[Jifty-commit] r6104 - in jifty/trunk/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication: . Ldap/Action
Jifty commits
jifty-commit at lists.jifty.org
Fri Dec 12 17:50:16 EST 2008
Author: maxbaker
Date: Fri Dec 12 17:50:15 2008
New Revision: 6104
Modified:
jifty/trunk/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication/Ldap.pm
jifty/trunk/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication/Ldap/Action/LDAPLogin.pm
jifty/trunk/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication/Ldap/Mixin/Model/User.pm
Log:
[Authentication::Ldap]
* Fix small bug in Authentication::Ldap::Action::LDAPLogin.pm in
validate_ldap_id() that causes it to throw a warning
* Add new config option "LDAPOptions" that is a pass-through to Net::LDAP
* Allow override of default settings sent to Net::LDAP using above
* Borrow some code from Authentication::CAS to make sure the user object
has correct data all the time
* Lots of documentation
Modified: jifty/trunk/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication/Ldap.pm
==============================================================================
--- jifty/trunk/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication/Ldap.pm (original)
+++ jifty/trunk/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication/Ldap.pm Fri Dec 12 17:50:15 2008
@@ -6,18 +6,23 @@
=head1 NAME
-Jifty::Plugin::Authentication::Ldap - ldap authentication plugin
+Jifty::Plugin::Authentication::Ldap - LDAP Authentication Plugin
=head1 DESCRIPTION
B<CAUTION:> This plugin is experimental.
-This may be combined with the L<Jifty::Plugin::User> plugin to provide user accounts and ldap password authentication to your application.
+This may be combined with the L<User|Jifty::Plugin::User::Mixin::Model::User>
+Mixin to provide user accounts and ldap password authentication to your
+application.
+
+When a new user authenticates using this plugin, a new User object will be created
+automatically. The C<name> and C<email> fields will be automatically populated
+with LDAP data.
in etc/config.yml
Plugins:
- - Login: {}
- Authentication::Ldap:
LDAPhost: ldap.univ.fr # ldap server
LDAPbase: ou=people,dc=..... # base ldap
@@ -26,12 +31,59 @@
LDAPuid: uid # optional
+Then create a user model
+
+ jifty model --name=User
+
+and edit lib/App/Model/User.pm to look something like this:
+
+ use strict;
+ use warnings;
+
+ package Venice::Model::User;
+
+ use Jifty::DBI::Schema;
+ use Venice::Record schema {
+ # More app-specific user columns go here
+ };
+
+ use Jifty::Plugin::User::Mixin::Model::User;
+ use Jifty::Plugin::Authentication::Ldap::Mixin::Model::User;
+
+ sub current_user_can {
+ my $self = shift;
+ my $type = shift;
+ my %args = (@_);
+
+ return 1;
+ }
+
+ 1;
+
+=head2 ACTIONS
+
+This plugin will add the following actions to your application.
+For testing you can access these from the Admin plugin.
+
+=over
+
+=item Jifty::Plugin::Authentication::Ldap::Action::LDAPLogin
+
+The login path is C</ldaplogin>.
+
+=item Jifty::Plugin::Authentication::Ldap::Action::LDAPLogout
+
+The logout path is C</ldaplogout>.
+
+=back
+
+=cut
=head2 METHODS
=head2 prereq_plugins
-This plugin depends on the L<User|Jifty::Plugin::User> plugin.
+This plugin depends on the L<User|Jifty::Plugin::User::Mixin::Model::User> Mixin.
=cut
@@ -45,9 +97,54 @@
my ($LDAP, %params);
-=head2 init
+=head2 Configuration
+
+The following options are available in your C<config.yml>
+under the Authentication::Ldap Plugins section.
+
+=over
+
+=item C<LDAPhost>
+
+Your LDAP server.
+
+=item C<LDAPbase>
+
+The base object where your users live.
-read etc/config.yml
+=item C<LDAPMail>
+
+The DN that your organization uses to store Email addresses. This
+gets copied into the User object as the C<email>.
+
+=item C<LDAPName>
+
+The DN that your organization uses to store Real Name. This gets
+copied into the User object as the C<name>.
