=head1 NAME
-Catalyst::Authentication::Store::LDAP
+Catalyst::Authentication::Store::LDAP
- Authentication from an LDAP Directory.
=head1 SYNOPSIS
my ( $self, $c ) = @_;
$c->authenticate({
- id => $c->req->param("login"),
- password => $c->req->param("password")
+ id => $c->req->param("login"),
+ password => $c->req->param("password")
});
$c->res->body("Welcome " . $c->user->username . "!");
}
you are upgrading from a previous version of this plugin.
This plugin uses C<Net::LDAP> to let your application authenticate against
-an LDAP directory. It has a pretty high degree of flexibility, given the
-wide variation of LDAP directories and schemas from one system to another.
+an LDAP directory. It has a pretty high degree of flexibility, given the
+wide variation of LDAP directories and schemas from one system to another.
It authenticates users in two steps:
1) A search of the directory is performed, looking for a user object that
- matches the username you pass. This is done with the bind credentials
+ matches the username you pass. This is done with the bind credentials
supplied in the "binddn" and "bindpw" configuration options.
2) If that object is found, we then re-bind to the directory as that object.
- Assuming this is successful, the user is Authenticated.
+ Assuming this is successful, the user is Authenticated.
=head1 CONFIGURATION OPTIONS
user_basedn: ou=Domain Users,ou=Accounts,dc=mycompany,dc=com
user_field: samaccountname
- user_filter: (sAMAccountName=%s)
+ user_filter: (sAMAccountName=%s)
user_scope: sub
-He also notes: "I found the case in the value of user_field to be significant:
+He also notes: "I found the case in the value of user_field to be significant:
it didn't seem to work when I had the mixed case value there."
=head2 ldap_server
=head2 ldap_server_options
-This should be a hashref containing options to pass to L<Net::LDAP>->new().
+This should be a hashref containing options to pass to L<Net::LDAP>->new().
See L<Net::LDAP> for the full list.
=head2 binddn
=head2 user_filter
-This is the LDAP Search filter used during user lookup. The special string
+This is the LDAP Search filter used during user lookup. The special string
'%s' will be replaced with the username you pass to $c->login. By default
it is set to '(uid=%s)'. Other possibly useful filters:
}
return undef; # i.e., no match
}
-
+
=head2 use_roles
-Whether or not to enable role lookups. It defaults to true; set it to 0 if
+Whether or not to enable role lookups. It defaults to true; set it to 0 if
you want to always avoid role lookups.
=head2 role_basedn
=head2 role_value
-This is the attribute of the User object we want to use in our role_filter.
+This is the attribute of the User object we want to use in our role_filter.
If this is set to "dn", we will use the User Objects DN.
=head2 role_search_options
=head2 new
This method will populate
-L<Catalyst::Plugin::Authentication/default_auth_store> with this object.
+L<Catalyst::Plugin::Authentication/default_auth_store> with this object.
=head1 AUTHORS
L<Catalyst::Authentication::Store::LDAP>,
L<Catalyst::Authentication::Store::LDAP::User>,
L<Catalyst::Authentication::Store::LDAP::Backend>,
-L<Catalyst::Plugin::Authentication>,
+L<Catalyst::Plugin::Authentication>,
L<Net::LDAP>
=head1 COPYRIGHT & LICENSE
=head1 NAME
-Catalyst::Authentication::Store::LDAP::Backend
+Catalyst::Authentication::Store::LDAP::Backend
- LDAP authentication storage backend.
=head1 SYNOPSIS
},
'role_search_as_user' => 0,
);
-
+
our $users = Catalyst::Authentication::Store::LDAP::Backend->new(\%config);
=head1 DESCRIPTION
=head2 find_user( I<authinfo>, $c )
Creates a L<Catalyst::Authentication::Store::LDAP::User> object
-for the given User ID. This is the preferred mechanism for getting a
+for the given User ID. This is the preferred mechanism for getting a
given User out of the Store.
I<authinfo> should be a hashref with a key of either C<id> or
=head2 lookup_roles($userobj, [$ldap])
-This method looks up the roles for a given user. It takes a
+This method looks up the roles for a given user. It takes a
L<Catalyst::Authentication::Store::LDAP::User> object
as it's first argument, and can optionally take a I<Net::LDAP> object which
is used rather than the default binding if supplied.
=head2 user_supports
-Returns the value of
+Returns the value of
Catalyst::Authentication::Store::LDAP::User->supports(@_).
=cut
=head1 NAME
Catalyst::Authentication::Store::LDAP::User
- - A User object representing an LDAP object.
+ - A User object representing an LDAP object.
=head1 SYNOPSIS
This wraps up an LDAP object and presents a simplified interface to it's
contents. It uses some AUTOLOAD magic to pass method calls it doesn't
understand through as simple read only accessors for the LDAP entries
-various attributes.
+various attributes.
It gets grumpy if you ask for an attribute via the AUTOLOAD mechanism
-that it doesn't know about. Avoid that with using "has_attribute",
+that it doesn't know about. Avoid that with using "has_attribute",
discussed in more detail below.
You can skip all that and just go straight to the L<Net::LDAP::Entry>
=head2 ldap_entry
-Returns the raw ldap_entry.
+Returns the raw ldap_entry.
=cut
=head2 has_attribute
Returns the values for an attribute, or undef if that attribute is not present.
-The safest way to get at an attribute.
+The safest way to get at an attribute.
=cut
$c->user->homedirectory
And you'll get the value of the "homeDirectory" attribute. Note that
-all the AUTOLOADed methods are automatically lower-cased.
+all the AUTOLOADed methods are automatically lower-cased.
=head2 Special Keywords
The highly useful and common method "username" will map to the configured
-value of user_field (uid by default.)
+value of user_field (uid by default.)
$c->user->username == $c->user->uid
Adam Jacob <holoway@cpan.org>
Some parts stolen shamelessly and entirely from
-L<Catalyst::Plugin::Authentication::Store::Htpasswd>.
+L<Catalyst::Plugin::Authentication::Store::Htpasswd>.
Currently maintained by Peter Karman <karman@cpan.org>.