Jesse Vincent > Jifty > Jifty::Plugin::AuthzLDAP

Download:
Jifty-0.70824.tar.gz

Dependencies

Annotate this POD

CPAN RT

New  13
Open  4
Stalled  1
View/Report Bugs
Source  

NAME ^

Jifty::Plugin::AuthzLDAP

DESCRIPTION ^

Jifty plugin. Provide ldap authorization with filters table and cache.

NOW FOR TESTING AND COMMENTS

CONFIGURATION NOTES ^

in etc/config.yml Plugins: - AuthzLDAP: LDAPbind: cn=testldap,ou=admins,dc=myorg,dc=org # LDAPpass: test # password LDAPhost: ldap.myorg.org # ldap host LDAPbase: ou=people,dc=myorg.. # ldap base LDAPuid: uid # optional CacheTimout: 20 # minutes, optional, default 20 minutes

in application create a LDAPFilter model use base qw/Jifty::Plugin::AuthzLDAP::Model::LDAPFilter/;

in LDAPFilter model create your filters, something like name |filter |is_group is_admin|(!eduPersonAffiliation=STUDENT)|0 in_admin|cn=admin,ou=groups,dc=my.org |1

to protect access to /admin in "TestApp" application create a lib/TestApp/Dispatcher.pm

    use strict;
    use warnings;

    package TestApp::Dispatcher;
    use Jifty::Dispatcher -base;

    before '/admin/*' => run {
       # Authentication
       Jifty->web->tangent(url => '/login')
            if (! Jifty->web->current_user->id);
       # Authorization
       my $user = Jifty->web->current_user->user_object->name;
       Jifty->web->tangent(url => '/error/AccessDenied')
            if (! Jifty::Plugin::AuthzLDAP->ldapvalidate($user,'is_admin') );
    };

    1

SEE ALSO ^

Net::LDAP

bind

Bind to ldap

validate NAME FILTERNAME

return 1 if NAME validate FILTER or NAME-FILTERNAME in cache else return 0

If FILTERNAME is flagged as is_group, search if user is uniquemember of this group as supported by the Netscape Directory Server

syntax highlighting: