Jifty::Plugin::Authentication::Ldap - LDAP Authentication Plugin for Jifty
CAUTION: This plugin is experimental.
This may be combined with the User Mixin to provide user accounts and ldap password authentication to your application.
When a new user authenticates using this plugin, a new User object will be created automatically. The name and email fields will be automatically populated with LDAP data.
name
email
in etc/config.yml
Plugins: - Authentication::Ldap: LDAPhost: ldap.univ.fr # ldap server LDAPbase: ou=people,dc=..... # base ldap LDAPName: displayname # name to be displayed (cn givenname) LDAPMail: mailLocalAddress # email used optional LDAPuid: uid # optional
Then create a user model
jifty model --name=User
and edit lib/App/Model/User.pm to look something like this:
use strict; use warnings; package Venice::Model::User; use Jifty::DBI::Schema; use Venice::Record schema { # More app-specific user columns go here }; use Jifty::Plugin::User::Mixin::Model::User; use Jifty::Plugin::Authentication::Ldap::Mixin::Model::User; sub current_user_can { my $self = shift; my $type = shift; my %args = (@_); return 1 if $self->current_user->is_superuser; # all logged in users can read this table return 1 if ($type eq 'read' && $self->current_user->id); return $self->SUPER::current_user_can($type, @_); }; 1;
This plugin will add the following actions to your application. For testing you can access these from the Admin plugin.
The login path is /ldaplogin.
/ldaplogin
The logout path is /ldaplogout.
/ldaplogout
This plugin depends on the User Mixin.
The following options are available in your config.yml under the Authentication::Ldap Plugins section.
config.yml
LDAPhost
Your LDAP server.
LDAPbase
[Mandatory] The base object where your users live. If LDAPBindTemplate is defined, LDAPbase is only used for user search.
LDAPBindTemplate
Alternatively to LDAPbase, you can specify here the whole DN string, with %u as a placeholder for UID.
LDAPMail
The DN that your organization uses to store Email addresses. This gets copied into the User object as the email.
LDAPName
The DN that your organization uses to store Real Name. This gets copied into the User object as the name.
LDAPuid
The DN that your organization uses to store the user ID. Usually cn. This gets copied into the User object as the ldap_id.
cn
ldap_id
LDAPOptions
These options get passed through to Net::LDAP.
Default Options :
debug => 0 onerror => undef async => 1
Other options you may want :
timeout => 30
See Net::LDAP for a full list. You can overwrite the defaults selectively or not at all.
Net::LDAP
LDAPLoginHooks
Optional list of Perl functions that would be called after a successful login and after a corresponding User object is loaded and updated. The function is called with a hash array arguments, as follows:
username => string user_object => User object ldap => Net::LDAP object infos => User attributes as returned by get_infos
LDAPFetchUserAttr
Optional list of LDAP user attributes fetched by get_infos. The values are returned to the login hook as arrayrefs.
The following example authenticates the application against a MS Active Directory server for the domain MYDOMAIN. Each user entry has the attribute 'department' which is used for authorization. LDAPbase is used for user searching, and binding is done in a Microsoft way. The login hook checks if the user belongs to specific departments and updates the user record.
###### # etc/config.yml: Plugins: - User: {} - Authentication::Ldap: LDAPhost: ldap1.mydomain.com LDAPbase: 'DC=mydomain,DC=com' LDAPBindTemplate: 'MYDOMAIN\%u' LDAPName: displayName LDAPMail: mail LDAPuid: cn LDAPFetchUserAttr: - department LDAPLoginHooks: - 'Myapp::Model::User::ldap_login_hook' ###### # package Myapp::Model::User; sub ldap_login_hook { my %args = @_; my $u = $args{'user_object'}; my $department = $args{'infos'}->{'department'}[0]; my $editor = 0; if( $department eq 'NOC' or $department eq 'ENGINEERING' ) { $editor = 1; } $u->__set( column => 'is_content_editor', value => $editor ); }
Jifty::Manual::AccessControl, Jifty::Plugin::User::Mixin::Model::User, Net::LDAP
Yves Agostini, <yvesago@cpan.org>, Stanislav Sinyagin
and others authors from Jifty (maxbaker, clkao, sartak, alexmv)
Copyright 2007-2010 Yves Agostini. All Rights Reserved.
This program is free software and may be modified and distributed under the same terms as Perl itself.
To install Jifty::Plugin::Authentication::Ldap, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Jifty::Plugin::Authentication::Ldap
CPAN shell
perl -MCPAN -e shell install Jifty::Plugin::Authentication::Ldap
For more information on module installation, please visit the detailed CPAN module installation guide.