[jifty-devel] LDAP Plugins
Max Baker
max at warped.org
Fri Dec 12 15:40:01 EST 2008
Hi all,
Attached is a patch for Authentication::Ldap that does the following :
1. Add links to Authentication::Ldap and Authentication::CAS from
Manual::AccessControl
2. Fix small bug in Authentication::Ldap::Action::LDAPLogin.pm in
validate_ldap_id() that causes it to throw a warning
3. Add new config option "LDAPOptions" that is a pass-through to Net::LDAP
4. Allow override of default settings to Net::LDAP using above
5. Borrow some code from Authentication::CAS to make sure the user
object has correct data all the time
6. Lots of documentation
Any improvements, coding standards, or comments are welcome -- I'm just
getting familiarized w/ Jifty.
Now that I have the user and LDAP part down, I can go make an app!
Thanks for all the help on #jifty and here.
-m
Yves Agostini wrote:
> Le jeudi 11 décembre 2008 à 18:47 -0800, Max Baker a écrit :
>
>> Hi Yves,
>>
>>
>> Yves Agostini wrote:
>>
>>> unlucky : AuthLDAPLogin and AuthLDAPOnly are deprecated.
>>>
>>>
>>>
>> Good to know, thanks for your help.
>>
>>
>>> You need to use Authentication::Ldap. Authentication::Ldap add all
>>> users to your local user table where you can add easily add fields.
>>> https://svn.univ-metz.fr/svnweb/index.cgi/pub_Uguest/view/trunk/lib/Uguest/Model/User.pm
>>>
>>> You can use AuthzLDAP to add filter to find with ldap attributes, which
>>> users can write in your application.
>>>
>>> here you can find a sample use of AuthzLDAP
>>> https://svn.univ-metz.fr/svnweb/index.cgi/pub_Uguest/view/trunk/lib/Uguest/Dispatcher.pm
>>>
>>> You can certainly write your own plugin (Authentication::LdapReader ?)
>>> where you don't register user in local table.
>>>
>> The sample code from your application helps a lot.
>>
>> For the record, I am now running the SVN head version, and here's what I
>> have :
>>
>> config.yml:
>> ----------------------------------------------------------------------
>> Plugins:
>> - Authentication::Ldap:
>> LDAPhost: ldap.company.com
>> LDAPbase: ou=People,dc=company,dc=com
>> LDAPName: cn
>> LDAPMail: mail
>> LDAPuid: uid
>> ...
>> LogLevel: DEBUG
>> ----------------------------------------------------------------------
>>
>> Note that I *did not* include the User plugin as told to in the POD.
>> This is on suggestion from people in #jifty.
>>
>
> I think you need the "Mixin User" plugin as ldap plugin add new user in
> this table
>
> so you need something like :
>
> use yourApp::Record schema {
> ....
> };
>
> use Jifty::Plugin::User::Mixin::Model::User;
> use Jifty::Plugin::Authentication::Ldap::Mixin::Model::User;
>
>
>> This is working now, and my app will authenticate correctly. However
>> now the code to automatically add a user seems to be broken. It adds an
>> empty row to the database with all fields blank. I added some debug
>> code to make sure that LDAP was returning the correct information.
>>
>> The problem seems to lie here:
>>
>> Plugin/Authentication/Ldap/Action/LDAPLogin.pm
>> ----------------------------------------------------------------------
>> 94 # Autocreate the user if necessary
>> 95 if ( not $user->id ) {
>> 96 my $action = Jifty->web->new_action(
>> 97 class => 'CreateUser',
>> 98 current_user => $current_user->superuser,
>> 99 arguments => {
>> 100 ldap_id => $username
>> 101 }
>> 102 );
>> 103 $action->run;
>> 104
>> 105 if ( not $action->result->success ) {
>> 106 # Should this be less "friendly"?
>> 107 $self->result->error(_("Sorry, something weird happened
>> (we couldn't create a user f
>> 108 return;
>> 109 }
>> 110
>> 111 $user = $current_user->new( ldap_id => $username );
>> 112 }
>> 113
>> 114 my $u = $user->user_object;
>> 115
>> 116 # Update, just in case
>> 117 $u->__set( column => 'ldap_id', value => $username ) unless
>> ($u->ldap_id and $u->ldap_id eq
>> 118 $u->__set( column => 'name', value => $username ) unless
>> ($u->name and length $u->name);
>> 119 $u->__set( column => 'name', value => $name ) if ($name);
>> 120 $u->__set( column => 'email', value => $email ) if ($email);
>> ----------------------------------------------------------------------
>>
>> Note that 117-120 are changed from stock because I was fooling around
>> trying to get it to work. But even when stock, they didn't seem to work
>> -- no data was written into the database! And the ui now says "Hiya
>> ," so the username is empty in the user object as well.
>>
>
> take care with current_user_can maybe you can't read or can't write
>
> you can try with :
>
> sub current_user_can {
> my $self = shift;
> my $type = shift;
> my %args = (@_);
>
> return 1;
> }
>
>
>
>> Any ideas folks?
>>
>> Thanks!
>> -m
>>
>>
>>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: jifty_authentication_ldap_maxb.patch
Url: http://lists.jifty.org/pipermail/jifty-devel/attachments/20081212/290248bc/attachment.txt
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: jifty_manual_access_control_maxb.patch
Url: http://lists.jifty.org/pipermail/jifty-devel/attachments/20081212/290248bc/attachment-0001.txt
More information about the jifty-devel
mailing list