Steve Rippl wrote on 2009-08-09: > Hello! > > I have a question that is hopefully trivial for someone here, but I > haven't seen any examples. I have an app I'm building, used by folks in > an Active Directory network. It's got a DBIx model and I'd like to use > that for role based authorization and getting staff members > grade/building info etc (it's a school district), but I'd like to (just) > authenticate against ldap. I don't want to store any user/role data > there (obviously their username is in there and it matches what I have > in the db), simply try to bind against it as the user, then get store > data from the database. This way they can use their network passwords > and I don't have to fill AD with application specific info. > > Make sense? Easy to do? > > So far I'm doing it all via the db... > > name WsdSis > <authentication> > default_realm dbic > <realms> > <dbic> > <credential> > class Password > password_type clear > </credential> > <store> > user_class DB::Staff > role_relation roles > role_field role > </store> > </dbic> > </realms> > </authentication> > ... > > and > ... > use Catalyst qw/ > -Debug > ConfigLoader > Static::Simple > StackTrace > Authentication > Authorization::Roles > Session > Session::Store::FastMmap > Session::State::Cookie > /; > ... > > What would these look like if I'm able to squeeze the ldap plugin in > there? Can I have 2 Authentication::Store backends in there? > > TIA, > Steve > > -- > Steve Rippl > Technology Director > Woodland School District > 360 225 9451 x326 > >
Hey Steve, I do this in my app. The way I do is it I have two authentication realms - LDAP and DBIC. I authenticate against the LDAP realm first, and if that is successful I do a find_or_create with the user info on my user DB table, so any first-time users get a user created in the DBIC realm with default roles and whatnot. Then I authenticate against the DBIC realm. I do that last because $c->user will contain the most recently authenticated user, so in this case $c->user would be your DB::Staff object. HTH Byron _______________________________________________ List: [email protected] Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[email protected]/ Dev site: http://dev.catalyst.perl.org/
