[Jifty-commit] r6104 - in jifty/trunk/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication: . Ldap/Action

Jifty commits jifty-commit at lists.jifty.org
Fri Dec 12 17:50:16 EST 2008 

Author: maxbaker
Date: Fri Dec 12 17:50:15 2008
New Revision: 6104

Modified:
   jifty/trunk/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication/Ldap.pm
   jifty/trunk/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication/Ldap/Action/LDAPLogin.pm
   jifty/trunk/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication/Ldap/Mixin/Model/User.pm

Log:
[Authentication::Ldap]
    * Fix small bug in Authentication::Ldap::Action::LDAPLogin.pm in
      validate_ldap_id() that causes it to throw a warning
    * Add new config option "LDAPOptions" that is a pass-through to Net::LDAP
    * Allow override of default settings sent to Net::LDAP using above
    * Borrow some code from Authentication::CAS to make sure the user object
      has correct data all the time
    * Lots of documentation



Modified: jifty/trunk/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication/Ldap.pm
==============================================================================
--- jifty/trunk/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication/Ldap.pm	(original)
+++ jifty/trunk/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication/Ldap.pm	Fri Dec 12 17:50:15 2008
@@ -6,18 +6,23 @@
 
 =head1 NAME
 
-Jifty::Plugin::Authentication::Ldap - ldap authentication plugin
+Jifty::Plugin::Authentication::Ldap - LDAP Authentication Plugin
 
 =head1 DESCRIPTION
 
 B<CAUTION:> This plugin is experimental.
 
-This may be combined with the L<Jifty::Plugin::User> plugin to provide user accounts and ldap password authentication to your application.
+This may be combined with the L<User|Jifty::Plugin::User::Mixin::Model::User>
+Mixin to provide user accounts and ldap password authentication to your
+application.
+
+When a new user authenticates using this plugin, a new User object will be created
+automatically.  The C<name> and C<email> fields will be automatically populated
+with LDAP data.
 
 in etc/config.yml
 
   Plugins: 
-    - Login: {}
     - Authentication::Ldap: 
        LDAPhost: ldap.univ.fr           # ldap server
        LDAPbase: ou=people,dc=.....     # base ldap
@@ -26,12 +31,59 @@
        LDAPuid: uid                     # optional
 
 
+Then create a user model
+
+  jifty model --name=User
+
+and edit lib/App/Model/User.pm to look something like this:
+
+  use strict;
+  use warnings;
+  
+  package Venice::Model::User;
+  
+  use Jifty::DBI::Schema;
+  use Venice::Record schema {
+	# More app-specific user columns go here
+  };
+  
+  use Jifty::Plugin::User::Mixin::Model::User;
+  use Jifty::Plugin::Authentication::Ldap::Mixin::Model::User;
+  
+  sub current_user_can {
+      my $self = shift;
+      my $type = shift;
+      my %args = (@_);
+      
+      return 1;
+  }
+  
+  1;
+
+=head2 ACTIONS
+
+This plugin will add the following actions to your application.
+For testing you can access these from the Admin plugin.
+
+=over
+
+=item Jifty::Plugin::Authentication::Ldap::Action::LDAPLogin
+
+The login path is C</ldaplogin>.
+
+=item Jifty::Plugin::Authentication::Ldap::Action::LDAPLogout
+
+The logout path is C</ldaplogout>.
+
+=back
+
+=cut
 
 =head2 METHODS
 
 =head2 prereq_plugins
 
-This plugin depends on the L<User|Jifty::Plugin::User> plugin.
+This plugin depends on the L<User|Jifty::Plugin::User::Mixin::Model::User> Mixin.
 
 =cut
 
@@ -45,9 +97,54 @@
 
 my ($LDAP, %params);
 
-=head2 init
+=head2 Configuration
+
+The following options are available in your C<config.yml>
+under the Authentication::Ldap Plugins section.
+
+=over
+
+=item C<LDAPhost>
+
+Your LDAP server.
+
+=item C<LDAPbase>
+
+The base object where your users live.
 
-read etc/config.yml
+=item C<LDAPMail>
+
+The DN that your organization uses to store Email addresses.  This
+gets copied into the User object as the C<email>.
+
+=item C<LDAPName>
+
+The DN that your organization uses to store Real Name.  This gets
+copied into the User object as the C<name>.
+
+=item C<LDAPuid>
+
+The DN that your organization uses to store the user ID.  Usually C<cn>.
+This gets copied into the User object as the C<ldap_id>.
+
+=item C<LDAPOptions>
+
+These options get passed through to L<Net::LDAP>.
+
+Default Options :
+
+ debug   => 0
+ onerror => undef
+ async   => 1 
+
+Other options you may want :
+ 
+ timeout => 30
+
+See C<Net::LDAP> for a full list.  You can overwrite the defaults
+selectively or not at all.
+
+=back
 
 =cut
 
@@ -56,11 +153,19 @@
     my %args = @_;
 
     $params{'Hostname'} = $args{LDAPhost};
-    $params{'base'} = $args{LDAPbase} or die "Need LDAPbase in plugin config";
-    $params{'uid'} = $args{LDAPuid} || "uid";
-    $params{'email'} = $args{LDAPMail} || "";
-    $params{'name'} = $args{LDAPName} || "cn";
-    $LDAP = Net::LDAP->new($params{Hostname},async=>1,onerror => 'undef', debug => 0)
+    $params{'base'}     = $args{LDAPbase} or die "Need LDAPbase in plugin config";
+    $params{'uid'}      = $args{LDAPuid}     || "uid";
+    $params{'email'}    = $args{LDAPMail}    || "";
+    $params{'name'}     = $args{LDAPName}    || "cn";
+    my $opts            = $args{LDAPOptions} || {};
+
+    # Default options for Net::LDAP
+    $opts->{'debug'}   = 0       unless defined $opts->{'debug'};
+    $opts->{'onerror'} = 'undef' unless defined $opts->{'onerror'};
+    $opts->{'async'}   = 1       unless defined $opts->{'async'};
+    $params{'opts'}    = $opts;
+
+    $LDAP = Net::LDAP->new($params{Hostname},%{$opts})
         or die "Can't connect to LDAP server ",$params{Hostname};
 }
 
@@ -84,6 +189,9 @@
     return $params{'name'};
 };
 
+sub opts {
+    return $params{'opts'};
+};
 
 
 sub get_infos {
@@ -107,11 +215,11 @@
 
 =head1 SEE ALSO
 
-L<Jifty::Manual::AccessControl>, L<Jifty::Plugin::User>, L<Net::LDAP>
+L<Jifty::Manual::AccessControl>, L<Jifty::Plugin::User::Mixin::Model::User>, L<Net::LDAP>
 
 =head1 LICENSE
 
-Jifty is Copyright 2005-2007 Best Practical Solutions, LLC.
+Jifty is Copyright 2005-2008 Best Practical Solutions, LLC.
 Jifty is distributed under the same terms as Perl itself.
 
 =cut

Modified: jifty/trunk/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication/Ldap/Action/LDAPLogin.pm
==============================================================================
--- jifty/trunk/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication/Ldap/Action/LDAPLogin.pm	(original)
+++ jifty/trunk/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication/Ldap/Action/LDAPLogin.pm	Fri Dec 12 17:50:15 2008
@@ -47,7 +47,7 @@
     }
 
 
-    return $self->validation_ok('name');
+    return $self->validation_ok('ldap_id');
 }
 
 
@@ -114,8 +114,10 @@
     my $u = $user->user_object;
 
     # Update, just in case
-    $u->__set( column => 'name', value => $name );
-    $u->__set( column => 'email', value => $email );
+    $u->__set( column => 'ldap_id', value => $username ) unless ($u->ldap_id and $u->ldap_id eq $username);
+    $u->__set( column => 'name', value => $username )    unless ($u->name and length $u->name);
+    $u->__set( column => 'name', value => $name )	 if ($name);
+    $u->__set( column => 'email', value => $email )	 if ($email);
 
 
     # Login!

Modified: jifty/trunk/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication/Ldap/Mixin/Model/User.pm
==============================================================================
--- jifty/trunk/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication/Ldap/Mixin/Model/User.pm	(original)
+++ jifty/trunk/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication/Ldap/Mixin/Model/User.pm	Fri Dec 12 17:50:15 2008
@@ -22,8 +22,8 @@
 column ldap_id =>
   type is 'text',
   label is 'Ldap ID',
-  is distinct,
-  is immutable;
+  is distinct;
+  #is immutable;
 
 };

More information about the Jifty-commit mailing list