Catalyst-Authentication-Store-LDAP
view release on metacpan or search on metacpan
lib/Catalyst/Authentication/Store/LDAP.pm view on Meta::CPAN
credential => {
class => "Password",
password_field => "password",
password_type => "self_check",
},
store => {
binddn => "anonymous",
bindpw => "dontcarehow",
class => "LDAP",
ldap_server => "ldap.yourcompany.com",
ldap_server_options => { timeout => 30 },
role_basedn => "ou=groups,ou=OxObjects,dc=yourcompany,dc=com",
role_field => "uid",
role_filter => "(&(objectClass=posixGroup)(memberUid=%s))",
role_scope => "one",
role_search_options => { deref => "always" },
role_value => "dn",
role_search_as_user => 0,
start_tls => 1,
start_tls_options => { verify => "none" },
entry_class => "MyApp::LDAP::Entry",
use_roles => 1,
user_basedn => "ou=people,dc=yourcompany,dc=com",
user_field => "uid",
user_filter => "(&(objectClass=posixAccount)(uid=%s))",
user_scope => "one", # or "sub" for Active Directory
user_search_options => {
deref => 'always',
attrs => [qw( distinguishedname name mail )],
},
user_results_filter => sub { return shift->pop_entry },
persist_in_session => 'all',
},
},
},
},
);
sub login : Global {
my ( $self, $c ) = @_;
$c->authenticate({
id => $c->req->param("login"),
password => $c->req->param("password")
});
$c->res->body("Welcome " . $c->user->username . "!");
}
=head1 DESCRIPTION
This plugin implements the L<Catalyst::Authentication> v.10 API. Read that documentation first if
you are upgrading from a previous version of this plugin.
This plugin uses C<Net::LDAP> to let your application authenticate against
an LDAP directory. It has a pretty high degree of flexibility, given the
wide variation of LDAP directories and schemas from one system to another.
It authenticates users in two steps:
1) A search of the directory is performed, looking for a user object that
matches the username you pass. This is done with the bind credentials
supplied in the "binddn" and "bindpw" configuration options.
2) If that object is found, we then re-bind to the directory as that object.
Assuming this is successful, the user is Authenticated.
=head1 CONFIGURATION OPTIONS
=head2 Configuring with YAML
Set Configuration to be loaded via Config.yml in YourApp.pm
use YAML qw(LoadFile);
use Path::Class 'file';
__PACKAGE__->config(
LoadFile(
file(__PACKAGE__->config->{home}, 'Config.yml')
)
);
Settings in Config.yml (adapt these to whatever configuration format you use):
# Config for Store::LDAP
authentication:
default_realm: ldap
realms:
ldap:
credential:
class: Password
password_field: password
password_type: self_check
store:
class: LDAP
ldap_server: ldap.yourcompany.com
ldap_server_options:
timeout: 30
binddn: anonymous
bindpw: dontcarehow
start_tls: 1
start_tls_options:
verify: none
user_basedn: ou=people,dc=yourcompany,dc=com
user_filter: (&(objectClass=posixAccount)(uid=%s))
user_scope: one
user_field: uid
user_search_options:
deref: always
use_roles: 1
role_basedn: ou=groups,ou=OxObjects,dc=yourcompany,dc=com
role_filter: (&(objectClass=posixGroup)(memberUid=%s))
role_scope: one
role_field: uid
role_value: dn
role_search_options:
deref: always
B<NOTE:> The settings above reflect the default values for OpenLDAP. If you
are using Active Directory instead, Matija Grabnar suggests that the following
tweeks to the example configuration will work:
( run in 0.488 second using v1.01-cache-2.11-cpan-cdf2f3d4e48 )