- Escape special characters in user/role names
+ - Use the stored user credentials to look up roles
1.014 26 April 2013
- Don't fall back to unauthenticated bind when authenticating
if ( $self->use_roles == 0 || $self->use_roles =~ /^false$/i ) {
return undef;
}
- $ldap ||= $self->ldap_bind;
+ $ldap ||= $self->role_search_as_user
+ ? $userobj->ldap_connection : $self->ldap_bind;
my @searchopts;
if ( defined( $self->role_basedn ) ) {
push( @searchopts, 'base' => $self->role_basedn );
= $self->store->ldap_bind( undef, $self->ldap_entry->dn, $password,
'forauth' );
if ( defined($ldap) ) {
- if ($self->store->role_search_as_user) {
- # FIXME - This can be removed and made to use the code below..
- # Have to do the role lookup _now_, as this is the only time
- # that we have the user's password/ldap bind..
- $self->roles($ldap);
- }
# Stash a closure which can be used to retrieve the connection in the users context later.
$_ldap_connection_passwords{refaddr($self)} = $password;
return 1;
sub roles {
my $self = shift;
- my $ldap = shift;
- $self->{_roles} ||= [$self->store->lookup_roles($self, $ldap)];
+ $self->{_roles} ||= [$self->store->lookup_roles($self)];
return @{$self->{_roles}};
}
'ou=foobar',
'password',
'password'
- ], # Rebind to confirm user _and_ lookup roles;
+ ], # Rebind to confirm user
+ [
+ 'ou=foobar',
+ 'password',
+ 'password'
+ ], # Rebind with user credentials to find roles
[ undef ], # Second user search
], 'Binds as expected');