r70837 - in /branches/upstream/libjifty-plugin-authentication-ldap-perl/current: .gitignore Changes MANIFEST META.yml README lib/Jifty/Plugin/Authentication/Ldap.pm lib/Jifty/Plugin/Authentication/Ldap/Action/LDAPLogin.pm
jawnsy-guest at users.alioth.debian.org
jawnsy-guest at users.alioth.debian.org
Tue Mar 8 02:22:43 UTC 2011
Author: jawnsy-guest
Date: Tue Mar 8 02:22:37 2011
New Revision: 70837
URL: http://svn.debian.org/wsvn/pkg-perl/?sc=1&rev=70837
Log:
[svn-upgrade] new version libjifty-plugin-authentication-ldap-perl (1.01)
Added:
branches/upstream/libjifty-plugin-authentication-ldap-perl/current/.gitignore
branches/upstream/libjifty-plugin-authentication-ldap-perl/current/README
Modified:
branches/upstream/libjifty-plugin-authentication-ldap-perl/current/Changes
branches/upstream/libjifty-plugin-authentication-ldap-perl/current/MANIFEST
branches/upstream/libjifty-plugin-authentication-ldap-perl/current/META.yml
branches/upstream/libjifty-plugin-authentication-ldap-perl/current/lib/Jifty/Plugin/Authentication/Ldap.pm
branches/upstream/libjifty-plugin-authentication-ldap-perl/current/lib/Jifty/Plugin/Authentication/Ldap/Action/LDAPLogin.pm
Added: branches/upstream/libjifty-plugin-authentication-ldap-perl/current/.gitignore
URL: http://svn.debian.org/wsvn/pkg-perl/branches/upstream/libjifty-plugin-authentication-ldap-perl/current/.gitignore?rev=70837&op=file
==============================================================================
--- branches/upstream/libjifty-plugin-authentication-ldap-perl/current/.gitignore (added)
+++ branches/upstream/libjifty-plugin-authentication-ldap-perl/current/.gitignore Tue Mar 8 02:22:37 2011
@@ -1,0 +1,5 @@
+META.yml
+Makefile
+blib/
+inc/
+pm_to_blib
Modified: branches/upstream/libjifty-plugin-authentication-ldap-perl/current/Changes
URL: http://svn.debian.org/wsvn/pkg-perl/branches/upstream/libjifty-plugin-authentication-ldap-perl/current/Changes?rev=70837&op=diff
==============================================================================
--- branches/upstream/libjifty-plugin-authentication-ldap-perl/current/Changes (original)
+++ branches/upstream/libjifty-plugin-authentication-ldap-perl/current/Changes Tue Mar 8 02:22:37 2011
@@ -1,4 +1,8 @@
Revision history for Perl module Jifty::Plugin::Authentication::Ldap
+
+1.01 Wed, 15 Sep 2010 12:36:08 +0200
+ - Active Directory style binding (ssinyagin)
+ - hooks login (ssinyagin)
1.00 Wed, 10 Jun 2009 11:49:12 +0200
- bump version number to avoid conflict with debian
Modified: branches/upstream/libjifty-plugin-authentication-ldap-perl/current/MANIFEST
URL: http://svn.debian.org/wsvn/pkg-perl/branches/upstream/libjifty-plugin-authentication-ldap-perl/current/MANIFEST?rev=70837&op=diff
==============================================================================
--- branches/upstream/libjifty-plugin-authentication-ldap-perl/current/MANIFEST (original)
+++ branches/upstream/libjifty-plugin-authentication-ldap-perl/current/MANIFEST Tue Mar 8 02:22:37 2011
@@ -1,3 +1,4 @@
+.gitignore
Changes
inc/Module/AutoInstall.pm
inc/Module/Install.pm
@@ -20,5 +21,6 @@
Makefile.PL
MANIFEST This list of files
META.yml
+README
share/po/jifty_plugin_authentication_ldap.pot
t/00-load.t
Modified: branches/upstream/libjifty-plugin-authentication-ldap-perl/current/META.yml
URL: http://svn.debian.org/wsvn/pkg-perl/branches/upstream/libjifty-plugin-authentication-ldap-perl/current/META.yml?rev=70837&op=diff
==============================================================================
--- branches/upstream/libjifty-plugin-authentication-ldap-perl/current/META.yml (original)
+++ branches/upstream/libjifty-plugin-authentication-ldap-perl/current/META.yml Tue Mar 8 02:22:37 2011
@@ -1,7 +1,7 @@
---
abstract: 'LDAP Authentication Plugin for Jifty'
author:
- - 'Yves Agostini, <yvesago at cpan.org>'
+ - 'Yves Agostini, <yvesago at cpan.org>, Stanislav Sinyagin'
build_requires:
ExtUtils::MakeMaker: 6.11
distribution_type: module
@@ -22,4 +22,4 @@
Net::LDAP: 0
resources:
license: http://dev.perl.org/licenses/
-version: 1.00
+version: 1.01
Added: branches/upstream/libjifty-plugin-authentication-ldap-perl/current/README
URL: http://svn.debian.org/wsvn/pkg-perl/branches/upstream/libjifty-plugin-authentication-ldap-perl/current/README?rev=70837&op=file
==============================================================================
--- branches/upstream/libjifty-plugin-authentication-ldap-perl/current/README (added)
+++ branches/upstream/libjifty-plugin-authentication-ldap-perl/current/README Tue Mar 8 02:22:37 2011
@@ -1,0 +1,191 @@
+NAME
+ Jifty::Plugin::Authentication::Ldap - LDAP Authentication Plugin for
+ Jifty
+
+DESCRIPTION
+ CAUTION: This plugin is experimental.
+
+ This may be combined with the User Mixin to provide user accounts and
+ ldap password authentication to your application.
+
+ When a new user authenticates using this plugin, a new User object will
+ be created automatically. The "name" and "email" fields will be
+ automatically populated with LDAP data.
+
+ in etc/config.yml
+
+ Plugins:
+ - Authentication::Ldap:
+ LDAPhost: ldap.univ.fr # ldap server
+ LDAPbase: ou=people,dc=..... # base ldap
+ LDAPName: displayname # name to be displayed (cn givenname)
+ LDAPMail: mailLocalAddress # email used optional
+ LDAPuid: uid # optional
+
+ Then create a user model
+
+ jifty model --name=User
+
+ and edit lib/App/Model/User.pm to look something like this:
+
+ use strict;
+ use warnings;
+
+ package Venice::Model::User;
+
+ use Jifty::DBI::Schema;
+ use Venice::Record schema {
+ # More app-specific user columns go here
+ };
+
+ use Jifty::Plugin::User::Mixin::Model::User;
+ use Jifty::Plugin::Authentication::Ldap::Mixin::Model::User;
+
+ sub current_user_can {
+ my $self = shift;
+ my $type = shift;
+ my %args = (@_);
+
+ return 1 if
+ $self->current_user->is_superuser;
+
+ # all logged in users can read this table
+ return 1
+ if ($type eq 'read' && $self->current_user->id);
+
+ return $self->SUPER::current_user_can($type, @_);
+ };
+
+ 1;
+
+ ACTIONS
+ This plugin will add the following actions to your application. For
+ testing you can access these from the Admin plugin.
+
+ Jifty::Plugin::Authentication::Ldap::Action::LDAPLogin
+ The login path is "/ldaplogin".
+
+ Jifty::Plugin::Authentication::Ldap::Action::LDAPLogout
+ The logout path is "/ldaplogout".
+
+ METHODS
+ prereq_plugins
+ This plugin depends on the User Mixin.
+
+ Configuration
+ The following options are available in your "config.yml" under the
+ Authentication::Ldap Plugins section.
+
+ "LDAPhost"
+ Your LDAP server.
+
+ "LDAPbase"
+ [Mandatory] The base object where your users live. If
+ "LDAPBindTemplate" is defined, "LDAPbase" is only used for user
+ search.
+
+ "LDAPBindTemplate"
+ Alternatively to "LDAPbase", you can specify here the whole DN
+ string, with *%u* as a placeholder for UID.
+
+ "LDAPMail"
+ The DN that your organization uses to store Email addresses. This
+ gets copied into the User object as the "email".
+
+ "LDAPName"
+ The DN that your organization uses to store Real Name. This gets
+ copied into the User object as the "name".
+
+ "LDAPuid"
+ The DN that your organization uses to store the user ID. Usually
+ "cn". This gets copied into the User object as the "ldap_id".
+
+ "LDAPOptions"
+ These options get passed through to Net::LDAP.
+
+ Default Options :
+
+ debug => 0
+ onerror => undef
+ async => 1
+
+ Other options you may want :
+
+ timeout => 30
+
+ See "Net::LDAP" for a full list. You can overwrite the defaults
+ selectively or not at all.
+
+ "LDAPLoginHooks"
+ Optional list of Perl functions that would be called after a
+ successful login and after a corresponding User object is loaded and
+ updated. The function is called with a hash array arguments, as
+ follows:
+
+ username => string
+ user_object => User object
+ ldap => Net::LDAP object
+ infos => User attributes as returned by get_infos
+
+ "LDAPFetchUserAttr"
+ Optional list of LDAP user attributes fetched by get_infos. The
+ values are returned to the login hook as arrayrefs.
+
+ Example
+ The following example authenticates the application against a MS Active
+ Directory server for the domain MYDOMAIN. Each user entry has the
+ attribute 'department' which is used for authorization. "LDAPbase" is
+ used for user searching, and binding is done in a Microsoft way. The
+ login hook checks if the user belongs to specific departments and
+ updates the user record.
+
+ ######
+ # etc/config.yml:
+ Plugins:
+ - User: {}
+ - Authentication::Ldap:
+ LDAPhost: ldap1.mydomain.com
+ LDAPbase: 'DC=mydomain,DC=com'
+ LDAPBindTemplate: 'MYDOMAIN\%u'
+ LDAPName: displayName
+ LDAPMail: mail
+ LDAPuid: cn
+ LDAPFetchUserAttr:
+ - department
+ LDAPLoginHooks:
+ - 'Myapp::Model::User::ldap_login_hook'
+
+ ######
+ # package Myapp::Model::User;
+ sub ldap_login_hook
+ {
+ my %args = @_;
+
+ my $u = $args{'user_object'};
+ my $department = $args{'infos'}->{'department'}[0];
+
+ my $editor = 0;
+ if( $department eq 'NOC' or
+ $department eq 'ENGINEERING' )
+ {
+ $editor = 1;
+ }
+
+ $u->__set( column => 'is_content_editor', value => $editor );
+ }
+
+SEE ALSO
+ Jifty::Manual::AccessControl, Jifty::Plugin::User::Mixin::Model::User,
+ Net::LDAP
+
+AUTHORS
+ Yves Agostini, <yvesago at cpan.org>, Stanislav Sinyagin
+
+ and others authors from Jifty (maxbaker, clkao, sartak, alexmv)
+
+LICENSE
+ Copyright 2007-2010 Yves Agostini. All Rights Reserved.
+
+ This program is free software and may be modified and distributed under
+ the same terms as Perl itself.
