Catalyst-Authentication-Store-LDAP
view release on metacpan or search on metacpan
- Add missing dependency on Class::Accessor::Fast (RT#127730)
1.016 11 Februrary 2016
- Document how to limit the attributes returned from the LDAP search
- Add persist_in_session config option to allow storing of user and its
roles in the session without hitting the LDAP store on each request
- fix use_roles enabled if explicitly disabled
1.015 20 February 2015
- Escape special characters in user/role names
- Use the stored user credentials to look up roles
- Split credential checking into a separate method from generic binding
1.014 26 April 2013
- Don't fall back to unauthenticated bind when authenticating
1.013 9 January 2013
- fix for https://rt.cpan.org/Ticket/Display.html?id=81908 security hole.
1.012 5 October 2010
- add methods conforming to the Catalyst::Authentication::User API
This plugin uses "Net::LDAP" to let your application authenticate
against an LDAP directory. It has a pretty high degree of flexibility,
given the wide variation of LDAP directories and schemas from one system
to another.
It authenticates users in two steps:
1) A search of the directory is performed, looking for a user object
that matches the username you pass. This is done with the bind
credentials supplied in the "binddn" and "bindpw" configuration options.
2) If that object is found, we then re-bind to the directory as that
object. Assuming this is successful, the user is Authenticated.
CONFIGURATION OPTIONS
Configuring with YAML
Set Configuration to be loaded via Config.yml in YourApp.pm
use YAML qw(LoadFile);
use Path::Class 'file';
lib/Catalyst/Authentication/Store/LDAP.pm view on Meta::CPAN
This plugin implements the L<Catalyst::Authentication> v.10 API. Read that documentation first if
you are upgrading from a previous version of this plugin.
This plugin uses C<Net::LDAP> to let your application authenticate against
an LDAP directory. It has a pretty high degree of flexibility, given the
wide variation of LDAP directories and schemas from one system to another.
It authenticates users in two steps:
1) A search of the directory is performed, looking for a user object that
matches the username you pass. This is done with the bind credentials
supplied in the "binddn" and "bindpw" configuration options.
2) If that object is found, we then re-bind to the directory as that object.
Assuming this is successful, the user is Authenticated.
=head1 CONFIGURATION OPTIONS
=head2 Configuring with YAML
Set Configuration to be loaded via Config.yml in YourApp.pm
lib/Catalyst/Authentication/Store/LDAP/User.pm view on Meta::CPAN
Satisfies the Catalyst::Authentication::User API and returns the contents of the user()
attribute.
=cut
sub get_object { return shift->user }
=head2 ldap_connection
Re-binds to the auth store with the credentials of the user you logged in
as, and returns a L<Net::LDAP> object which you can use to do further queries.
=cut
sub ldap_connection {
my $self = shift;
$self->store->ldap_bind( undef, $self->ldap_entry->dn,
$_ldap_connection_passwords{refaddr($self)} );
}
t/10-roles-mock.t view on Meta::CPAN
], 'User searches as expected');
is_deeply(\@binds, [
[ undef ], # First user search
[
'ou=foobar',
'password',
'password'
], # Rebind to confirm user
[
undef
], # Rebind with initial credentials to find roles
[ undef ], # Second user search
# 2nd pass round main loop
[ undef ], # First user search
[
'ou=foobar',
'password',
'password'
], # Rebind to confirm user
[
'ou=foobar',
'password',
'password'
], # Rebind with user credentials to find roles
[ undef ], # Second user search
], 'Binds as expected');
done_testing;
( run in 0.264 second using v1.01-cache-2.11-cpan-a5abf4f5562 )