Hi all,
Attached is a patch for Authentication::Ldap that does the following :
1. Add links to Authentication::Ldap and Authentication::CAS from
Manual::AccessControl
2. Fix small bug in Authentication::Ldap::Action::LDAPLogin.pm in
validate_ldap_id() that causes it to throw a warning
3. Add new config option "LDAPOptions" that is a pass-through to Net::LDAP
4. Allow override of default settings to Net::LDAP using above
5. Borrow some code from Authentication::CAS to make sure the user
object has correct data all the time
6. Lots of documentation
Any improvements, coding standards, or comments are welcome -- I'm just
getting familiarized w/ Jifty.
Now that I have the user and LDAP part down, I can go make an app!
Thanks for all the help on #jifty and here.
-m
Yves Agostini wrote:
Le jeudi 11 décembre 2008 à 18:47 -0800, Max Baker a écrit :
Hi Yves,
Yves Agostini wrote:
unlucky : AuthLDAPLogin and AuthLDAPOnly are deprecated.
Good to know, thanks for your help.
You need to use Authentication::Ldap. Authentication::Ldap add all
users to your local user table where you can add easily add fields.
https://svn.univ-metz.fr/svnweb/index.cgi/pub_Uguest/view/trunk/lib/Uguest/Model/User.pm
You can use AuthzLDAP to add filter to find with ldap attributes, which
users can write in your application.
here you can find a sample use of AuthzLDAP
https://svn.univ-metz.fr/svnweb/index.cgi/pub_Uguest/view/trunk/lib/Uguest/Dispatcher.pm
You can certainly write your own plugin (Authentication::LdapReader ?)
where you don't register user in local table.
The sample code from your application helps a lot.
For the record, I am now running the SVN head version, and here's what I
have :
config.yml:
----------------------------------------------------------------------
Plugins:
- Authentication::Ldap:
LDAPhost: ldap.company.com
LDAPbase: ou=People,dc=company,dc=com
LDAPName: cn
LDAPMail: mail
LDAPuid: uid
...
LogLevel: DEBUG
----------------------------------------------------------------------
Note that I *did not* include the User plugin as told to in the POD.
This is on suggestion from people in #jifty.
I think you need the "Mixin User" plugin as ldap plugin add new user in
this table
so you need something like :
use yourApp::Record schema {
....
};
use Jifty::Plugin::User::Mixin::Model::User;
use Jifty::Plugin::Authentication::Ldap::Mixin::Model::User;
This is working now, and my app will authenticate correctly. However
now the code to automatically add a user seems to be broken. It adds an
empty row to the database with all fields blank. I added some debug
code to make sure that LDAP was returning the correct information.
The problem seems to lie here:
Plugin/Authentication/Ldap/Action/LDAPLogin.pm
----------------------------------------------------------------------
94 # Autocreate the user if necessary
95 if ( not $user->id ) {
96 my $action = Jifty->web->new_action(
97 class => 'CreateUser',
98 current_user => $current_user->superuser,
99 arguments => {
100 ldap_id => $username
101 }
102 );
103 $action->run;
104
105 if ( not $action->result->success ) {
106 # Should this be less "friendly"?
107 $self->result->error(_("Sorry, something weird happened
(we couldn't create a user f
108 return;
109 }
110
111 $user = $current_user->new( ldap_id => $username );
112 }
113
114 my $u = $user->user_object;
115
116 # Update, just in case
117 $u->__set( column => 'ldap_id', value => $username ) unless
($u->ldap_id and $u->ldap_id eq
118 $u->__set( column => 'name', value => $username ) unless
($u->name and length $u->name);
119 $u->__set( column => 'name', value => $name ) if ($name);
120 $u->__set( column => 'email', value => $email ) if ($email);
----------------------------------------------------------------------
Note that 117-120 are changed from stock because I was fooling around
trying to get it to work. But even when stock, they didn't seem to work
-- no data was written into the database! And the ui now says "Hiya
," so the username is empty in the user object as well.
take care with current_user_can maybe you can't read or can't write
you can try with :
sub current_user_can {
my $self = shift;
my $type = shift;
my %args = (@_);
return 1;
}
Any ideas folks?
Thanks!
