Dancer2-Plugin-Auth-Extensible-Provider-LDAP
1 match

 view release on metacpan or  search on metacpan

lib/Dancer2/Plugin/Auth/Extensible/Provider/LDAP.pm  view on Meta::CPAN 


The attribute of a user object who's value should be the value used to identify
which roles a specific user is a member of.

Defaults to 'dn'

=cut

has role_member_attribute_name => (
    is      => 'ro',
    isa     => Str,
    default => 'dn',
);

=head2 role_member_attribute

The attribute of a role object who's value should be the value of a user's
L</role_member_attribute_name> attribute to look up which roles a user is a
member of.

Defaults to 'member'.

=cut

has role_member_attribute => (
    is      => 'ro',
    isa     => Str,
    default => 'member',
);

sub _unbind_ldap {
    my ($self) = @_;

    return
      unless $self->_has_ldap;

    my $ldap = $self->ldap;

    $ldap->unbind;
    $ldap->disconnect;
    $self->_clear_ldap;
}

sub _bind_ldap {
    my ( $self, $username, $dummy, $password ) = @_;

    my $ldap = $self->ldap or return;

    # If either username or password is defined, ensure we have both,
    # otherwise we cannot bind to LDAP. Otherwise, assume we are going
    # to anonymously bind.
    my $mesg;
    if( !defined $username && !defined $password ) {
        $self->plugin->app->log( debug => "Binding to LDAP anonymously" );
        $mesg = $ldap->bind;
    }
    else {
        croak "username and password must be defined"
            unless defined $username && defined $password;

        $self->plugin->app->log( debug => "Binding to LDAP with credentials" );
        $mesg = $ldap->bind( $username, password => $password );
    }

    return $mesg;
}

=head1 METHODS

=head2 authenticate_user $username, $password

=cut

sub authenticate_user {
    my ( $self, $username, $password ) = @_;

    croak "username and password must be defined"
      unless defined $username && defined $password;

    my $user = $self->get_user_details($username) or return;

    my $ldap = $self->ldap or return;

    my $mesg = $self->_bind_ldap( $user->{dn}, password => $password );

    $self->_unbind_ldap;

    return not $mesg->is_error;
}

=head2 get_user_details $username

=cut

sub get_user_details {
    my ( $self, $username ) = @_;

    croak "username must be defined"
      unless defined $username;

    my $ldap = $self->ldap or return;

    my $mesg = $self->_bind_ldap( $self->binddn, password => $self->bindpw );

    if ( $mesg->is_error ) {
        croak "LDAP bind error: " . $mesg->error;
    }

    $mesg = $ldap->search(
        base   => $self->basedn,
        sizelimit => 1,
        filter => '(&'
          . $self->user_filter
          . '(' . $self->username_attribute . '=' . $username . '))',
    );

    if ( $mesg->is_error ) {
        croak "LDAP search error: " . $mesg->error;
    }

    my $user;



( run in 3.188 seconds using v1.01-cache-2.11-cpan-39bf76dae61 )