[Catalyst-commits] r14558 - in Catalyst-Authentication-Store-LDAP/trunk: . lib/Catalyst/Authentication/Store lib/Catalyst/Authentication/Store/LDAP t t/lib
ilmari at dev.catalyst.perl.org
ilmari at dev.catalyst.perl.org
Fri Feb 20 16:59:17 GMT 2015
Author: ilmari
Date: 2015-02-20 16:59:17 +0000 (Fri, 20 Feb 2015)
New Revision: 14558
Added:
Catalyst-Authentication-Store-LDAP/trunk/MOVED-TO-GIT
Removed:
Catalyst-Authentication-Store-LDAP/trunk/Changes
Catalyst-Authentication-Store-LDAP/trunk/MANIFEST.SKIP
Catalyst-Authentication-Store-LDAP/trunk/Makefile.PL
Catalyst-Authentication-Store-LDAP/trunk/README
Catalyst-Authentication-Store-LDAP/trunk/TODO
Catalyst-Authentication-Store-LDAP/trunk/lib/Catalyst/Authentication/Store/LDAP.pm
Catalyst-Authentication-Store-LDAP/trunk/lib/Catalyst/Authentication/Store/LDAP/Backend.pm
Catalyst-Authentication-Store-LDAP/trunk/lib/Catalyst/Authentication/Store/LDAP/User.pm
Catalyst-Authentication-Store-LDAP/trunk/t/01-basic.t
Catalyst-Authentication-Store-LDAP/trunk/t/02-realms_api.t
Catalyst-Authentication-Store-LDAP/trunk/t/03-entry_class.t
Catalyst-Authentication-Store-LDAP/trunk/t/04-user_class.t
Catalyst-Authentication-Store-LDAP/trunk/t/05-user_attributes.t
Catalyst-Authentication-Store-LDAP/trunk/t/06-user_autoload.t
Catalyst-Authentication-Store-LDAP/trunk/t/10-roles-mock.t
Catalyst-Authentication-Store-LDAP/trunk/t/50.auth.case.sensitivity.t
Catalyst-Authentication-Store-LDAP/trunk/t/lib/EntryClass.pm
Catalyst-Authentication-Store-LDAP/trunk/t/lib/LDAPTest.pm
Catalyst-Authentication-Store-LDAP/trunk/t/lib/UserClass.pm
Catalyst-Authentication-Store-LDAP/trunk/t/pod-coverage.t
Catalyst-Authentication-Store-LDAP/trunk/t/pod.t
Log:
Moved to git
Deleted: Catalyst-Authentication-Store-LDAP/trunk/Changes
===================================================================
--- Catalyst-Authentication-Store-LDAP/trunk/Changes 2014-12-29 21:30:12 UTC (rev 14557)
+++ Catalyst-Authentication-Store-LDAP/trunk/Changes 2015-02-20 16:59:17 UTC (rev 14558)
@@ -1,127 +0,0 @@
-1.014 26 April 2013
- - Don't fall back to unauthenticated bind when authenticating
-
-1.013 9 January 2013
- - fix for https://rt.cpan.org/Ticket/Display.html?id=81908 security hole.
-
-1.012 5 October 2010
- - add methods conforming to the Catalyst::Authentication::User API
- as required here:
- http://search.cpan.org/dist/Catalyst-Plugin-Authentication/lib/Catalyst/Plugin/Authentication/Internals.pod#USER_METHODS
- Nudging provided via RT https://rt.cpan.org/Ticket/Display.html?id=60793
- - add documentation for Active Directory at suggestion of Adam Wohld
- - Make ->can work for AUTOLOADED $user methods
-
-1.011 7 July 2010
- - fix t/05-user_attributes.t to skip correct number of tests if
- Catalyst::Model::LDAP is not installed.
-
-1.010 6 July 2010
- - Make AUTOLOAD method work for ->dn by generically calling has_attribute
- which has a special case for it.
- - Unify the handling of the ->username method between AUTOLOAD and
- has_attribute by special casing it more generically in has_attribute.
- Both RT#57610, patch and tests by Jason Fried
-
-1.009 15 May 2010
- - Fix pod for get_user() and from_session() in Backend.pm, adding
- the missing $c param. Pass $c in from_session() through to get_user().
- Reported in https://rt.cpan.org/Ticket/Display.html?id=56983 with
- patch from Bjørn-Olav Strand.
