debian man page for jifty::plugin::authzldap

Debian Man Pages All Man Pages Latest Topics Forum Categories

Query: jifty::plugin::authzldap

OS: debian

Section: 3pm

Format: Original Unix Latex Style Formatted with HTML and a Horizontal Scroll Bar

Jifty::Plugin::AuthzLDAP(3pm)				User Contributed Perl Documentation			     Jifty::Plugin::AuthzLDAP(3pm)


NAME

       Jifty::Plugin::AuthzLDAP - Jifty plugin to a add dynamic ldap authorization


DESCRIPTION

       Jifty plugin.  Provide ldap authorization with filters table and cache.


CONFIGURATION NOTES

       in etc/config.yml
	 Plugins:
	   - AuthzLDAP:
	      LDAPbind: cn=testldap,ou=admins,dc=myorg,dc=org #
	      LDAPpass: test		       # password
	      LDAPhost: ldap.myorg.org	       # ldap host
	      LDAPbase: ou=people,dc=myorg..   # ldap base
	      LDAPuid: uid		       # optional
	      CacheTimout: 20		       # minutes, optional, default 20 minutes

       in application create a LDAPFilter model
	       use base qw/Jifty::Plugin::AuthzLDAP::Model::LDAPFilter/;

       in LDAPFilter model create your filters, something like
	name	|filter 			|is_group
	is_admin|(!eduPersonAffiliation=STUDENT)|0
	in_admin|cn=admin,ou=groups,dc=my.org	|1

       to protect access to /admin in "TestApp" application create a lib/TestApp/Dispatcher.pm

	   use strict;
	   use warnings;

	   package TestApp::Dispatcher;
	   use Jifty::Dispatcher -base;

	   before '/admin/*' => run {
	      # Authentication
	      Jifty->web->tangent(url => '/login')
		   if (! Jifty->web->current_user->id);
	      # Authorization
	      my $user = Jifty->web->current_user->user_object->name;
	      Jifty->web->tangent(url => '/error/AccessDenied')
		   if (! Jifty::Plugin::AuthzLDAP->ldapvalidate($user,'is_admin') );
	   };

	   1


SEE ALSO

       Net::LDAP


METHODS

   init
       load config parameters, connect to ldap, create memory cache

   BASE CACHE DN  LDAP BASE UID PASS LDAPFilterClass
       accesors to conf parametres

   bind
       Bind to ldap

   ldapvalidate NAME FILTERNAME
       return 1 if NAME validate FILTER or NAME-FILTERNAME in cache else return 0

       If FILTERNAME is flagged as is_group, search if user is uniquemember of this group as supported by the Netscape Directory Server


AUTHOR

       Yves Agostini, <yvesago@cpan.org>


LICENSE

       Copyright 2007-2009 Yves Agostini. All Rights Reserved.

       This program is free software and may be modified and distributed under the same terms as Perl itself.

perl v5.10.0							    2009-05-15					     Jifty::Plugin::AuthzLDAP(3pm)
Related Man Pages
jifty::action::record::execute(3pm) - debian
jifty::plugin::authentication::password::mixin::model::user(3pm) - debian
jifty::plugin::authzldap(3pm) - debian
jifty::plugin::chart(3pm) - debian
jifty::plugin::classloader(3pm) - debian
Similar Topics in the Unix Linux Community
Web automation using perl
Local web cache for restricted users question
HpUx and ldap Authentication
Tersus: 1.3.6 (stable) released on March 5th 2009