++ed by:

2 PAUSE users
1 non-PAUSE user.

Dagfinn Ilmari Mannsåker
and 1 contributors


Catalyst::Authentication::Store::LDAP::Backend - LDAP authentication storage backend.


    # you probably just want Store::LDAP under most cases,
    # but if you insist you can instantiate your own store:

    use Catalyst::Authentication::Store::LDAP::Backend;

    use Catalyst qw/

    my %config = (
            'ldap_server' => 'ldap1.yourcompany.com',
            'ldap_server_options' => {
                'timeout' => 30,
            'binddn' => 'anonymous',
            'bindpw' => 'dontcarehow',
            'start_tls' => 1,
            'start_tls_options' => {
                'verify' => 'none',
            'user_basedn' => 'ou=people,dc=yourcompany,dc=com',
            'user_filter' => '(&(objectClass=posixAccount)(uid=%s))',
            'user_scope' => 'one',  # or 'sub' for Active Directory
            'user_field' => 'uid',
            'user_search_options' => {
                'deref' => 'always',
                'attrs' => [qw( distinguishedname name mail )],
            'user_results_filter' => sub { return shift->pop_entry },
            'entry_class' => 'MyApp::LDAP::Entry',
            'user_class' => 'MyUser',
            'use_roles' => 1,
            'role_basedn' => 'ou=groups,dc=yourcompany,dc=com',
            'role_filter' => '(&(objectClass=posixGroup)(member=%s))',
            'role_scope' => 'one',
            'role_field' => 'cn',
            'role_value' => 'dn',
            'role_search_options' => {
                'deref' => 'always',
            'role_search_as_user' => 0,
            'persist_in_session'  => 'all',

    our $users = Catalyst::Authentication::Store::LDAP::Backend->new(\%config);


You probably want Catalyst::Authentication::Store::LDAP.

Otherwise, this lets you create a store manually.

See the Catalyst::Authentication::Store::LDAP documentation for an explanation of the configuration options.



Creates a new Catalyst::Authentication::Store::LDAP::Backend object. $config should be a hashref, which should contain the configuration options listed in Catalyst::Authentication::Store::LDAP's documentation.

Also sets a few sensible defaults.

find_user( authinfo, $c )

Creates a Catalyst::Authentication::Store::LDAP::User object for the given User ID. This is the preferred mechanism for getting a given User out of the Store.

authinfo should be a hashref with a key of either id or username. The value will be compared against the LDAP user_field field.

get_user( id, $c)

Creates a Catalyst::Authentication::Store::LDAP::User object for the given User ID, or calls new on the class specified in user_class. This instance of the store object, the results of lookup_user and $c are passed as arguments (in that order) to new. This is the preferred mechanism for getting a given User out of the Store.


Returns a Net::LDAP object, connected to your LDAP server. (According to how you configured the Backend, of course)

ldap_bind($ldap, $binddn, $bindpw)

Bind's to the directory. If $ldap is undef, it will connect to the LDAP server first. $binddn should be the DN of the object you wish to bind as, and $bindpw the password.

If $binddn is "anonymous", an anonymous bind will be performed.

ldap_auth( $binddn, $bindpw )

Connect to the LDAP server and do an authenticated bind against the directory. Throws an exception if connecting to the LDAP server fails. Returns 1 if binding succeeds, 0 if it fails.


Given a User ID, this method will:

  A) Bind to the directory using the configured binddn and bindpw
  B) Perform a search for the User Object in the directory, using
     user_basedn, user_filter, and user_scope.
  C) Assuming we found the object, we will walk it's attributes
     using L<Net::LDAP::Entry>'s get_value method.  We store the
     results in a hashref. If we do not find the object, then
     undef is returned.
  D) Return a hashref that looks like:

     $results = {
        'ldap_entry' => $entry, # The Net::LDAP::Entry object
        'attributes' => $attributes,

This method is usually only called by find_user().

lookup_roles($userobj, [$ldap])

This method looks up the roles for a given user. It takes a Catalyst::Authentication::Store::LDAP::User object as it's first argument, and can optionally take a Net::LDAP object which is used rather than the default binding if supplied.

It returns an array containing the role_field attribute from all the objects that match it's criteria.


Returns the value of Catalyst::Authentication::Store::LDAP::User->supports(@_).

from_session( id, $c, $frozenuser )

Revives a serialized user from storage in the session.

Supports users stored with a different persist_in_session setting.


Adam Jacob <holoway@cpan.org>

Some parts stolen shamelessly and entirely from Catalyst::Plugin::Authentication::Store::Htpasswd.

Currently maintained by Peter Karman <karman@cpan.org>.


To nothingmuch, ghenry, castaway and the rest of #catalyst for the help. :)


Catalyst::Authentication::Store::LDAP, Catalyst::Authentication::Store::LDAP::User, Catalyst::Plugin::Authentication, Net::LDAP


Copyright (c) 2005 the aforementioned authors. All rights reserved. This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.