+
Modified: branches/upstream/libjifty-plugin-authentication-ldap-perl/current/lib/Jifty/Plugin/Authentication/Ldap.pm
URL: http://svn.debian.org/wsvn/pkg-perl/branches/upstream/libjifty-plugin-authentication-ldap-perl/current/lib/Jifty/Plugin/Authentication/Ldap.pm?rev=70837&op=diff
==============================================================================
--- branches/upstream/libjifty-plugin-authentication-ldap-perl/current/lib/Jifty/Plugin/Authentication/Ldap.pm (original)
+++ branches/upstream/libjifty-plugin-authentication-ldap-perl/current/lib/Jifty/Plugin/Authentication/Ldap.pm Tue Mar 8 02:22:37 2011
@@ -4,7 +4,7 @@
package Jifty::Plugin::Authentication::Ldap;
use base qw/Jifty::Plugin/;
-our $VERSION = '1.00';
+our $VERSION = '1.01';
=head1 NAME
@@ -119,7 +119,13 @@
=item C<LDAPbase>
-The base object where your users live.
+[Mandatory] The base object where your users live. If C<LDAPBindTemplate> is
+defined, C<LDAPbase> is only used for user search.
+
+=item C<LDAPBindTemplate>
+
+Alternatively to C<LDAPbase>, you can specify here the whole DN string, with
+I<%u> as a placeholder for UID.
=item C<LDAPMail>
@@ -153,8 +159,70 @@
See C<Net::LDAP> for a full list. You can overwrite the defaults
selectively or not at all.
+=item C<LDAPLoginHooks>
+
+Optional list of Perl functions that would be called after a successful login
+and after a corresponding User object is loaded and updated. The function is
+called with a hash array arguments, as follows:
+
+ username => string
+ user_object => User object
+ ldap => Net::LDAP object
+ infos => User attributes as returned by get_infos
+
+=item C<LDAPFetchUserAttr>
+
+Optional list of LDAP user attributes fetched by get_infos. The values are
+returned to the login hook as arrayrefs.
+
=back
+=head2 Example
+
+The following example authenticates the application against a MS Active
+Directory server for the domain MYDOMAIN. Each user entry has the attribute
+'department' which is used for authorization. C<LDAPbase> is used for user
+searching, and binding is done in a Microsoft way. The login hook checks
+if the user belongs to specific departments and updates the user record.
+
+
+ ######
+ # etc/config.yml:
+ Plugins:
+ - User: {}
+ - Authentication::Ldap:
+ LDAPhost: ldap1.mydomain.com
+ LDAPbase: 'DC=mydomain,DC=com'
+ LDAPBindTemplate: 'MYDOMAIN\%u'
+ LDAPName: displayName
+ LDAPMail: mail
+ LDAPuid: cn
+ LDAPFetchUserAttr:
+ - department
+ LDAPLoginHooks:
+ - 'Myapp::Model::User::ldap_login_hook'
+
+ ######
+ # package Myapp::Model::User;
+ sub ldap_login_hook
+ {
+ my %args = @_;
+
+ my $u = $args{'user_object'};
+ my $department = $args{'infos'}->{'department'}[0];
+
+ my $editor = 0;
+ if( $department eq 'NOC' or
+ $department eq 'ENGINEERING' )
+ {
+ $editor = 1;
+ }
+
+ $u->__set( column => 'is_content_editor', value => $editor );
+ }
+
+
+
=cut
sub init {
@@ -162,10 +230,18 @@
my %args = @_;
$params{'Hostname'} = $args{LDAPhost};
+ $params{'bind_template'} = $args{LDAPBindTemplate};
$params{'base'} = $args{LDAPbase} or die "Need LDAPbase in plugin config";
$params{'uid'} = $args{LDAPuid} || "uid";
$params{'email'} = $args{LDAPMail} || "";
$params{'name'} = $args{LDAPName} || "cn";
+ $params{'login_hooks'} = $args{LDAPLoginHooks} || [];
