NAME

Catalyst::Authentication::Store::LDAP::Backend - LDAP authentication storage backend.

SYNOPSIS

    # you probably just want Store::LDAP under most cases,
    # but if you insist you can instantiate your own store:

    use Catalyst::Authentication::Store::LDAP::Backend;

    use Catalyst qw/
        Authentication
        Authentication::Credential::Password
    /;

    my %config = (
            'ldap_server' => 'ldap1.yourcompany.com',
            'ldap_server_options' => {
                'timeout' => 30,
            },
            'binddn' => 'anonymous',
            'bindpw' => 'dontcarehow',
            'start_tls' => 1,
            'start_tls_options' => {
                'verify' => 'none',
            },
            'user_basedn' => 'ou=people,dc=yourcompany,dc=com',
            'user_filter' => '(&(objectClass=posixAccount)(uid=%s))',
            'user_scope' => 'one',  # or 'sub' for Active Directory
            'user_field' => 'uid',
            'user_search_options' => {
                'deref' => 'always',
                'attrs' => [qw( distinguishedname name mail )],
            },
            'user_results_filter' => sub { return shift->pop_entry },
            'entry_class' => 'MyApp::LDAP::Entry',
            'user_class' => 'MyUser',
            'use_roles' => 1,
            'role_basedn' => 'ou=groups,dc=yourcompany,dc=com',
            'role_filter' => '(&(objectClass=posixGroup)(member=%s))',
            'role_scope' => 'one',
            'role_field' => 'cn',
            'role_value' => 'dn',
            'role_search_options' => {
                'deref' => 'always',
            },
            'role_search_as_user' => 0,
            'persist_in_session'  => 'all',
    );

    our $users = Catalyst::Authentication::Store::LDAP::Backend->new(\%config);

DESCRIPTION

You probably want Catalyst::Authentication::Store::LDAP.

Otherwise, this lets you create a store manually.

See the Catalyst::Authentication::Store::LDAP documentation for an explanation of the configuration options.

METHODS

new($config)

Creates a new Catalyst::Authentication::Store::LDAP::Backend object. $config should be a hashref, which should contain the configuration options listed in Catalyst::Authentication::Store::LDAP's documentation.

Also sets a few sensible defaults.

find_user( authinfo, $c )

Creates a Catalyst::Authentication::Store::LDAP::User object for the given User ID. This is the preferred mechanism for getting a given User out of the Store.

authinfo should be a hashref with a key of either id or username. The value will be compared against the LDAP user_field field.

get_user( id, $c)

Creates a Catalyst::Authentication::Store::LDAP::User object for the given User ID, or calls new on the class specified in user_class. This instance of the store object, the results of lookup_user and $c are passed as arguments (in that order) to new. This is the preferred mechanism for getting a given User out of the Store.

ldap_connect

Returns a Net::LDAP object, connected to your LDAP server. (According to how you configured the Backend, of course)

ldap_bind($ldap, $binddn, $bindpw)

Bind's to the directory. If $ldap is undef, it will connect to the LDAP server first. $binddn should be the DN of the object you wish to bind as, and $bindpw the password.

If $binddn is "anonymous", an anonymous bind will be performed.

ldap_auth( $binddn, $bindpw )

Connect to the LDAP server and do an authenticated bind against the directory. Throws an exception if connecting to the LDAP server fails. Returns 1 if binding succeeds, 0 if it fails.

lookup_user($id)

Given a User ID, this method will:

  A) Bind to the directory using the configured binddn and bindpw
  B) Perform a search for the User Object in the directory, using
     user_basedn, user_filter, and user_scope.
  C) Assuming we found the object, we will walk its attributes
     using L<Net::LDAP::Entry>'s get_value method.  We store the
     results in a hashref. If we do not find the object, then
     undef is returned.
  D) Return a hashref that looks like:

     $results = {
        'ldap_entry' => $entry, # The Net::LDAP::Entry object
        'attributes' => $attributes,
     }

This method is usually only called by find_user().

lookup_roles($userobj, [$ldap])

This method looks up the roles for a given user. It takes a Catalyst::Authentication::Store::LDAP::User object as its first argument, and can optionally take a Net::LDAP object which is used rather than the default binding if supplied.

It returns an array containing the role_field attribute from all the objects that match its criteria.

user_supports

Returns the value of Catalyst::Authentication::Store::LDAP::User->supports(@_).

from_session( id, $c, $frozenuser )

Revives a serialized user from storage in the session.

Supports users stored with a different persist_in_session setting.

AUTHORS

Adam Jacob <holoway@cpan.org>

Some parts stolen shamelessly and entirely from Catalyst::Plugin::Authentication::Store::Htpasswd.

Currently maintained by Peter Karman <karman@cpan.org>.

THANKS

To nothingmuch, ghenry, castaway and the rest of #catalyst for the help. :)

SEE ALSO

Catalyst::Authentication::Store::LDAP, Catalyst::Authentication::Store::LDAP::User, Catalyst::Plugin::Authentication, Net::LDAP

COPYRIGHT & LICENSE

Copyright (c) 2005 the aforementioned authors. All rights reserved. This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.