[jifty-devel] LDAP Plugins

Max Baker max at warped.org
Fri Dec 12 15:40:01 EST 2008 

Hi all,

Attached is a patch for Authentication::Ldap that does the following :

1. Add links to Authentication::Ldap and Authentication::CAS from 
Manual::AccessControl

2. Fix small bug in Authentication::Ldap::Action::LDAPLogin.pm in 
validate_ldap_id() that causes it to throw a warning

3. Add new config option "LDAPOptions" that is a pass-through to Net::LDAP

4. Allow override of default settings to Net::LDAP using above

5. Borrow some code from Authentication::CAS to make sure the user 
object has correct data all the time

6. Lots of documentation

Any improvements, coding standards, or comments are welcome -- I'm just 
getting familiarized w/ Jifty.

Now that I have the user and LDAP part down, I can go make an app!  
Thanks for all the help on #jifty and here.

-m


Yves Agostini wrote:
> Le jeudi 11 décembre 2008 à 18:47 -0800, Max Baker a écrit :
>   
>> Hi Yves,
>>
>>
>> Yves Agostini wrote:
>>     
>>> unlucky : AuthLDAPLogin and AuthLDAPOnly are deprecated. 
>>>
>>>   
>>>       
>> Good to know, thanks for your help.
>>
>>     
>>> You need to use Authentication::Ldap.  Authentication::Ldap add all
>>> users to your local user table where you can add easily add fields. 
>>> https://svn.univ-metz.fr/svnweb/index.cgi/pub_Uguest/view/trunk/lib/Uguest/Model/User.pm
>>>
>>> You can use AuthzLDAP to add filter to find with ldap attributes, which
>>> users can write in your application.
>>>
>>> here you can find a sample use of AuthzLDAP
>>> https://svn.univ-metz.fr/svnweb/index.cgi/pub_Uguest/view/trunk/lib/Uguest/Dispatcher.pm
>>>
>>> You can certainly write your own plugin (Authentication::LdapReader ?)
>>> where you don't register user in local table.
>>>       
>> The sample code from your application helps a lot.
>>
>> For the record, I am now running the SVN head version, and here's what I 
>> have  :
>>
>> config.yml:
>> ----------------------------------------------------------------------
>>   Plugins:
>>     - Authentication::Ldap:
>>        LDAPhost: ldap.company.com
>>        LDAPbase: ou=People,dc=company,dc=com
>>        LDAPName: cn
>>        LDAPMail: mail
>>        LDAPuid: uid
>> ...
>>   LogLevel: DEBUG
>> ----------------------------------------------------------------------
>>
>> Note that I *did not* include the User plugin as told to in the POD.  
>> This is on suggestion from people in #jifty. 
>>     
>
> I think you need the "Mixin User" plugin as ldap plugin add new user in
> this table
>
> so you need something like :
>
> use yourApp::Record schema {
>  ....
> };
>
> use Jifty::Plugin::User::Mixin::Model::User;
> use Jifty::Plugin::Authentication::Ldap::Mixin::Model::User;
>
>   
>> This is working now, and my app will authenticate correctly.  However 
>> now the code to automatically add a user seems to be broken.  It adds an 
>> empty row to the database with all fields blank.   I added some debug 
>> code to make sure that LDAP was returning the correct information.
>>
>> The problem seems to lie here:
>>
>> Plugin/Authentication/Ldap/Action/LDAPLogin.pm
>> ----------------------------------------------------------------------
>>  94     # Autocreate the user if necessary
>>  95     if ( not $user->id ) {
>>  96         my $action = Jifty->web->new_action(
>>  97             class           => 'CreateUser',
>>  98             current_user    => $current_user->superuser,
>>  99             arguments       => {
>> 100                 ldap_id => $username
>> 101             }
>> 102         );
>> 103         $action->run;
>> 104
>> 105         if ( not $action->result->success ) {
>> 106             # Should this be less "friendly"?
>> 107             $self->result->error(_("Sorry, something weird happened 
>> (we couldn't create a user f
>> 108             return;
>> 109         }
>> 110
>> 111         $user = $current_user->new( ldap_id => $username );
>> 112     }
>> 113
>> 114     my $u = $user->user_object;
>> 115
>> 116     # Update, just in case
>> 117     $u->__set( column => 'ldap_id', value => $username ) unless 
>> ($u->ldap_id and $u->ldap_id eq
>> 118     $u->__set( column => 'name', value => $username )    unless 
>> ($u->name and length $u->name);
>> 119     $u->__set( column => 'name', value => $name )    if ($name);
>> 120     $u->__set( column => 'email', value => $email )  if ($email);
>> ----------------------------------------------------------------------
>>
>> Note that 117-120 are changed from stock because I was fooling around 
>> trying to get it to work.  But even when stock, they didn't seem to work 
>> -- no data was written into the database!   And the ui now says "Hiya 
>> ,"  so the username is empty in the user object as well.
>>     
>
> take care with current_user_can maybe you can't read or can't write
>
> you can try with :
>
> sub current_user_can {
>     my $self = shift;
>     my $type = shift;
>     my %args = (@_);
>     
>     return 1;
> }
>
>
>   
>> Any ideas folks?
>>
>> Thanks!
>> -m
>>
>>
>>     

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: jifty_authentication_ldap_maxb.patch
Url: http://lists.jifty.org/pipermail/jifty-devel/attachments/20081212/290248bc/attachment.txt 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: jifty_manual_access_control_maxb.patch
Url: http://lists.jifty.org/pipermail/jifty-devel/attachments/20081212/290248bc/attachment-0001.txt

More information about the jifty-devel mailing list