Jifty::Plugin::AuthzLDAP(3) Jifty plugin to a add dynamic ldap authorization

DESCRIPTION

Jifty plugin. Provide ldap authorization with filters table and cache.

CONFIGURATION NOTES

in etc/config.yml
  Plugins: 
    - AuthzLDAP: 
       LDAPbind: cn=testldap,ou=admins,dc=myorg,dc=org #
       LDAPpass: test                   # password
       LDAPhost: ldap.myorg.org         # ldap host
       LDAPbase: ou=people,dc=myorg..   # ldap base
       LDAPuid: uid                     # optional
       CacheTimout: 20                  # minutes, optional, default 20 minutes

in application create a LDAPFilter model
        use base qw/Jifty::Plugin::AuthzLDAP::Model::LDAPFilter/;

in LDAPFilter model create your filters, something like
 name    |filter                         |is_group
 is_admin|(!eduPersonAffiliation=STUDENT)|0
 in_admin|cn=admin,ou=groups,dc=my.org   |1

to protect access to /admin in ``TestApp'' application create a lib/TestApp/Dispatcher.pm

    use strict;
    use warnings;
    package TestApp::Dispatcher;
    use Jifty::Dispatcher -base;
    before '/admin/*' => run {
       # Authentication
       Jifty->web->tangent(url => '/login')
            if (! Jifty->web->current_user->id);
       # Authorization
       my $user = Jifty->web->current_user->user_object->name;
       Jifty->web->tangent(url => '/error/AccessDenied')
            if (! Jifty::Plugin::AuthzLDAP->ldapvalidate($user,'is_admin') );
    };
    1

METHODS

init

load config parameters, connect to ldap, create memory cache

BASE CACHE DN LDAP BASE UID PASS LDAPFilterClass

accesors to conf parametres

bind

Bind to ldap

ldapvalidate NAME FILTERNAME

return 1 if NAME validate FILTER or NAME-FILTERNAME in cache else return 0

If FILTERNAME is flagged as is_group, search if user is uniquemember of this group as supported by the Netscape Directory Server

AUTHOR

Yves Agostini, <[email protected]>

LICENSE

Copyright 2007-2009 Yves Agostini. All Rights Reserved.

This program is free software and may be modified and distributed under the same terms as Perl itself.