Jifty::Plugin::Authentication::Ldap - LDAP Authentication Plugin for Jifty
CAUTION: This plugin is experimental.
This may be combined with the User Mixin to provide user accounts and ldap password authentication to your application.
When a new user authenticates using this plugin,
a new User object will be created automatically.
The name and email fields will be automatically populated with LDAP data.
in etc/config.yml
Plugins:
- Authentication::Ldap:
LDAPhost: ldap.univ.fr # ldap server
LDAPbase: ou=people,dc=..... # base ldap
LDAPName: displayname # name to be displayed (cn givenname)
LDAPMail: mailLocalAddress # email used optional
LDAPuid: uid # optional
Then create a user model
jifty model --name=User
and edit lib/App/Model/User.pm to look something like this:
use strict;
use warnings;
package Venice::Model::User;
use Jifty::DBI::Schema;
use Venice::Record schema {
# More app-specific user columns go here
};
use Jifty::Plugin::User::Mixin::Model::User;
use Jifty::Plugin::Authentication::Ldap::Mixin::Model::User;
sub current_user_can {
my $self = shift;
my $type = shift;
my %args = (@_);
return 1 if
$self->current_user->is_superuser;
# all logged in users can read this table
return 1
if ($type eq 'read' && $self->current_user->id);
return $self->SUPER::current_user_can($type, @_);
};
1;
This plugin will add the following actions to your application. For testing you can access these from the Admin plugin.
The login path is /ldaplogin.
The logout path is /ldaplogout.
This plugin depends on the User Mixin.
The following options are available in your config.yml under the Authentication::Ldap Plugins section.
LDAPhostYour LDAP server.
LDAPbaseThe base object where your users live.
LDAPMailThe DN that your organization uses to store Email addresses. This gets copied into the User object as the email.
LDAPNameThe DN that your organization uses to store Real Name. This gets copied into the User object as the name.
LDAPuidThe DN that your organization uses to store the user ID. Usually cn. This gets copied into the User object as the ldap_id.
LDAPOptionsThese options get passed through to Net::LDAP.
Default Options :
debug => 0 onerror => undef async => 1
Other options you may want :
timeout => 30
See Net::LDAP for a full list. You can overwrite the defaults selectively or not at all.
Jifty::Manual::AccessControl, Jifty::Plugin::User::Mixin::Model::User, Net::LDAP
Yves Agostini, <yvesago@cpan.org>
and others authors from Jifty (maxbaker, clkao, sartak, alexmv)
Copyright 2007-2009 Yves Agostini. All Rights Reserved.
This program is free software and may be modified and distributed under the same terms as Perl itself.
