.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} .el \{\ . de IX .. .\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "Jifty::Plugin::Authentication::Ldap 3pm" .TH Jifty::Plugin::Authentication::Ldap 3pm "2010-09-15" "perl v5.10.1" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" Jifty::Plugin::Authentication::Ldap \- LDAP Authentication Plugin for Jifty .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fB\s-1CAUTION:\s0\fR This plugin is experimental. .PP This may be combined with the User Mixin to provide user accounts and ldap password authentication to your application. .PP When a new user authenticates using this plugin, a new User object will be created automatically. The \f(CW\*(C`name\*(C'\fR and \f(CW\*(C`email\*(C'\fR fields will be automatically populated with \s-1LDAP\s0 data. .PP in etc/config.yml .PP .Vb 7 \& Plugins: \& \- Authentication::Ldap: \& LDAPhost: ldap.univ.fr # ldap server \& LDAPbase: ou=people,dc=..... # base ldap \& LDAPName: displayname # name to be displayed (cn givenname) \& LDAPMail: mailLocalAddress # email used optional \& LDAPuid: uid # optional .Ve .PP Then create a user model .PP .Vb 1 \& jifty model \-\-name=User .Ve .PP and edit lib/App/Model/User.pm to look something like this: .PP .Vb 2 \& use strict; \& use warnings; \& \& package Venice::Model::User; \& \& use Jifty::DBI::Schema; \& use Venice::Record schema { \& # More app\-specific user columns go here \& }; \& \& use Jifty::Plugin::User::Mixin::Model::User; \& use Jifty::Plugin::Authentication::Ldap::Mixin::Model::User; \& \& sub current_user_can { \& my $self = shift; \& my $type = shift; \& my %args = (@_); \& \& return 1 if \& $self\->current_user\->is_superuser; \& \& # all logged in users can read this table \& return 1 \& if ($type eq \*(Aqread\*(Aq && $self\->current_user\->id); \& \& return $self\->SUPER::current_user_can($type, @_); \& }; \& \& 1; .Ve .SS "\s-1ACTIONS\s0" .IX Subsection "ACTIONS" This plugin will add the following actions to your application. For testing you can access these from the Admin plugin. .IP "Jifty::Plugin::Authentication::Ldap::Action::LDAPLogin" 4 .IX Item "Jifty::Plugin::Authentication::Ldap::Action::LDAPLogin" The login path is \f(CW\*(C`/ldaplogin\*(C'\fR. .IP "Jifty::Plugin::Authentication::Ldap::Action::LDAPLogout" 4 .IX Item "Jifty::Plugin::Authentication::Ldap::Action::LDAPLogout" The logout path is \f(CW\*(C`/ldaplogout\*(C'\fR. .SS "\s-1METHODS\s0" .IX Subsection "METHODS" .SS "prereq_plugins" .IX Subsection "prereq_plugins" This plugin depends on the User Mixin. .SS "Configuration" .IX Subsection "Configuration" The following options are available in your \f(CW\*(C`config.yml\*(C'\fR under the Authentication::Ldap Plugins section. .ie n .IP """LDAPhost""" 4 .el .IP "\f(CWLDAPhost\fR" 4 .IX Item "LDAPhost" Your \s-1LDAP\s0 server. .ie n .IP """LDAPbase""" 4 .el .IP "\f(CWLDAPbase\fR" 4 .IX Item "LDAPbase" [Mandatory] The base object where your users live. If \f(CW\*(C`LDAPBindTemplate\*(C'\fR is defined, \f(CW\*(C`LDAPbase\*(C'\fR is only used for user search. .ie n .IP """LDAPBindTemplate""" 4 .el .IP "\f(CWLDAPBindTemplate\fR" 4 .IX Item "LDAPBindTemplate" Alternatively to \f(CW\*(C`LDAPbase\*(C'\fR, you can specify here the whole \s-1DN\s0 string, with \&\fI\f(CI%u\fI\fR as a placeholder for \s-1UID\s0. .ie n .IP """LDAPMail""" 4 .el .IP "\f(CWLDAPMail\fR" 4 .IX Item "LDAPMail" The \s-1DN\s0 that your organization uses to store Email addresses. This gets copied into the User object as the \f(CW\*(C`email\*(C'\fR. .ie n .IP """LDAPName""" 4 .el .IP "\f(CWLDAPName\fR" 4 .IX Item "LDAPName" The \s-1DN\s0 that your organization uses to store Real Name. This gets copied into the User object as the \f(CW\*(C`name\*(C'\fR. .ie n .IP """LDAPuid""" 4 .el .IP "\f(CWLDAPuid\fR" 4 .IX Item "LDAPuid" The \s-1DN\s0 that your organization uses to store the user \s-1ID\s0. Usually \f(CW\*(C`cn\*(C'\fR. This gets copied into the User object as the \f(CW\*(C`ldap_id\*(C'\fR. .ie n .IP """LDAPOptions""" 4 .el .IP "\f(CWLDAPOptions\fR" 4 .IX Item "LDAPOptions" These options get passed through to Net::LDAP. .Sp Default Options : .Sp .Vb 3 \& debug => 0 \& onerror => undef \& async => 1 .Ve .Sp Other options you may want : .Sp .Vb 1 \& timeout => 30 .Ve .Sp See \f(CW\*(C`Net::LDAP\*(C'\fR for a full list. You can overwrite the defaults selectively or not at all. .ie n .IP """LDAPLoginHooks""" 4 .el .IP "\f(CWLDAPLoginHooks\fR" 4 .IX Item "LDAPLoginHooks" Optional list of Perl functions that would be called after a successful login and after a corresponding User object is loaded and updated. The function is called with a hash array arguments, as follows: .Sp .Vb 4 \& username => string \& user_object => User object \& ldap => Net::LDAP object \& infos => User attributes as returned by get_infos .Ve .ie n .IP """LDAPFetchUserAttr""" 4 .el .IP "\f(CWLDAPFetchUserAttr\fR" 4 .IX Item "LDAPFetchUserAttr" Optional list of \s-1LDAP\s0 user attributes fetched by get_infos. The values are returned to the login hook as arrayrefs. .SS "Example" .IX Subsection "Example" The following example authenticates the application against a \s-1MS\s0 Active Directory server for the domain \s-1MYDOMAIN\s0. Each user entry has the attribute \&'department' which is used for authorization. \f(CW\*(C`LDAPbase\*(C'\fR is used for user searching, and binding is done in a Microsoft way. The login hook checks if the user belongs to specific departments and updates the user record. .PP .Vb 10 \& ###### \& # etc/config.yml: \& Plugins: \& \- User: {} \& \- Authentication::Ldap: \& LDAPhost: ldap1.mydomain.com \& LDAPbase: \*(AqDC=mydomain,DC=com\*(Aq \& LDAPBindTemplate: \*(AqMYDOMAIN\e%u\*(Aq \& LDAPName: displayName \& LDAPMail: mail \& LDAPuid: cn \& LDAPFetchUserAttr: \& \- department \& LDAPLoginHooks: \& \- \*(AqMyapp::Model::User::ldap_login_hook\*(Aq \& \& ###### \& # package Myapp::Model::User; \& sub ldap_login_hook \& { \& my %args = @_; \& \& my $u = $args{\*(Aquser_object\*(Aq}; \& my $department = $args{\*(Aqinfos\*(Aq}\->{\*(Aqdepartment\*(Aq}[0]; \& \& my $editor = 0; \& if( $department eq \*(AqNOC\*(Aq or \& $department eq \*(AqENGINEERING\*(Aq ) \& { \& $editor = 1; \& } \& \& $u\->_\|_set( column => \*(Aqis_content_editor\*(Aq, value => $editor ); \& } .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" Jifty::Manual::AccessControl, Jifty::Plugin::User::Mixin::Model::User, Net::LDAP .SH "AUTHORS" .IX Header "AUTHORS" Yves Agostini, , Stanislav Sinyagin .PP and others authors from Jifty (maxbaker, clkao, sartak, alexmv) .SH "LICENSE" .IX Header "LICENSE" Copyright 2007\-2010 Yves Agostini. All Rights Reserved. .PP This program is free software and may be modified and distributed under the same terms as Perl itself.