-
-1.008 02 April 2010
- - Allow for multiple uid values on a User object. See RT
- https://rt.cpan.org/Ticket/Display.html?id=51505
- and patch from Andrew Kirkpatrick.
-
-1.007 19 Mar 2010
- - Store the user password for the ldap_connection method in an inside
- out hash rather than a closure so that the user object can be serialized
- with Storable as people are putting them in the session (RT#53279)
-
-1.006 11 Dec 2009
- - Pass $c along to find_user method so overridden user_class users can
- get at models (or whatever crazy things they might do) (gphat)
- - Add an ldap_connection method to the user class, which will return
- an LDAP connection bound as the user who authenticated.
- - Trim trailing whitespace from submitted usernames otherwise we generate
- bad LDAP queries.
-
-0.1005 30 April 2009
- - Stop throwing an exception when the lookup_user method fails
- to find a user and instead return undef. (t0m)
- - Add tests for above (t0m)
- - Change documentation which still refers to the old ::Plugin:: style
- auth system to use ->authenticate instead of ->login, and not say that
- you need to do things manually to have multiple stores. (t0m)
-
-0.1004 21 Oct 2008
- - Add the ability to have the user inflated into a custom
- user class with the user_class option (t0m)
- - Add the ability for role lookup to be performed within
- the same (user) bind context that the user's password is
- checked in (t0m)
-
-0.1003 10 Sept 2008
- - get entries in array context rather than scalar context,
- allowing for multiple values. patch by scpham.
- - lc() to compare Net::LDAP results with supplied $id
- bug reported via RT #39113
-
-
-0.1002 9 July 2008
- - tests updated to use Net::LDAP::Server::Test 0.03
-
-
-0.1001 9 April 2008
- - matthewr pointed out that the SYNOPSIS 'use Catalyst' line is wrong.
- - imacat reported that t/03-entry was failing when Catalyst::Model::LDAP was
- not installed. Fixed RT# 34777.
-
-
-0.1000 4 Feb 2008
- - forked from Catalyst::Plugin::Authentication::Store::LDAP and name changed
- to Catalyst::Authentication::Store::LDAP
- - tests now use Net::LDAP::Server::Test instead of relying on openldap.org
- - changed release date for 0.0600
- - added AD config suggestions from matija at serverflow.com
- - bumped req base Auth package to 0.10003
- - lookup_user() now throws an exception if there is more than one entry returned
- from a LDAP search
- - added new user_search_filter config option to filter out multiple entries on
- Perl side
-
-
-0.0600 karman 18 Oct 2007 [was: omega Thu Aug 09 09:22:00 CET 2007]
- - Someone had put some 0.052 version out, need to bump past that
- - Add realms API support to match newest C::P::Authentication API. (karman)
- - Add POD tests. (karman)
-
-0.06 omega Thu Aug 09 09:00:00 CET 2007
- - Added support for entry_class in the same way that Catalyst::Model::LDAP
- supports it, allowing one to override what class is returned from
- $c->user->ldap_entry, and thus allowing one to add methods to the user
- object
-
-0.05
- - Added support for multiple identifiers.
-
-0.04 adam Tue Mar 21 15:31:57 PST 2006
- - Fixed rt.cpan.org #18250, sample YAML config incorrectly using arrays
- - Added some error checking around whether or not we have been properly
- configured.
-
-0.03 adam Fri Feb 17 09:51:36 PST 2006
- - Gavin Henry's documentation patch for YAML configuration
-
-0.02 adam Fri Feb 10 14:10:23 PST 2006
- - Now throws an exception if the initial bind fails
- - Changed the default role_filter from (member=%s) to (memberUid=%s)
- - Fixed bug in Backend->lookup_user that was not properly handling
- when a user was not found in the backing store at all.
-
-0.01 adam Thu Feb 8 14:28:18 2006
- - initial revision
- - supports authentication
- - supports roles
-
Deleted: Catalyst-Authentication-Store-LDAP/trunk/MANIFEST.SKIP
===================================================================
--- Catalyst-Authentication-Store-LDAP/trunk/MANIFEST.SKIP 2014-12-29 21:30:12 UTC (rev 14557)
+++ Catalyst-Authentication-Store-LDAP/trunk/MANIFEST.SKIP 2015-02-20 16:59:17 UTC (rev 14558)
@@ -1,8 +0,0 @@
-^Makefile.old$
-^Catalyst-
-.svn
-^Makefile$
-^blib/
-^.*\.swp$
-^MANIFEST\.
