},
'user_basedn' => 'ou=people,dc=yourcompany,dc=com',
'user_filter' => '(&(objectClass=posixAccount)(uid=%s))',
- 'user_scope' => 'one',
+ 'user_scope' => 'one', # or 'sub' for Active Directory
'user_field' => 'uid',
'user_search_options' => {
'deref' => 'always',
use strict;
use warnings;
-our $VERSION = '0.1005';
+our $VERSION = '1.014';
use Catalyst::Authentication::Store::LDAP::User;
use Net::LDAP;
$config_hash{'use_roles'} ||= '1';
$config_hash{'start_tls'} ||= '0';
$config_hash{'entry_class'} ||= 'Catalyst::Model::LDAP::Entry';
- $config_hash{'user_class'} ||= 'Catalyst::Authentication::Store::LDAP::User';
+ $config_hash{'user_class'}
+ ||= 'Catalyst::Authentication::Store::LDAP::User';
$config_hash{'role_search_as_user'} ||= 0;
- Catalyst::Utils::ensure_class_loaded($config_hash{'user_class'});
+ Catalyst::Utils::ensure_class_loaded( $config_hash{'user_class'} );
my $self = \%config_hash;
bless( $self, $class );
return $self;
return $self->get_user( $authinfo->{id} || $authinfo->{username}, $c );
}
-=head2 get_user($id)
+=head2 get_user( I<id>, $c)
Creates a L<Catalyst::Authentication::Store::LDAP::User> object
for the given User ID, or calls C<new> on the class specified in
sub get_user {
my ( $self, $id, $c ) = @_;
- my $user = $self->user_class->new( $self,
- $self->lookup_user($id), $c );
+ my $user = $self->user_class->new( $self, $self->lookup_user($id), $c );
return $user;
}
sub ldap_bind {
my ( $self, $ldap, $binddn, $bindpw, $forauth ) = @_;
$forauth ||= 0;
- $ldap ||= $self->ldap_connect;
+ $ldap ||= $self->ldap_connect;
if ( !defined($ldap) ) {
Catalyst::Exception->throw("LDAP Server undefined!");
}
- $binddn ||= $self->binddn;
- $bindpw ||= $self->bindpw;
+
+ # if username is present, make sure password is present too.
+ # see https://rt.cpan.org/Ticket/Display.html?id=81908
+ if ( !defined $binddn ) {
+ $binddn = $self->binddn;
+ $bindpw = $self->bindpw;
+ }
+
if ( $binddn eq "anonymous" ) {
$self->_ldap_bind_anon($ldap);
}
else {
- if ($bindpw) {
+ # Don't fall back to unauthenticated bind when authenticating
+ if ($bindpw or $forauth eq 'forauth') {
my $mesg = $ldap->bind( $binddn, 'password' => $bindpw );
if ( $mesg->is_error ) {
}
}
else {
- $self->_ldap_bind_anon($ldap, $binddn);
+ $self->_ldap_bind_anon( $ldap, $binddn );
}
}
return $ldap;
}
sub _ldap_bind_anon {
- my ($self, $ldap, $dn) = @_;
+ my ( $self, $ldap, $dn ) = @_;
my $mesg = $ldap->bind($dn);
if ( $mesg->is_error ) {
Catalyst::Exception->throw( "Error on Bind: " . $mesg->error );
sub lookup_user {
my ( $self, $id ) = @_;
- # No sneaking in wildcards!
- if ( $id =~ /\*/ ) {
- Catalyst::Exception->throw("ID $id contains wildcards!");
- }
+ # Trim trailing space or we confuse ourselves
+ $id =~ s/\s+$//;
my $ldap = $self->ldap_bind;
my @searchopts;
if ( defined( $self->user_basedn ) ) {
}
my $usersearch = $ldap->search(@searchopts);
- return if ( $usersearch->is_error );
+ return undef if ( $usersearch->is_error );
my $userentry;
my $user_field = $self->user_field;
$attrhash->{ lc($attr) } = \@attrvalues;
}
}
-
- eval { Catalyst::Utils::ensure_class_loaded($self->entry_class) };
+
+ eval { Catalyst::Utils::ensure_class_loaded( $self->entry_class ) };
if ( !$@ ) {
bless( $userentry, $self->entry_class );
$userentry->{_use_unicode}++;
my $self = shift;
my $filter = shift;
my $replace = shift;
+ $replace =~ s/([*()\\\x{0}])/sprintf '\\%02x', ord($1)/ge;
$filter =~ s/\%s/$replace/g;
return $filter;
}
Catalyst::Authentication::Store::LDAP::User->supports(@_);
}
-=head2 from_session( I<id> )
+=head2 from_session( I<id>, I<$c> )
Returns get_user() for I<id>.
sub from_session {
my ( $self, $c, $id ) = @_;
- $self->get_user($id);
+ $self->get_user( $id, $c );
}
1;
projects / catagits/Catalyst-Authentication-Store-LDAP.git / blobdiff