diff -ur jifty_src/jifty/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication/Ldap/Action/LDAPLogin.pm installed/Plugin/Authentication/Ldap/Action/LDAPLogin.pm --- jifty_src/jifty/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication/Ldap/Action/LDAPLogin.pm 2008-12-11 16:47:00.359954000 -0800 +++ installed/Plugin/Authentication/Ldap/Action/LDAPLogin.pm 2008-12-11 17:52:05.000000000 -0800 @@ -47,7 +47,7 @@ } - return $self->validation_ok('name'); + return $self->validation_ok('ldap_id'); } @@ -114,8 +114,10 @@ my $u = $user->user_object; # Update, just in case - $u->__set( column => 'name', value => $name ); - $u->__set( column => 'email', value => $email ); + $u->__set( column => 'ldap_id', value => $username ) unless ($u->ldap_id and $u->ldap_id eq $username); + $u->__set( column => 'name', value => $username ) unless ($u->name and length $u->name); + $u->__set( column => 'name', value => $name ) if ($name); + $u->__set( column => 'email', value => $email ) if ($email); # Login! diff -ur jifty_src/jifty/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication/Ldap/Mixin/Model/User.pm installed/Plugin/Authentication/Ldap/Mixin/Model/User.pm --- jifty_src/jifty/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication/Ldap/Mixin/Model/User.pm 2008-12-12 12:21:05.406361000 -0800 +++ installed/Plugin/Authentication/Ldap/Mixin/Model/User.pm 2008-12-11 18:03:29.000000000 -0800 @@ -22,8 +22,8 @@ column ldap_id => type is 'text', label is 'Ldap ID', - is distinct, - is immutable; + is distinct; + #is immutable; }; diff -ur jifty_src/jifty/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication/Ldap.pm installed/Plugin/Authentication/Ldap.pm --- jifty_src/jifty/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication/Ldap.pm 2008-12-11 12:15:08.388187000 -0800 +++ installed/Plugin/Authentication/Ldap.pm 2008-12-12 10:27:36.000000000 -0800 @@ -6,18 +6,23 @@ =head1 NAME -Jifty::Plugin::Authentication::Ldap - ldap authentication plugin +Jifty::Plugin::Authentication::Ldap - LDAP Authentication Plugin =head1 DESCRIPTION B This plugin is experimental. -This may be combined with the L plugin to provide user accounts and ldap password authentication to your application. +This may be combined with the L +Mixin to provide user accounts and ldap password authentication to your +application. + +When a new user authenticates using this plugin, a new User object will be created +automatically. The C and C fields will be automatically populated +with LDAP data. in etc/config.yml Plugins: - - Login: {} - Authentication::Ldap: LDAPhost: ldap.univ.fr # ldap server LDAPbase: ou=people,dc=..... # base ldap @@ -26,12 +31,59 @@ LDAPuid: uid # optional +Then create a user model + + jifty model --name=User + +and edit lib/App/Model/User.pm to look something like this: + + use strict; + use warnings; + + package Venice::Model::User; + + use Jifty::DBI::Schema; + use Venice::Record schema { + # More app-specific user columns go here + }; + + use Jifty::Plugin::User::Mixin::Model::User; + use Jifty::Plugin::Authentication::Ldap::Mixin::Model::User; + + sub current_user_can { + my $self = shift; + my $type = shift; + my %args = (@_); + + return 1; + } + + 1; + +=head2 ACTIONS + +This plugin will add the following actions to your application. +For testing you can access these from the Admin plugin. + +=over + +=item Jifty::Plugin::Authentication::Ldap::Action::LDAPLogin + +The login path is C. + +=item Jifty::Plugin::Authentication::Ldap::Action::LDAPLogout + +The login path is C. + +=back + +=cut =head2 METHODS =head2 prereq_plugins -This plugin depends on the L plugin. +This plugin depends on the L Mixin. =cut @@ -47,7 +99,52 @@ =head2 init -read etc/config.yml +The following options are available in your C +under the Authentication::Ldap Plugins section. + +=over + +=item C + +Your LDAP server. + +=item C + +The base object where your users live. + +=item C + +The DN that your organization uses to store Email addresses. This +gets copied into the User object as the C. + +=item C + +The DN that your organization uses to store Real Name. This gets +copied into the User object as the C. + +=item C + +The DN that your organization uses to store the user ID. Usually C. +This gets copied into the User object as the C. + +=item C + +These options get passed through to L. + +Default Options : + + debug => 0 + onerror => undef + async => 1 + +Other options you may want : + + timeout => 30 + +See C for a full list. You can overwrite the defaults +selectively or not at all. + +=back =cut @@ -56,11 +153,19 @@ my %args = @_; $params{'Hostname'} = $args{LDAPhost}; - $params{'base'} = $args{LDAPbase} or die "Need LDAPbase in plugin config"; - $params{'uid'} = $args{LDAPuid} || "uid"; - $params{'email'} = $args{LDAPMail} || ""; - $params{'name'} = $args{LDAPName} || "cn"; - $LDAP = Net::LDAP->new($params{Hostname},async=>1,onerror => 'undef', debug => 0) + $params{'base'} = $args{LDAPbase} or die "Need LDAPbase in plugin config"; + $params{'uid'} = $args{LDAPuid} || "uid"; + $params{'email'} = $args{LDAPMail} || ""; + $params{'name'} = $args{LDAPName} || "cn"; + my $opts = $args{LDAPOptions} || {}; + + # Default options for Net::LDAP + $opts->{'debug'} = 0 unless defined $opts->{'debug'}; + $opts->{'onerror'} = 'undef' unless defined $opts->{'onerror'}; + $opts->{'async'} = 1 unless defined $opts->{'async'}; + $params{'opts'} = $opts; + + $LDAP = Net::LDAP->new($params{Hostname},%{$opts}) or die "Can't connect to LDAP server ",$params{Hostname}; } @@ -84,6 +189,9 @@ return $params{'name'}; }; +sub opts { + return $params{'opts'}; +}; sub get_infos { @@ -107,11 +215,11 @@ =head1 SEE ALSO -L, L, L +L, L, L =head1 LICENSE -Jifty is Copyright 2005-2007 Best Practical Solutions, LLC. +Jifty is Copyright 2005-2008 Best Practical Solutions, LLC. Jifty is distributed under the same terms as Perl itself. =cut