NAME
Net::Squid::Auth::Plugin::SimpleLDAP - A simple LDAP-based credentials
validation plugin for Net::Squid::Auth::Engine
VERSION
version 0.1.82_01
SYNOPSIS
If you're a system administrator trying to use Net::Squid::Auth::Engine
to validate your user's credentials using a LDAP server as a credentials
repository, do as described here:
On "$Config{InstallScript}/squid-auth-engine"'s configuration file:
plugin = SimpleLDAP
<SimpleLDAP>
# LDAP server
server = myldap.server.somewhere # mandatory
# connection options
<NetLDAP> # optional section with
port = N # Net::LDAP's
scheme = 'ldap' | 'ldaps' | 'ldapi' # constructor
... # options
</NetLDAP>
# bind options
binddn = cn=joedoe # mandatory
bindpw = secretpassword # mandatory
# search options
basedn = ou=mydept,o=mycompany.com # mandatory
objclass = inetOrgPerson # opt, default "person"
userattr = uid # opt, default "cn"
passattr = password # opt, default "userPassword"
</SimpleLDAP>
Unless configured otherwise, this module will assume the users in your
LDAP directory belong to the object class "person", as defined in
section 3.12 of RFC 4519, and the user and password information will be
looked for in the "cn" and "userPassword" attributes, respectively.
Although you can choose to use any other pair of attributes, the
"userattr" can be set to "DN", while the "passattr" can not.
On your Squid HTTP Cache configuration:
auth_param basic /usr/bin/squid-auth-engine /etc/squid-auth-engine.conf
And you're ready to use this module.
If you're a developer, you might be interested in reading through the
source code of this module, in order to learn about it's internals and
how it works. It may give you ideas about how to implement other plugin
modules for Net::Squid::Auth::Engine.
METHODS
new( $config_hash )
Constructor. Expects a hash reference with all the configuration under
the section *<SimpleLDAP>* in the
"$Config{InstallScript}/squid-auth-engine" as parameter. Returns a
plugin instance.
initialize()
Initialization method called upon instantiation. This provides an
opportunity for the plugin initialize itself, stablish database
connections and ensure it have all the necessary resources to verify the
credentials presented. It receives no parameters and expect no return
values.
_search()
Searches the LDAP server. It expects one parameter with a search string
for the username. The search string must conform with the format used in
LDAP queries, as defined in section 3 of RFC 4515.
is_valid( $username, $password )
This is the credential validation interface. It expects a username and
password as parameters and returns a boolean indicating if the
credentials are valid (i.e., are listed in the configuration file) or
not.
config( $key )
Accessor for a configuration setting given by key.
SUPPORT
You can find documentation for this module with the perldoc command.
perldoc Net::Squid::Auth::Plugin::SimpleLDAP
Or take a look at the github site to be up to date:
You can also look for information at:
* RFC 4515 - Lightweight Directory Access Protocol (LDAP): String
Representation of Search Filters
* RFC 4519 - Lightweight Directory Access Protocol (LDAP): Schema for
User Applications
* RT: CPAN's request tracker
leLDAP>
* AnnoCPAN: Annotated CPAN documentation
* CPAN Ratings
* Search CPAN
SEE ALSO
Net::Squid::Auth::Engine, Net::LDAP, Scalar::Util
ACKNOWLEDGEMENTS
Luis "Fields" Motta Campos "<lmc at cpan.org>", who could now say:
"The circle is now complete. When I left you, I was but the learner; now
*I* am the master."
To what I'd reply:
"Only a master of Perl, Fields"
AUTHOR
Alexei Znamensky <russoz@cpan.org>
COPYRIGHT AND LICENSE
This software is copyright (c) 2011 by Alexei Znamensky.
This is free software; you can redistribute it and/or modify it under
the same terms as the Perl 5 programming language system itself.