+
+=item C<LDAPuid>
+
+The DN that your organization uses to store the user ID. Usually C<cn>.
+This gets copied into the User object as the C<ldap_id>.
+
+=item C<LDAPOptions>
+
+These options get passed through to L<Net::LDAP>.
+
+Default Options :
+
+ debug => 0
+ onerror => undef
+ async => 1
+
+Other options you may want :
+
+ timeout => 30
+
+See C<Net::LDAP> for a full list. You can overwrite the defaults
+selectively or not at all.
+
+=back
=cut
@@ -56,11 +153,19 @@
my %args = @_;
$params{'Hostname'} = $args{LDAPhost};
- $params{'base'} = $args{LDAPbase} or die "Need LDAPbase in plugin config";
- $params{'uid'} = $args{LDAPuid} || "uid";
- $params{'email'} = $args{LDAPMail} || "";
- $params{'name'} = $args{LDAPName} || "cn";
- $LDAP = Net::LDAP->new($params{Hostname},async=>1,onerror => 'undef', debug => 0)
+ $params{'base'} = $args{LDAPbase} or die "Need LDAPbase in plugin config";
+ $params{'uid'} = $args{LDAPuid} || "uid";
+ $params{'email'} = $args{LDAPMail} || "";
+ $params{'name'} = $args{LDAPName} || "cn";
+ my $opts = $args{LDAPOptions} || {};
+
+ # Default options for Net::LDAP
+ $opts->{'debug'} = 0 unless defined $opts->{'debug'};
+ $opts->{'onerror'} = 'undef' unless defined $opts->{'onerror'};
+ $opts->{'async'} = 1 unless defined $opts->{'async'};
+ $params{'opts'} = $opts;
+
+ $LDAP = Net::LDAP->new($params{Hostname},%{$opts})
or die "Can't connect to LDAP server ",$params{Hostname};
}
@@ -84,6 +189,9 @@
return $params{'name'};
};
+sub opts {
+ return $params{'opts'};
+};
sub get_infos {
@@ -107,11 +215,11 @@
=head1 SEE ALSO
-L<Jifty::Manual::AccessControl>, L<Jifty::Plugin::User>, L<Net::LDAP>
+L<Jifty::Manual::AccessControl>, L<Jifty::Plugin::User::Mixin::Model::User>, L<Net::LDAP>
=head1 LICENSE
-Jifty is Copyright 2005-2007 Best Practical Solutions, LLC.
+Jifty is Copyright 2005-2008 Best Practical Solutions, LLC.
Jifty is distributed under the same terms as Perl itself.
=cut
Modified: jifty/trunk/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication/Ldap/Action/LDAPLogin.pm
==============================================================================
--- jifty/trunk/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication/Ldap/Action/LDAPLogin.pm (original)
+++ jifty/trunk/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication/Ldap/Action/LDAPLogin.pm Fri Dec 12 17:50:15 2008
@@ -47,7 +47,7 @@
}
- return $self->validation_ok('name');
+ return $self->validation_ok('ldap_id');
}
@@ -114,8 +114,10 @@
my $u = $user->user_object;
# Update, just in case
- $u->__set( column => 'name', value => $name );
- $u->__set( column => 'email', value => $email );
+ $u->__set( column => 'ldap_id', value => $username ) unless ($u->ldap_id and $u->ldap_id eq $username);
+ $u->__set( column => 'name', value => $username ) unless ($u->name and length $u->name);
+ $u->__set( column => 'name', value => $name ) if ($name);
+ $u->__set( column => 'email', value => $email ) if ($email);
# Login!
Modified: jifty/trunk/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication/Ldap/Mixin/Model/User.pm
==============================================================================
--- jifty/trunk/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication/Ldap/Mixin/Model/User.pm (original)
+++ jifty/trunk/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication/Ldap/Mixin/Model/User.pm Fri Dec 12 17:50:15 2008
@@ -22,8 +22,8 @@
column ldap_id =>
type is 'text',
label is 'Ldap ID',
- is distinct,
- is immutable;
+ is distinct;
+ #is immutable;
};
More information about the Jifty-commit
mailing list