| 1) Peter Karman I am now trying to use ::Store::LDAP 0.04 with ::Authentication 0.10002 and I cannot seem to get... |
|
|
|
|
|
|
|
On 07/21/2007 10:02 PM, Jay K wrote:
> For the benefit of the list:
>
> This issue has been resolved. It turned out to be a disagreement
> between what C::P::Authenticaiton was trying to place in $user->store
> () and what LDAP was trying to place in $user->store()
>
> LDAP was correct, and C::P::Authentication should keep it's grubby
> little hands off of $user->store() - I am pushing a maintenance
> release of C::P::Authentication to CPAN now. Should be available
> from CPAN in a few hours.
>
I am now trying to use ::Store::LDAP 0.04 with ::Authentication 0.10002 and I cannot seem to get the config right. I just asked about this on #catalyst and was advised to use the older pre-0.1 base Authentication plugin. I have a feeling I'm just not getting the config right. But if it is is more systemic than that, and the LDAP plugins need some help getting up to the latest Authentication API, I have tuits to spend on it and would gladly contribute code/tests/docs if I was told those were needed, and given a pointer to where to start. TIA |
|
|
| 2) Alan Humphrey Here's what's working for me: authentication: default_realm: users realms: users: credential:... |
|
|
|
|
|
|
|
Here's what's working for me: authentication: default_realm: users realms: users: credential: class: 'Password' password_type: 'self_check' store: class: LDAP::Backend ldap_server: 'ldap://localhost:389' user_basedn: 'dc=birdwebdev,dc=dnsalias,dc=org' binddn: 'cn=admin,dc=birdwebdev,dc=dnsalias,dc=org' bindpw: 'xxxxx' Note in particular the store class name. FWIW, I'm using OpenLDAP. - Alan
> -----Original Message-----
> From: Peter Karman [email protected: p...@peknet.com]
> Sent: Monday, September 24, 2007 7:33 AM
> To: The elegant MVC web framework
> Subject: Re: [Catalyst] New auth stuff and LDAP store...
>
>
>
> On 07/21/2007 10:02 PM, Jay K wrote:
> > For the benefit of the list:
> >
> > This issue has been resolved. It turned out to be a disagreement
> > between what C::P::Authenticaiton was trying to place in $user->store
> > () and what LDAP was trying to place in $user->store()
> >
> > LDAP was correct, and C::P::Authentication should keep it's grubby
> > little hands off of $user->store() - I am pushing a maintenance
> > release of C::P::Authentication to CPAN now. Should be available
> > from CPAN in a few hours.
> >
>
> I am now trying to use ::Store::LDAP 0.04 with ::Authentication 0.10002
> and I
> cannot seem to get the config right. I just asked about this on
> #catalyst and
> was advised to use the older pre-0.1 base Authentication plugin.
>
> I have a feeling I'm just not getting the config right. But if it is is
> more
> systemic than that, and the LDAP plugins need some help getting up to
> the
> latest Authentication API, I have tuits to spend on it and would gladly
> contribute code/tests/docs if I was told those were needed, and given a
> pointer
> to where to start.
>
> TIA
>
> --
> Peter Karman . [email protected: p...@peknet.com] . http://peknet.com/
>
>
> _______________________________________________
> List: [email protected: Cat...@lists.rawmode.org]
> Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
> Searchable archive: http://www.mail-
> archive.com/catalyst@lists.rawmode.org/
> Dev site: http://dev.catalyst.perl.org/
_______________________________________________
List: [email protected: Cat...@lists.rawmode.org]
Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/
Dev site: http://dev.catalyst.perl.org/ |
|
|
| 3) Peter Karman Thanks. That works. I'm using OpenLDAP too. However, I'm concerned about a few things. still... |
|
|
|
|
|
|
|
On 09/24/2007 09:55 AM, Alan Humphrey wrote:
> Here's what's working for me:
>
>
> authentication:
> default_realm: users
> realms:
> users:
> credential:
> class: 'Password'
> password_type: 'self_check'
>
> store:
> class: LDAP::Backend
> ldap_server: 'ldap://localhost:389'
> user_basedn: 'dc=birdwebdev,dc=dnsalias,dc=org'
> binddn: 'cn=admin,dc=birdwebdev,dc=dnsalias,dc=org'
> bindpw: 'xxxxx'
>
>
> Note in particular the store class name.
