I have very limited knowledge on LDAP configuration and have been trying fix one issue, but unsuccessful.
The server, I am working on, is Solaris-10 zone. sudoers is configured on LDAP (its not on local server). I have access to login directly on server with root, but somehow sudo is not working... (9 Replies)
Dear All,
It would be really nice, if you could help me to write a script for deletion of list of user( more than 15000 users) stored in a file and sorted by email address( i need deletion of only a particular type of mail address).
Is the any script to write and take the file as input and... (3 Replies)
Hi,
I have a Solaris 10 system, which appears to be sending out LDAP queries to a server that is due to be decomissioned.
Is there a way to identify which process is sending out these queries? The problem is that the local port constantly changes, and the connections do not stay open long... (3 Replies)
Hello,
Some of our application team uses Microsoft Team Foundation server (TFS) reposity tool for their .NET projects , I would like to access it form Unix/Linux machine. Please let me know how can access the TFS from unix.
Thanks (0 Replies)
Besides doing some shell-script which loops through /etc/passwd, I was wondering if there was some command that would tell me, like an enhanced version of getent.
The Operating system is Solaris 10 (recent-ish revision) using Sun DS for LDAP. (5 Replies)
HI All
I need help to understand how the ldap works in Solaris 9 & Solaris 10.
Kindly provide me some helpful commands related to LDAP
Regards
Jagan (2 Replies)
Jifty::Plugin::Authentication::Ldap(3pm) User Contributed Perl Documentation Jifty::Plugin::Authentication::Ldap(3pm)NAME
Jifty::Plugin::Authentication::Ldap - LDAP Authentication Plugin for Jifty
DESCRIPTION
CAUTION: This plugin is experimental.
This may be combined with the User Mixin to provide user accounts and ldap password authentication to your application.
When a new user authenticates using this plugin, a new User object will be created automatically. The "name" and "email" fields will be
automatically populated with LDAP data.
in etc/config.yml
Plugins:
- Authentication::Ldap:
LDAPhost: ldap.univ.fr # ldap server
LDAPbase: ou=people,dc=..... # base ldap
LDAPName: displayname # name to be displayed (cn givenname)
LDAPMail: mailLocalAddress # email used optional
LDAPuid: uid # optional
Then create a user model
jifty model --name=User
and edit lib/App/Model/User.pm to look something like this:
use strict;
use warnings;
package Venice::Model::User;
use Jifty::DBI::Schema;
use Venice::Record schema {
# More app-specific user columns go here
};
use Jifty::Plugin::User::Mixin::Model::User;
use Jifty::Plugin::Authentication::Ldap::Mixin::Model::User;
sub current_user_can {
my $self = shift;
my $type = shift;
my %args = (@_);
return 1 if
$self->current_user->is_superuser;
# all logged in users can read this table
return 1
if ($type eq 'read' && $self->current_user->id);
return $self->SUPER::current_user_can($type, @_);
};
1;
ACTIONS
This plugin will add the following actions to your application. For testing you can access these from the Admin plugin.
Jifty::Plugin::Authentication::Ldap::Action::LDAPLogin
The login path is "/ldaplogin".
Jifty::Plugin::Authentication::Ldap::Action::LDAPLogout
The logout path is "/ldaplogout".
METHODS
prereq_plugins
This plugin depends on the User Mixin.
Configuration
The following options are available in your "config.yml" under the Authentication::Ldap Plugins section.
"LDAPhost"
Your LDAP server.
"LDAPbase"
[Mandatory] The base object where your users live. If "LDAPBindTemplate" is defined, "LDAPbase" is only used for user search.
"LDAPBindTemplate"
Alternatively to "LDAPbase", you can specify here the whole DN string, with %u as a placeholder for UID.
"LDAPMail"
The DN that your organization uses to store Email addresses. This gets copied into the User object as the "email".
"LDAPName"
The DN that your organization uses to store Real Name. This gets copied into the User object as the "name".
"LDAPuid"
The DN that your organization uses to store the user ID. Usually "cn". This gets copied into the User object as the "ldap_id".
"LDAPOptions"
These options get passed through to Net::LDAP.
Default Options :
debug => 0
onerror => undef
async => 1
Other options you may want :
timeout => 30
See "Net::LDAP" for a full list. You can overwrite the defaults selectively or not at all.
"LDAPLoginHooks"
Optional list of Perl functions that would be called after a successful login and after a corresponding User object is loaded and
updated. The function is called with a hash array arguments, as follows:
username => string
user_object => User object
ldap => Net::LDAP object
infos => User attributes as returned by get_infos
"LDAPFetchUserAttr"
Optional list of LDAP user attributes fetched by get_infos. The values are returned to the login hook as arrayrefs.
Example
The following example authenticates the application against a MS Active Directory server for the domain MYDOMAIN. Each user entry has the
attribute 'department' which is used for authorization. "LDAPbase" is used for user searching, and binding is done in a Microsoft way. The
login hook checks if the user belongs to specific departments and updates the user record.
######
# etc/config.yml:
Plugins:
- User: {}
- Authentication::Ldap:
LDAPhost: ldap1.mydomain.com
LDAPbase: 'DC=mydomain,DC=com'
LDAPBindTemplate: 'MYDOMAIN\%u'
LDAPName: displayName
LDAPMail: mail
LDAPuid: cn
LDAPFetchUserAttr:
- department
LDAPLoginHooks:
- 'Myapp::Model::User::ldap_login_hook'
######
# package Myapp::Model::User;
sub ldap_login_hook
{
my %args = @_;
my $u = $args{'user_object'};
my $department = $args{'infos'}->{'department'}[0];
my $editor = 0;
if( $department eq 'NOC' or
$department eq 'ENGINEERING' )
{
$editor = 1;
}
$u->__set( column => 'is_content_editor', value => $editor );
}
SEE ALSO
Jifty::Manual::AccessControl, Jifty::Plugin::User::Mixin::Model::User, Net::LDAP
AUTHORS
Yves Agostini, <yvesago@cpan.org>, Stanislav Sinyagin
and others authors from Jifty (maxbaker, clkao, sartak, alexmv)
LICENSE
Copyright 2007-2010 Yves Agostini. All Rights Reserved.
This program is free software and may be modified and distributed under the same terms as Perl itself.
perl v5.10.1 2010-09-15 Jifty::Plugin::Authentication::Ldap(3pm)