-^pm_to_blib$
Added: Catalyst-Authentication-Store-LDAP/trunk/MOVED-TO-GIT
===================================================================
--- Catalyst-Authentication-Store-LDAP/trunk/MOVED-TO-GIT (rev 0)
+++ Catalyst-Authentication-Store-LDAP/trunk/MOVED-TO-GIT 2015-02-20 16:59:17 UTC (rev 14558)
@@ -0,0 +1,5 @@
+Catalyst-Authentication-Store-LDAP has moved to git:
+
+ git:// public read-only: git://git.shadowcat.co.uk/catagits/Catalyst-Authentication-Store-LDAP.git
+ history browser: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=catagits/Catalyst-Authentication-Store-LDAP.git
+ ssh:// for contributors: catagits at git.shadowcat.co.uk:Catalyst-Authentication-Store-LDAP.git
\ No newline at end of file
Deleted: Catalyst-Authentication-Store-LDAP/trunk/Makefile.PL
===================================================================
--- Catalyst-Authentication-Store-LDAP/trunk/Makefile.PL 2014-12-29 21:30:12 UTC (rev 14557)
+++ Catalyst-Authentication-Store-LDAP/trunk/Makefile.PL 2015-02-20 16:59:17 UTC (rev 14558)
@@ -1,26 +0,0 @@
-use inc::Module::Install 0.87;
-
-name('Catalyst-Authentication-Store-LDAP');
-abstract('Authenticate Users against LDAP Directories');
-author('Adam Jacob <holoway at cpan.org>');
-version_from('lib/Catalyst/Authentication/Store/LDAP.pm');
-license('perl');
-
-requires('Net::LDAP');
-requires( 'Catalyst::Plugin::Authentication' => '0.10003' );
-
-#requires('Catalyst::Model::LDAP');
-build_requires('Net::LDAP::Server::Test' => '0.07');
-build_requires('Test::More');
-build_requires('Test::MockObject');
-build_requires('Test::Exception');
-
-resources repository => 'http://dev.catalyst.perl.org/repos/Catalyst/Catalyst-Authentication-Store-LDAP/trunk/';
-
-if ($Module::Install::AUTHOR) {
- system("pod2text lib/Catalyst/Authentication/Store/LDAP.pm > README")
- and die $!;
-}
-
-WriteAll;
-
Deleted: Catalyst-Authentication-Store-LDAP/trunk/README
===================================================================
--- Catalyst-Authentication-Store-LDAP/trunk/README 2014-12-29 21:30:12 UTC (rev 14557)
+++ Catalyst-Authentication-Store-LDAP/trunk/README 2015-02-20 16:59:17 UTC (rev 14558)
@@ -1,308 +0,0 @@
-NAME
- Catalyst::Authentication::Store::LDAP - Authentication from an LDAP
- Directory.
-
-SYNOPSIS
- use Catalyst qw(
- Authentication
- );
-
- __PACKAGE__->config(
- 'authentication' => {
- default_realm => "ldap",
- realms => {
- ldap => {
- credential => {
- class => "Password",
- password_field => "password",
- password_type => "self_check",
- },
- store => {
- binddn => "anonymous",
- bindpw => "dontcarehow",
- class => "LDAP",
- ldap_server => "ldap.yourcompany.com",
- ldap_server_options => { timeout => 30 },
- role_basedn => "ou=groups,ou=OxObjects,dc=yourcompany,dc=com",
- role_field => "uid",
- role_filter => "(&(objectClass=posixGroup)(memberUid=%s))",
- role_scope => "one",
- role_search_options => { deref => "always" },
- role_value => "dn",
- role_search_as_user => 0,
- start_tls => 1,
- start_tls_options => { verify => "none" },
- entry_class => "MyApp::LDAP::Entry",
- use_roles => 1,
- user_basedn => "ou=people,dc=yourcompany,dc=com",
- user_field => "uid",
- user_filter => "(&(objectClass=posixAccount)(uid=%s))",
- user_scope => "one", # or "sub" for Active Directory
- user_search_options => { deref => "always" },
- user_results_filter => sub { return shift->pop_entry },
- },
- },
- },
- },
- );
-
- sub login : Global {
- my ( $self, $c ) = @_;
-
- $c->authenticate({
- id => $c->req->param("login"),
- password => $c->req->param("password")
- });
- $c->res->body("Welcome " . $c->user->username . "!");
- }
-
-DESCRIPTION
- This plugin implements the Catalyst::Authentication v.10 API. Read that
- documentation first if you are upgrading from a previous version of this
- plugin.