-m
diff -ur
jifty_src/jifty/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication/Ldap/Action/LDAPLogin.pm
installed/Plugin/Authentication/Ldap/Action/LDAPLogin.pm
---
jifty_src/jifty/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication/Ldap/Action/LDAPLogin.pm
2008-12-11 16:47:00.359954000 -0800
+++ installed/Plugin/Authentication/Ldap/Action/LDAPLogin.pm 2008-12-11
17:52:05.000000000 -0800
@@ -47,7 +47,7 @@
}
- return $self->validation_ok('name');
+ return $self->validation_ok('ldap_id');
}
@@ -114,8 +114,10 @@
my $u = $user->user_object;
# Update, just in case
- $u->__set( column => 'name', value => $name );
- $u->__set( column => 'email', value => $email );
+ $u->__set( column => 'ldap_id', value => $username ) unless ($u->ldap_id
and $u->ldap_id eq $username);
+ $u->__set( column => 'name', value => $username ) unless ($u->name and
length $u->name);
+ $u->__set( column => 'name', value => $name ) if ($name);
+ $u->__set( column => 'email', value => $email ) if ($email);
# Login!
diff -ur
jifty_src/jifty/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication/Ldap/Mixin/Model/User.pm
installed/Plugin/Authentication/Ldap/Mixin/Model/User.pm
---
jifty_src/jifty/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication/Ldap/Mixin/Model/User.pm
2008-12-12 12:21:05.406361000 -0800
+++ installed/Plugin/Authentication/Ldap/Mixin/Model/User.pm 2008-12-11
18:03:29.000000000 -0800
@@ -22,8 +22,8 @@
column ldap_id =>
type is 'text',
label is 'Ldap ID',
- is distinct,
- is immutable;
+ is distinct;
+ #is immutable;
};
diff -ur
jifty_src/jifty/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication/Ldap.pm
installed/Plugin/Authentication/Ldap.pm
---
jifty_src/jifty/plugins/Authentication-Ldap/lib/Jifty/Plugin/Authentication/Ldap.pm
2008-12-11 12:15:08.388187000 -0800
+++ installed/Plugin/Authentication/Ldap.pm 2008-12-12 10:27:36.000000000
-0800
@@ -6,18 +6,23 @@
=head1 NAME
-Jifty::Plugin::Authentication::Ldap - ldap authentication plugin
+Jifty::Plugin::Authentication::Ldap - LDAP Authentication Plugin
=head1 DESCRIPTION
B<CAUTION:> This plugin is experimental.
-This may be combined with the L<Jifty::Plugin::User> plugin to provide user
accounts and ldap password authentication to your application.
+This may be combined with the L<User|Jifty::Plugin::User::Mixin::Model::User>
+Mixin to provide user accounts and ldap password authentication to your
+application.
+
+When a new user authenticates using this plugin, a new User object will be
created
+automatically. The C<name> and C<email> fields will be automatically populated
+with LDAP data.
in etc/config.yml
Plugins:
- - Login: {}
- Authentication::Ldap:
LDAPhost: ldap.univ.fr # ldap server
LDAPbase: ou=people,dc=..... # base ldap
@@ -26,12 +31,59 @@
LDAPuid: uid # optional
+Then create a user model
+
+ jifty model --name=User
+
+and edit lib/App/Model/User.pm to look something like this:
+
+ use strict;
+ use warnings;
+
+ package Venice::Model::User;
+
+ use Jifty::DBI::Schema;
+ use Venice::Record schema {
+ # More app-specific user columns go here
+ };
+
+ use Jifty::Plugin::User::Mixin::Model::User;
+ use Jifty::Plugin::Authentication::Ldap::Mixin::Model::User;
+
+ sub current_user_can {
+ my $self = shift;
+ my $type = shift;
+ my %args = (@_);
+
+ return 1;
+ }
+
+ 1;
+
+=head2 ACTIONS
+
+This plugin will add the following actions to your application.
+For testing you can access these from the Admin plugin.
+
+=over
+
+=item Jifty::Plugin::Authentication::Ldap::Action::LDAPLogin
+
+The login path is C</ldaplogin>.
+
+=item Jifty::Plugin::Authentication::Ldap::Action::LDAPLogout
+
+The login path is C</ldaplogout>.
+
+=back
+
+=cut
=head2 METHODS
=head2 prereq_plugins
-This plugin depends on the L<User|Jifty::Plugin::User> plugin.