>
> FWIW, I'm using OpenLDAP.
>
Thanks. That works. I'm using OpenLDAP too. However, I'm concerned about a few things. (1) the LDAP documentation is wrong. (2) in grokking the Authentication.pm code, I see that the LDAP modules are still working by virtue of a lot of code labeled 'BACKWARDS COMPATABILITY' and 'old-style' and warnings about the interface eventually disappearing. These include get_user() instead of the newer find_user() et al. As I have the time (and who knows how long that will last...), I'd still like to bring the LDAP plugins up to speed. I'll hack on it a bit today and see where I get. |
|
|
| 4) Adam Jacob I'll be happy to commit any of your patches and get a new release pushed out to CPAN. Adam... |
|
|
|
|
|
|
|
On 9/24/07, Peter Karman <peter@peknet.com> wrote:
> Thanks. That works. I'm using OpenLDAP too.
>
> However, I'm concerned about a few things.
>
> (1) the LDAP documentation is wrong.
> (2) in grokking the Authentication.pm code, I see that the LDAP modules are
> still working by virtue of a lot of code labeled 'BACKWARDS COMPATABILITY' and
> 'old-style' and warnings about the interface eventually disappearing. These
> include get_user() instead of the newer find_user() et al.
>
> As I have the time (and who knows how long that will last...), I'd still like
> to bring the LDAP plugins up to speed. I'll hack on it a bit today and see
> where I get.
I'll be happy to commit any of your patches and get a new release pushed out to CPAN. (Tests would be great!) Adam |
|
|
| 5) Peter Karman These patches seem to bring the LDAP plugins up the latest Authentication API, to support realms,... |
|
|
|
|
|
|
|
On 09/24/2007 11:55 AM, Peter Karman wrote:
> As I have the time (and who knows how long that will last...), I'd still like
> to bring the LDAP plugins up to speed. I'll hack on it a bit today and see
> where I get.
>
These patches seem to bring the LDAP plugins up the latest Authentication API, to support realms, etc.
--
Peter Karman . [email protected: p...@peknet.com] . http://peknet.com/ --- /home/msi/pek/perl/lib/perl5/site_perl/5.8.8/Catalyst/Plugin/Authentication/Store/LDAP/Backend.pm 2006-03-21 17:31:19.000000000 -0600
+++ lib/Catalyst/Plugin/Authentication/Store/LDAP/Backend.pm 2007-09-24 12:19:06.366910000 -0500
@@ -75,6 +75,8 @@
use strict;
use warnings;
+our $VERSION = '0.02';
+
use Catalyst::Plugin::Authentication::Store::LDAP::User;
use Net::LDAP;
@@ -115,10 +117,24 @@
return $self;
}
+=head2 find_user($id)
+
+Creates a L<Catalyst::Plugin::Authentication::Store::LDAP::User> object
+for the given User ID. This is the preferred deprecated mechanism for getting a
+given User out of the Store.
+
+=cut
+
+sub find_user {
+ my ( $self, $authinfo, $c ) = @_;
+ return $self->get_user( $authinfo->{id} || $authinfo->{username} );
+}
+
+
=head2 get_user($id)
Creates a L<Catalyst::Plugin::Authentication::Store::LDAP::User> object
-for the given User ID. This is the preferred mechanism for getting a
+for the given User ID. This is the old deprecated mechanism for getting a
given User out of the Store.