+ $params{'fetch_attrs'} = $args{LDAPFetchUserAttr} || [];
+
+ if( not $params{'bind_template'} ) {
+ $params{'bind_template'} = $params{'uid'}.'=%u,'.$params{'base'};
+ }
+
my $opts = $args{LDAPOptions} || {};
# Default options for Net::LDAP
@@ -182,6 +258,10 @@
return $LDAP;
}
+sub bind_template {
+ return $params{'bind_template'};
+}
+
sub base {
return $params{'base'};
}
@@ -202,22 +282,31 @@
return $params{'opts'};
};
+sub login_hooks {
+ return @{$params{'login_hooks'}};
+}
sub get_infos {
my ($self,$user) = @_;
my $result = $self->LDAP()->search (
base => $self->base(),
- filter => '(uid= '.$user.')',
- attrs => [$self->name(),$self->email()],
+ filter => '('.$self->uid().'='.$user.')',
+ attrs => [$self->name(),$self->email(), @{$params{'fetch_attrs'}}],
sizelimit => 1
);
$result->code && Jifty->log->error( 'LDAP uid=' . $user . ' ' . $result->error );
- my ($ret) = $result->entries;
- my $name = $ret->get_value($self->name());
- my $email = $ret->get_value($self->email());
-
- return ({ name => $name, email => $email });
+ my ($entry) = $result->entries;
+ my $ret = {
+ dn => $entry->dn(),
+ name => $entry->get_value($self->name()),
+ email => $entry->get_value($self->email()),
+ };
+ foreach my $attr (@{$params{'fetch_attrs'}}) {
+ my @val = $entry->get_value($attr);
+ $ret->{$attr} = [ @val ];
+ }
+ return $ret;
};
@@ -228,13 +317,13 @@
=head1 AUTHORS
-Yves Agostini, <yvesago at cpan.org>
+Yves Agostini, <yvesago at cpan.org>, Stanislav Sinyagin
and others authors from Jifty (maxbaker, clkao, sartak, alexmv)
=head1 LICENSE
-Copyright 2007-2009 Yves Agostini. All Rights Reserved.
+Copyright 2007-2010 Yves Agostini. All Rights Reserved.
This program is free software and may be modified and distributed under the same terms as Perl itself.
Modified: branches/upstream/libjifty-plugin-authentication-ldap-perl/current/lib/Jifty/Plugin/Authentication/Ldap/Action/LDAPLogin.pm
URL: http://svn.debian.org/wsvn/pkg-perl/branches/upstream/libjifty-plugin-authentication-ldap-perl/current/lib/Jifty/Plugin/Authentication/Ldap/Action/LDAPLogin.pm?rev=70837&op=diff
==============================================================================
--- branches/upstream/libjifty-plugin-authentication-ldap-perl/current/lib/Jifty/Plugin/Authentication/Ldap/Action/LDAPLogin.pm (original)
+++ branches/upstream/libjifty-plugin-authentication-ldap-perl/current/lib/Jifty/Plugin/Authentication/Ldap/Action/LDAPLogin.pm Tue Mar 8 02:22:37 2011
@@ -63,8 +63,9 @@
my $self = shift;
my $username = $self->argument_value('ldap_id');
my ($plugin) = Jifty->find_plugin('Jifty::Plugin::Authentication::Ldap');
- my $dn = $plugin->uid().'='.$username.','.
- $plugin->base();
+
+ my $dn = $plugin->bind_template();
+ $dn =~ s/\%u/$username/g;
Jifty->log->debug( "dn = $dn" );
@@ -124,6 +125,16 @@
Jifty->web->current_user( $user );
Jifty->web->session->set_cookie;
+ foreach my $proc ($plugin->login_hooks()) {
+ eval( '&' . $proc . '( username => $username, ' .
+ 'user_object => $u, ldap => $plugin->LDAP(), infos => $infos )' );
+ if( $@ ) {
+ Jifty->log->error('Cannot eval ' . $proc . ': ' . $@);
+ $self->result->error('Cannot eval ' . $proc . ': ' . $@);
+ return;
+ }
+ }
+
# Success!
$self->report_success;
More information about the Pkg-perl-cvs-commits
mailing list