NAME
Jifty::Plugin::AuthzLDAP
DESCRIPTION
Jifty plugin. Provide ldap authorization with filters table and cache.
NOW FOR TESTING AND COMMENTS
CONFIGURATION NOTES
in etc/config.yml Plugins: - AuthzLDAP: LDAPbind: cn=testldap,ou=admins,dc=myorg,dc=org # LDAPpass: test # password LDAPhost: ldap.myorg.org # ldap host LDAPbase: ou=people,dc=myorg.. # ldap base LDAPuid: uid # optional CacheTimout: 20 # minutes, optional, default 20 minutes
in application create a LDAPFilter model use base qw/Jifty::Plugin::AuthzLDAP::Model::LDAPFilter/;
in LDAPFilter model create your filters, something like name |filter |is_group is_admin|(!eduPersonAffiliation=STUDENT)|0 in_admin|cn=admin,ou=groups,dc=my.org |1
to protect access to /admin in "TestApp" application create a lib/TestApp/Dispatcher.pm
use strict;
use warnings;
package TestApp::Dispatcher;
use Jifty::Dispatcher -base;
before '/admin/*' => run {
# Authentication
Jifty->web->tangent(url => '/login')
if (! Jifty->web->current_user->id);
# Authorization
my $user = Jifty->web->current_user->user_object->name;
Jifty->web->tangent(url => '/error/AccessDenied')
if (! Jifty::Plugin::AuthzLDAP->ldapvalidate($user,'is_admin') );
};
1
SEE ALSO
bind
Bind to ldap
validate NAME FILTERNAME
return 1 if NAME validate FILTER or NAME-FILTERNAME in cache else return 0
If FILTERNAME is flagged as is_group, search if user is uniquemember of this group as supported by the Netscape Directory Server