Perl
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
lib/Jifty/Plugin/Authentication
share/po
t
.gitignore
Changes
Makefile.PL
README

README

NAME
    Jifty::Plugin::Authentication::Ldap - LDAP Authentication Plugin for
    Jifty

DESCRIPTION
    CAUTION: This plugin is experimental.

    This may be combined with the User Mixin to provide user accounts and
    ldap password authentication to your application.

    When a new user authenticates using this plugin, a new User object will
    be created automatically. The "name" and "email" fields will be
    automatically populated with LDAP data.

    in etc/config.yml

      Plugins: 
        - Authentication::Ldap: 
           LDAPhost: ldap.univ.fr           # ldap server
           LDAPbase: ou=people,dc=.....     # base ldap
           LDAPName: displayname            # name to be displayed (cn givenname)
           LDAPMail: mailLocalAddress       # email used optional
           LDAPuid: uid                     # optional

    Then create a user model

      jifty model --name=User

    and edit lib/App/Model/User.pm to look something like this:

      use strict;
      use warnings;
      
  package Venice::Model::User;
      
  use Jifty::DBI::Schema;
      use Venice::Record schema {
            # More app-specific user columns go here
      };
      
  use Jifty::Plugin::User::Mixin::Model::User;
      use Jifty::Plugin::Authentication::Ldap::Mixin::Model::User;
      
  sub current_user_can {
          my $self = shift;
          my $type = shift;
          my %args = (@_);
          
    return 1 if
              $self->current_user->is_superuser;
        
    # all logged in users can read this table
        return 1
            if ($type eq 'read' && $self->current_user->id);
        
    return $self->SUPER::current_user_can($type, @_);
      };
      
  1;

  ACTIONS
    This plugin will add the following actions to your application. For
    testing you can access these from the Admin plugin.

    Jifty::Plugin::Authentication::Ldap::Action::LDAPLogin
        The login path is "/ldaplogin".

    Jifty::Plugin::Authentication::Ldap::Action::LDAPLogout
        The logout path is "/ldaplogout".

  METHODS
  prereq_plugins
    This plugin depends on the User Mixin.

  Configuration
    The following options are available in your "config.yml" under the
    Authentication::Ldap Plugins section.

    "LDAPhost"
        Your LDAP server.

    "LDAPbase"
        [Mandatory] The base object where your users live. If
        "LDAPBindTemplate" is defined, "LDAPbase" is only used for user
        search.

    "LDAPBindTemplate"
        Alternatively to "LDAPbase", you can specify here the whole DN
        string, with *%u* as a placeholder for UID.

    "LDAPMail"
        The DN that your organization uses to store Email addresses. This
        gets copied into the User object as the "email".

    "LDAPName"
        The DN that your organization uses to store Real Name. This gets
        copied into the User object as the "name".

    "LDAPuid"
        The DN that your organization uses to store the user ID. Usually
        "cn". This gets copied into the User object as the "ldap_id".

    "LDAPOptions"
        These options get passed through to Net::LDAP.

        Default Options :

         debug   => 0
         onerror => undef
         async   => 1

        Other options you may want :

         timeout => 30

        See "Net::LDAP" for a full list. You can overwrite the defaults
        selectively or not at all.

    "LDAPLoginHooks"
        Optional list of Perl functions that would be called after a
        successful login and after a corresponding User object is loaded and
        updated. The function is called with a hash array arguments, as
        follows:

          username => string
          user_object => User object
          ldap => Net::LDAP object
          infos => User attributes as returned by get_infos

    "LDAPFetchUserAttr"
        Optional list of LDAP user attributes fetched by get_infos. The
        values are returned to the login hook as arrayrefs.

  Example
    The following example authenticates the application against a MS Active
    Directory server for the domain MYDOMAIN. Each user entry has the
    attribute 'department' which is used for authorization. "LDAPbase" is
    used for user searching, and binding is done in a Microsoft way. The
    login hook checks if the user belongs to specific departments and
    updates the user record.

     ######
     #   etc/config.yml:  
      Plugins: 
        - User: {}
        - Authentication::Ldap:
           LDAPhost: ldap1.mydomain.com
           LDAPbase: 'DC=mydomain,DC=com'
           LDAPBindTemplate: 'MYDOMAIN\%u'
           LDAPName: displayName
           LDAPMail: mail
           LDAPuid: cn
           LDAPFetchUserAttr:
             - department
           LDAPLoginHooks:
             - 'Myapp::Model::User::ldap_login_hook'

      ######
      #  package Myapp::Model::User;
      sub ldap_login_hook
      {
          my %args = @_;

          my $u = $args{'user_object'};    
          my $department = $args{'infos'}->{'department'}[0];

          my $editor = 0;
          if( $department eq 'NOC' or
              $department eq 'ENGINEERING' )
          {
              $editor = 1;
          }

          $u->__set( column => 'is_content_editor', value => $editor );
      }

SEE ALSO
    Jifty::Manual::AccessControl, Jifty::Plugin::User::Mixin::Model::User,
    Net::LDAP

AUTHORS
    Yves Agostini, <yvesago@cpan.org>, Stanislav Sinyagin

    and others authors from Jifty (maxbaker, clkao, sartak, alexmv)

LICENSE
    Copyright 2007-2010 Yves Agostini. All Rights Reserved.

    This program is free software and may be modified and distributed under
    the same terms as Perl itself.