+This plugin depends on the L<User|Jifty::Plugin::User::Mixin::Model::User>
Mixin.
=cut
@@ -47,7 +99,52 @@
=head2 init
-read etc/config.yml
+The following options are available in your C<config.yml>
+under the Authentication::Ldap Plugins section.
+
+=over
+
+=item C<LDAPhost>
+
+Your LDAP server.
+
+=item C<LDAPbase>
+
+The base object where your users live.
+
+=item C<LDAPMail>
+
+The DN that your organization uses to store Email addresses. This
+gets copied into the User object as the C<email>.
+
+=item C<LDAPName>
+
+The DN that your organization uses to store Real Name. This gets
+copied into the User object as the C<name>.
+
+=item C<LDAPuid>
+
+The DN that your organization uses to store the user ID. Usually C<cn>.
+This gets copied into the User object as the C<ldap_id>.
+
+=item C<LDAPOptions>
+
+These options get passed through to L<Net::LDAP>.
+
+Default Options :
+
+ debug => 0
+ onerror => undef
+ async => 1
+
+Other options you may want :
+
+ timeout => 30
+
+See C<Net::LDAP> for a full list. You can overwrite the defaults
+selectively or not at all.
+
+=back
=cut
@@ -56,11 +153,19 @@
my %args = @_;
$params{'Hostname'} = $args{LDAPhost};
- $params{'base'} = $args{LDAPbase} or die "Need LDAPbase in plugin config";
- $params{'uid'} = $args{LDAPuid} || "uid";
- $params{'email'} = $args{LDAPMail} || "";
- $params{'name'} = $args{LDAPName} || "cn";
- $LDAP = Net::LDAP->new($params{Hostname},async=>1,onerror => 'undef',
debug => 0)
+ $params{'base'} = $args{LDAPbase} or die "Need LDAPbase in plugin
config";
+ $params{'uid'} = $args{LDAPuid} || "uid";
+ $params{'email'} = $args{LDAPMail} || "";
+ $params{'name'} = $args{LDAPName} || "cn";
+ my $opts = $args{LDAPOptions} || {};
+
+ # Default options for Net::LDAP
+ $opts->{'debug'} = 0 unless defined $opts->{'debug'};
+ $opts->{'onerror'} = 'undef' unless defined $opts->{'onerror'};
+ $opts->{'async'} = 1 unless defined $opts->{'async'};
+ $params{'opts'} = $opts;
+
+ $LDAP = Net::LDAP->new($params{Hostname},%{$opts})
or die "Can't connect to LDAP server ",$params{Hostname};
}
@@ -84,6 +189,9 @@
return $params{'name'};
};
+sub opts {
+ return $params{'opts'};
+};
sub get_infos {
@@ -107,11 +215,11 @@
=head1 SEE ALSO
-L<Jifty::Manual::AccessControl>, L<Jifty::Plugin::User>, L<Net::LDAP>
+L<Jifty::Manual::AccessControl>, L<Jifty::Plugin::User::Mixin::Model::User>,
L<Net::LDAP>
=head1 LICENSE
-Jifty is Copyright 2005-2007 Best Practical Solutions, LLC.
+Jifty is Copyright 2005-2008 Best Practical Solutions, LLC.
Jifty is distributed under the same terms as Perl itself.
=cut
diff -ru jifty_src/jifty/lib/Jifty/Manual/AccessControl.pod
installed/Manual/AccessControl.pod
--- jifty_src/jifty/lib/Jifty/Manual/AccessControl.pod 2008-12-11
12:16:51.045097000 -0800
+++ installed/Manual/AccessControl.pod 2008-12-12 09:37:56.000000000 -0800
@@ -200,6 +200,6 @@
=head1 SEE ALSO
-L<Jifty::CurrentUser>, L<Jifty::Record>, L<Jifty::RightsFrom>
+L<Jifty::CurrentUser>, L<Jifty::Record>, L<Jifty::RightsFrom>,
L<Jifty::Plugin::Authentication::Ldap>, L<Jifty::Plugin::Authentication::CAS>
=cut
_______________________________________________
jifty-devel mailing list
jifty-devel@lists.jifty.org
http://lists.jifty.org/cgi-bin/mailman/listinfo/jifty-devel
