Provided by: libjifty-plugin-authzldap-perl_0.90000-1_all 
NAME
Jifty::Plugin::AuthzLDAP - Jifty plugin to a add dynamic ldap authorization
DESCRIPTION
Jifty plugin. Provide ldap authorization with filters table and cache.
CONFIGURATION NOTES
in etc/config.yml
Plugins:
- AuthzLDAP:
LDAPbind: cn=testldap,ou=admins,dc=myorg,dc=org #
LDAPpass: test # password
LDAPhost: ldap.myorg.org # ldap host
LDAPbase: ou=people,dc=myorg.. # ldap base
LDAPuid: uid # optional
CacheTimout: 20 # minutes, optional, default 20 minutes
in application create a LDAPFilter model
use base qw/Jifty::Plugin::AuthzLDAP::Model::LDAPFilter/;
in LDAPFilter model create your filters, something like
name |filter |is_group
is_admin|(!eduPersonAffiliation=STUDENT)|0
in_admin|cn=admin,ou=groups,dc=my.org |1
to protect access to /admin in "TestApp" application create a lib/TestApp/Dispatcher.pm
use strict;
use warnings;
package TestApp::Dispatcher;
use Jifty::Dispatcher -base;
before '/admin/*' => run {
# Authentication
Jifty->web->tangent(url => '/login')
if (! Jifty->web->current_user->id);
# Authorization
my $user = Jifty->web->current_user->user_object->name;
Jifty->web->tangent(url => '/error/AccessDenied')
if (! Jifty::Plugin::AuthzLDAP->ldapvalidate($user,'is_admin') );
};
1
SEE ALSO
Net::LDAP
METHODS
init
load config parameters, connect to ldap, create memory cache
BASE CACHE DN LDAP BASE UID PASS LDAPFilterClass
accesors to conf parametres
bind
Bind to ldap
ldapvalidate NAME FILTERNAME
return 1 if NAME validate FILTER or NAME-FILTERNAME in cache else return 0
If FILTERNAME is flagged as is_group, search if user is uniquemember of this group as supported by the
Netscape Directory Server
AUTHOR
Yves Agostini, <yvesago@cpan.org>
LICENSE
Copyright 2007-2009 Yves Agostini. All Rights Reserved.
This program is free software and may be modified and distributed under the same terms as Perl itself.
perl v5.10.0 2009-05-15 Jifty::Plugin::AuthzLDAP(3pm)