use strict;
use warnings;
-our $VERSION = '0.1003';
+our $VERSION = '1.015';
use Catalyst::Authentication::Store::LDAP::Backend;
=head1 NAME
-Catalyst::Authentication::Store::LDAP
+Catalyst::Authentication::Store::LDAP
- Authentication from an LDAP Directory.
=head1 SYNOPSIS
role_scope => "one",
role_search_options => { deref => "always" },
role_value => "dn",
+ role_search_as_user => 0,
start_tls => 1,
start_tls_options => { verify => "none" },
entry_class => "MyApp::LDAP::Entry",
user_basedn => "ou=people,dc=yourcompany,dc=com",
user_field => "uid",
user_filter => "(&(objectClass=posixAccount)(uid=%s))",
- user_scope => "one",
- user_search_options => { deref => "always" },
+ user_scope => "one", # or "sub" for Active Directory
+ user_search_options => {
+ deref => 'always',
+ attrs => [qw( distinguishedname name mail )],
+ },
user_results_filter => sub { return shift->pop_entry },
},
},
my ( $self, $c ) = @_;
$c->authenticate({
- id => $c->req->param("login"),
- password => $c->req->param("password")
+ id => $c->req->param("login"),
+ password => $c->req->param("password")
});
$c->res->body("Welcome " . $c->user->username . "!");
}
you are upgrading from a previous version of this plugin.
This plugin uses C<Net::LDAP> to let your application authenticate against
-an LDAP directory. It has a pretty high degree of flexibility, given the
-wide variation of LDAP directories and schemas from one system to another.
+an LDAP directory. It has a pretty high degree of flexibility, given the
+wide variation of LDAP directories and schemas from one system to another.
It authenticates users in two steps:
1) A search of the directory is performed, looking for a user object that
- matches the username you pass. This is done with the bind credentials
+ matches the username you pass. This is done with the bind credentials
supplied in the "binddn" and "bindpw" configuration options.
2) If that object is found, we then re-bind to the directory as that object.
- Assuming this is successful, the user is Authenticated.
+ Assuming this is successful, the user is Authenticated.
=head1 CONFIGURATION OPTIONS
user_basedn: ou=Domain Users,ou=Accounts,dc=mycompany,dc=com
user_field: samaccountname
- user_filter: (sAMAccountName=%s)
+ user_filter: (sAMAccountName=%s)
+ user_scope: sub
-He also notes: "I found the case in the value of user_field to be significant:
+He also notes: "I found the case in the value of user_field to be significant:
it didn't seem to work when I had the mixed case value there."
=head2 ldap_server
=head2 ldap_server_options
-This should be a hashref containing options to pass to L<Net::LDAP>->new().
+This should be a hashref containing options to pass to L<Net::LDAP>->new().
See L<Net::LDAP> for the full list.
=head2 binddn
=head2 user_filter
-This is the LDAP Search filter used during user lookup. The special string
+This is the LDAP Search filter used during user lookup. The special string
'%s' will be replaced with the username you pass to $c->login. By default
it is set to '(uid=%s)'. Other possibly useful filters:
}
return undef; # i.e., no match
}
-
+
=head2 use_roles
-Whether or not to enable role lookups. It defaults to true; set it to 0 if
+Whether or not to enable role lookups. It defaults to true; set it to 0 if
you want to always avoid role lookups.
=head2 role_basedn
=head2 role_value
-This is the attribute of the User object we want to use in our role_filter.
+This is the attribute of the User object we want to use in our role_filter.
If this is set to "dn", we will use the User Objects DN.
=head2 role_search_options
As they are already taken care of by other configuration options.
+=head2 role_search_as_user
+
+By default this setting is false, and the role search will be performed
+by binding to the directory with the details in the I<binddn> and I<bindpw>
+fields. If this is set to false, then the role search will instead be
+performed when bound as the user you authenticated as.
+
+=head2 entry_class
+
+The name of the class of LDAP entries returned. This class should
+exist and is expected to be a subclass of Net::LDAP::Entry
+
+=head2 user_class
+
+The name of the class of user object returned. By default, this is
+L<Catalyst::Authentication::Store::LDAP::User>.
+
=head1 METHODS
=head2 new
This method will populate
-L<Catalyst::Plugin::Authentication/default_auth_store> with this object.
+L<Catalyst::Plugin::Authentication/default_auth_store> with this object.
=head1 AUTHORS
L<Catalyst::Authentication::Store::LDAP>,
L<Catalyst::Authentication::Store::LDAP::User>,
L<Catalyst::Authentication::Store::LDAP::Backend>,
-L<Catalyst::Plugin::Authentication>,
+L<Catalyst::Plugin::Authentication>,
L<Net::LDAP>
=head1 COPYRIGHT & LICENSE
projects / catagits/Catalyst-Authentication-Store-LDAP.git / blobdiff