=cut
--- /home/msi/pek/perl/lib/perl5/site_perl/5.8.8/Catalyst/Plugin/Authentication/Store/LDAP.pm 2006-03-21 17:31:39.000000000 -0600
+++ lib/Catalyst/Plugin/Authentication/Store/LDAP.pm 2007-09-24 12:09:49.138025000 -0500
@@ -5,28 +5,14 @@
use strict;
use warnings;
-our $VERSION = '0.04';
+our $VERSION = '0.05';
use Catalyst::Plugin::Authentication::Store::LDAP::Backend;
-sub setup {
- my $c = shift;
-
- if (exists($c->config->{'authentication'})) {
- unless (exists($c->config->{'authentication'}->{'ldap'})) {
- Catalyst::Exception->throw("I require \$c->config->{'authentication'}->{'ldap'} to be configured.");
- }
- } else {
- Catalyst::Exception->throw("I require \$c->config->{'authentication'}->{'ldap'} to be configured.");
- }
-
- $c->default_auth_store(
- Catalyst::Plugin::Authentication::Store::LDAP::Backend->new(
- $c->config->{'authentication'}->{'ldap'}
- )
- );
-
- $c->NEXT::setup(@_);
+sub new {
+ my ( $class, $config, $app ) = @_;
+ return Catalyst::Plugin::Authentication::Store::LDAP::Backend->new(
+ $config);
}
__PACKAGE__;
@@ -84,7 +70,10 @@
sub login : Global {
my ( $self, $c ) = @_;
- $c->login( $c->req->param("login"), $c->req->param("password"), );
+ $c->authenticate({
+ id => $c->req->param("login"),
+ password => $c->req->param("password")
+ });
$c->res->body("Welcome " . $c->user->username . "!");
}
@@ -122,29 +111,37 @@
# Config for Store::LDAP
authentication:
- ldap:
- ldap_server: ldap.yourcompany.com
- ldap_server_options:
- timeout: 30
- binddn: anonymous
- bindpw: dontcarehow
- start_tls: 1
- start_tls_options:
- verify: none
- user_basedn: ou=people,dc=yourcompany,dc=com
- user_filter: (&(objectClass=posixAccount)(uid=%s))
- user_scope: one
- user_field: uid
- user_search_options:
- deref: always
- use_roles: 1
- role_basedn: ou=groups,ou=OxObjects,dc=yourcompany,dc=com
- role_filter: (&(objectClass=posixGroup)(memberUid=%s))
- role_scope: one
- role_field: uid
- role_value: dn
- role_search_options:
- deref: always
+ default_realm: ldap
+ realms:
+ ldap:
+ credential:
+ class: Password
+ password_field: password
+ password_type: self_check
+ store:
+ class: LDAP
+ ldap_server: ldap.yourcompany.com
+ ldap_server_options:
+ timeout: 30
+ binddn: anonymous
+ bindpw: dontcarehow
+ start_tls: 1
+ start_tls_options:
+ verify: none
+ user_basedn: ou=people,dc=yourcompany,dc=com
+ user_filter: (&(objectClass=posixAccount)(uid=%s))
+ user_scope: one
+ user_field: uid
+ user_search_options:
+ deref: always
+ use_roles: 1
+ role_basedn: ou=groups,ou=OxObjects,dc=yourcompany,dc=com
+ role_filter: (&(objectClass=posixGroup)(memberUid=%s))
+ role_scope: one
+ role_field: uid
+ role_value: dn
+ role_search_options:
+ deref: always
=head2 ldap_server _______________________________________________
List: [email protected: Cat...@lists.rawmode.org]
Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/
Dev site: http://dev.catalyst.perl.org/ |
|
|
| 6) Peter Karman heh. that should be 'preferred' not 'preferred deprecated'. :/ +=head2 find_user($id) +Creates a... |
|
|
|
|
|
|
|
On 09/24/2007 12:22 PM, Peter Karman wrote:
>
> On 09/24/2007 11:55 AM, Peter Karman wrote:
>
>> As I have the time (and who knows how long that will last...), I'd still like
>> to bring the LDAP plugins up to speed. I'll hack on it a bit today and see
>> where I get.
>>
>
> These patches seem to bring the LDAP plugins up the latest Authentication API,
> to support realms, etc.
heh. that should be 'preferred' not 'preferred deprecated'. :/ +=head2 find_user($id) + +Creates a L<Catalyst::Plugin::Authentication::Store::LDAP::User> object +for the given User ID. This is the preferred deprecated mechanism for getting a +given User out of the Store. |
|
|
| 7) Adam Jacob Anyone willing to give this a test run and let me know if things are working correctly for them? I... |
|
|
|
|
|
|
|
Anyone willing to give this a test run and let me know if things are working correctly for them? I don't have any apps using the new interface. :) Adam |
|
|
