[jifty-devel] LDAP Plugins

Max Baker max at warped.org
Thu Dec 11 21:47:36 EST 2008 

Hi Yves,


Yves Agostini wrote:
> unlucky : AuthLDAPLogin and AuthLDAPOnly are deprecated. 
>
>   

Good to know, thanks for your help.

> You need to use Authentication::Ldap.  Authentication::Ldap add all
> users to your local user table where you can add easily add fields. 
> https://svn.univ-metz.fr/svnweb/index.cgi/pub_Uguest/view/trunk/lib/Uguest/Model/User.pm
>
> You can use AuthzLDAP to add filter to find with ldap attributes, which
> users can write in your application.
>
> here you can find a sample use of AuthzLDAP
> https://svn.univ-metz.fr/svnweb/index.cgi/pub_Uguest/view/trunk/lib/Uguest/Dispatcher.pm
>
> You can certainly write your own plugin (Authentication::LdapReader ?)
> where you don't register user in local table.

The sample code from your application helps a lot.

For the record, I am now running the SVN head version, and here's what I 
have  :

config.yml:
----------------------------------------------------------------------
  Plugins:
    - Authentication::Ldap:
       LDAPhost: ldap.company.com
       LDAPbase: ou=People,dc=company,dc=com
       LDAPName: cn
       LDAPMail: mail
       LDAPuid: uid
...
  LogLevel: DEBUG
----------------------------------------------------------------------

Note that I *did not* include the User plugin as told to in the POD.  
This is on suggestion from people in #jifty. 

This is working now, and my app will authenticate correctly.  However 
now the code to automatically add a user seems to be broken.  It adds an 
empty row to the database with all fields blank.   I added some debug 
code to make sure that LDAP was returning the correct information.

The problem seems to lie here:

Plugin/Authentication/Ldap/Action/LDAPLogin.pm
----------------------------------------------------------------------
 94     # Autocreate the user if necessary
 95     if ( not $user->id ) {
 96         my $action = Jifty->web->new_action(
 97             class           => 'CreateUser',
 98             current_user    => $current_user->superuser,
 99             arguments       => {
100                 ldap_id => $username
101             }
102         );
103         $action->run;
104
105         if ( not $action->result->success ) {
106             # Should this be less "friendly"?
107             $self->result->error(_("Sorry, something weird happened 
(we couldn't create a user f
108             return;
109         }
110
111         $user = $current_user->new( ldap_id => $username );
112     }
113
114     my $u = $user->user_object;
115
116     # Update, just in case
117     $u->__set( column => 'ldap_id', value => $username ) unless 
($u->ldap_id and $u->ldap_id eq
118     $u->__set( column => 'name', value => $username )    unless 
($u->name and length $u->name);
119     $u->__set( column => 'name', value => $name )    if ($name);
120     $u->__set( column => 'email', value => $email )  if ($email);
----------------------------------------------------------------------

Note that 117-120 are changed from stock because I was fooling around 
trying to get it to work.  But even when stock, they didn't seem to work 
-- no data was written into the database!   And the ui now says "Hiya 
,"  so the username is empty in the user object as well.

Any ideas folks?

Thanks!
-m

More information about the jifty-devel mailing list