NAME
   Catalyst::Plugin::Authentication::LDAP - LDAP Authentication for
   Catalyst

SYNOPSIS
       use Catalyst 'Authentication::LDAP';
       __PACKAGE__->config->{authentication} = (
           ldap_server            => 'ldap://ldap.mycompany.com',
           default_naming_context => 'dc=mycompany,dc=com',
           user_context           => 'cn=users',
           user_append            => '@mycompany.com',
           user_filter            => '(&(objectclass=user)(objectcategory=user)(samaccountname=__USER__*))',
           group_attribute        => 'memberOf',
       );
       $c->login( $user, $password );
       $c->logout;
       $c->session_login( $user, $password );
       $c->session_logout;
       $c->roles(qw/customer admin/);

DESCRIPTION
   This plugin allows you to authenticate your web users using an LDAP
   server. See the Configuration section for more details on how to set it
   up. This module was designed with Active Directory in mind and has not
   yet been tested using other LDAP servers. Patches are welcome that
   enable support for other servers.

   Note that this plugin requires a session plugin like
   "Catalyst::Plugin::Session::FastMmap".

CONFIGURATION
   This plugin is configured by passing an "authentication" hash reference
   to your application's config method. The following keys are supported:

       ldap_server

   Required. Specify the full URI to your LDAP server. Some examples are:
   ldap://ldap.mycompany.com, ldap://pdc:1234,
   ldaps://secure.ldap.mycompany.com

       default_naming_context => 'dc=mycompany,dc=com'

   Required. This is the base context for your server. In most cases, this
   is a string of two or more "dc" values separated by commas.

       user_context => 'cn=users',

   Optional. The context to be used when querying a user's details. This
   value is prefixed to the default_naming_context. The default value
   should be suitable for Active Directory servers. If you do not intend to
   use role-based authentication, you can ignore this option.

       user_append = '@mycompany.com'

   Optional. This string will be appended to a user's login name when
   authenticating to the server. Active Directory servers require the user
   to be specified as "[email protected]".

       user_filter => '(&(objectclass=user)(objectcategory=user)(samaccountname=__USER__*))'

   Optional. This filter is used to retrieve the user's account details,
   specifically the list of groups the user is a member of. For Active
   Directory servers, the default value should be suitable. The string
   __USER__ is replaced by the current username. If you do not intend to
   use role-based authentication, you can ignore this option.

       group_attribute => 'memberOf'

   Optional. Specify which attribute contains the list of groups/roles the
   user is a member of.

 METHODS
   login
       Attempt to authenticate a user. Takes username/password as
       arguments,

           $c->login( $user, $password );

       User remains authenticated until end of request.

   logout
       Log out the user. will not clear the session, so user will still
       remain logged in at next request unless session_logout is called.

   process_permission
       check for permissions. used by the 'roles' function.

   roles
       Check permissions for roles and return true or false.

           $c->roles(qw/foo bar/);

       Returns an arrayref containing the verified roles.

           my @roles = @{ $c->roles };

   session_login
       Persistently login the user. The user will remain logged in until he
       clears the session himself, or session_logout is called.

           $c->session_login( $user, $password );

   session_logout
       Session logout. will delete the user object from the session.

 EXTENDED METHODS
   prepare_action
       sets $c->request->{user} from session.

   setup
       sets up $c->config->{authentication}.

 OVERLOADED METHODS
   process_roles
       Takes an arrayref of roles and checks if user has the supplied
       roles. Returns 1/0.

LIMITATIONS
   Because many LDAP servers require a password to query information, the
   user's group/role data must be queried and stored at the time they
   login. This means that group/role data updated on the LDAP server after
   a user logs in will not be reflected in their session until they logout
   and log back in.

SEE ALSO
   Catalyst, Catalyst::Plugin::Authentication::CDBI.

AUTHOR
   Andy Grundman, "[email protected]"

   Based on Catalyst::Plugin::Authentication::CDBI by: Sebastian Riedel,
   "[email protected]" Marcus Ramberg, "[email protected]"

COPYRIGHT
   This program is free software, you can redistribute it and/or modify it
   under the same terms as Perl itself.

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.