Jifty::Plugin::AuthzLDAP
Jifty plugin. Provide ldap authorization with filters table and cache.
NOW FOR TESTING AND COMMENTS
in etc/config.yml Plugins: - AuthzLDAP: LDAPbind: cn=testldap,ou=admins,dc=myorg,dc=org # LDAPpass: test # password LDAPhost: ldap.myorg.org # ldap host LDAPbase: ou=people,dc=myorg.. # ldap base LDAPuid: uid # optional CacheTimout: 20 # minutes, optional, default 20 minutes
in application create a LDAPFilter model use base qw/Jifty::Plugin::AuthzLDAP::Model::LDAPFilter/;
in LDAPFilter model create your filters, something like name |filter |is_group is_admin|(!eduPersonAffiliation=STUDENT)|0 in_admin|cn=admin,ou=groups,dc=my.org |1
to protect access to /admin in "TestApp" application create a lib/TestApp/Dispatcher.pm
use strict; use warnings; package TestApp::Dispatcher; use Jifty::Dispatcher -base; before '/admin/*' => run { # Authentication Jifty->web->tangent(url => '/login') if (! Jifty->web->current_user->id); # Authorization my $user = Jifty->web->current_user->user_object->name; Jifty->web->tangent(url => '/error/AccessDenied') if (! Jifty::Plugin::AuthzLDAP->ldapvalidate($user,'is_admin') ); }; 1
Net::LDAP
Bind to ldap
return 1 if NAME validate FILTER or NAME-FILTERNAME in cache else return 0
If FILTERNAME is flagged as is_group, search if user is uniquemember of this group as supported by the Netscape Directory Server
To install Jifty, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Jifty
CPAN shell
perl -MCPAN -e shell install Jifty
For more information on module installation, please visit the detailed CPAN module installation guide.