config_hash{'use_roles'} = '1'
+ unless exists $config_hash{use_roles};
$config_hash{'start_tls'} ||= '0';
$config_hash{'entry_class'} ||= 'Catalyst::Model::LDAP::Entry';
$config_hash{'user_class'}
use_ok("Catalyst::Authentication::Store::LDAP::Backend");
+
+my $back_without_use_roles = Catalyst::Authentication::Store::LDAP::Backend->new({
+ ldap_server => 'ldap://127.0.0.1:555',
+ binddn => 'anonymous',
+ bindpw => 'dontcarehow',
+ user_basedn => 'ou=foobar',
+ user_filter => '(&(objectClass=inetOrgPerson)(uid=%s))',
+ user_scope => 'one',
+ user_field => 'uid',
+});
+is $back_without_use_roles->use_roles, 1, 'use_roles enabled be default';
+
+my $back_with_use_roles_disabled = Catalyst::Authentication::Store::LDAP::Backend->new({
+ ldap_server => 'ldap://127.0.0.1:555',
+ binddn => 'anonymous',
+ bindpw => 'dontcarehow',
+ user_basedn => 'ou=foobar',
+ user_filter => '(&(objectClass=inetOrgPerson)(uid=%s))',
+ user_scope => 'one',
+ user_field => 'uid',
+ use_roles => 0,
+});
+is $back_with_use_roles_disabled->use_roles, 0, 'use_roles disabled when set
+to 0';
+
+my $back_with_use_roles_enabled = Catalyst::Authentication::Store::LDAP::Backend->new({
+ ldap_server => 'ldap://127.0.0.1:555',
+ binddn => 'anonymous',
+ bindpw => 'dontcarehow',
+ user_basedn => 'ou=foobar',
+ user_filter => '(&(objectClass=inetOrgPerson)(uid=%s))',
+ user_scope => 'one',
+ user_field => 'uid',
+ use_roles => 1,
+});
+is $back_with_use_roles_enabled->use_roles, 1, 'use_roles enabled when set to
+1';
+
my (@searches, @binds);
for my $i (0..1) {