-
- This plugin uses "Net::LDAP" to let your application authenticate
- against an LDAP directory. It has a pretty high degree of flexibility,
- given the wide variation of LDAP directories and schemas from one system
- to another.
-
- It authenticates users in two steps:
-
- 1) A search of the directory is performed, looking for a user object
- that matches the username you pass. This is done with the bind
- credentials supplied in the "binddn" and "bindpw" configuration options.
-
- 2) If that object is found, we then re-bind to the directory as that
- object. Assuming this is successful, the user is Authenticated.
-
-CONFIGURATION OPTIONS
- Configuring with YAML
- Set Configuration to be loaded via Config.yml in YourApp.pm
-
- use YAML qw(LoadFile);
- use Path::Class 'file';
-
- __PACKAGE__->config(
- LoadFile(
- file(__PACKAGE__->config->{home}, 'Config.yml')
- )
- );
-
- Settings in Config.yml (adapt these to whatever configuration format you
- use):
-
- # Config for Store::LDAP
- authentication:
- default_realm: ldap
- realms:
- ldap:
- credential:
- class: Password
- password_field: password
- password_type: self_check
- store:
- class: LDAP
- ldap_server: ldap.yourcompany.com
- ldap_server_options:
- timeout: 30
- binddn: anonymous
- bindpw: dontcarehow
- start_tls: 1
- start_tls_options:
- verify: none
- user_basedn: ou=people,dc=yourcompany,dc=com
- user_filter: (&(objectClass=posixAccount)(uid=%s))
- user_scope: one
- user_field: uid
- user_search_options:
- deref: always
- use_roles: 1
- role_basedn: ou=groups,ou=OxObjects,dc=yourcompany,dc=com
- role_filter: (&(objectClass=posixGroup)(memberUid=%s))
- role_scope: one
- role_field: uid
- role_value: dn
- role_search_options:
- deref: always
-
- NOTE: The settings above reflect the default values for OpenLDAP. If you
- are using Active Directory instead, Matija Grabnar suggests that the
- following tweeks to the example configuration will work:
-
- user_basedn: ou=Domain Users,ou=Accounts,dc=mycompany,dc=com
- user_field: samaccountname
- user_filter: (sAMAccountName=%s)
- user_scope: sub
-
- He also notes: "I found the case in the value of user_field to be
- significant: it didn't seem to work when I had the mixed case value
- there."
-
- ldap_server
- This should be the hostname of your LDAP server.
-
- ldap_server_options
- This should be a hashref containing options to pass to Net::LDAP->new().
- See Net::LDAP for the full list.
-
- binddn
- This should be the DN of the object you wish to bind to the directory as
- during the first phase of authentication. (The user lookup phase)
-
- If you supply the value "anonymous" to this option, we will bind
- anonymously to the directory. This is the default.
-
- bindpw
- This is the password for the initial bind.
-
- start_tls
- If this is set to 1, we will convert the LDAP connection to use SSL.
-
- start_tls_options
- This is a hashref, which contains the arguments to the Net::LDAP
- start_tls method. See Net::LDAP for the complete list of options.
-
- user_basedn
- This is the basedn for the initial user lookup. Usually points to the
- top of your "users" branch; ie "ou=people,dc=yourcompany,dc=com".
-
- user_filter
- This is the LDAP Search filter used during user lookup. The special
- string '%s' will be replaced with the username you pass to $c->login. By
- default it is set to '(uid=%s)'. Other possibly useful filters:
-
- (&(objectClass=posixAccount)(uid=%s))
- (&(objectClass=User)(cn=%s))
-
- user_scope
- This specifies the scope of the search for the initial user lookup.
- Valid values are "base", "one", and "sub". Defaults to "sub".
-
- user_field
- This is the attribute of the returned LDAP object we will use for their
- "username". This defaults to "uid". If you had user_filter set to:
-
- (&(objectClass=User)(cn=%s))
-
- You would probably set this to "cn". You can also set it to an array, to
- allow more than one login field. The first field will be returned as
- identifier for the user.
-
- user_search_options
- This takes a hashref. It will append it's values to the call to
- Net::LDAP's "search" method during the initial user lookup. See
- Net::LDAP for valid options.
-
- Be careful not to specify:
-
- filter
- scope
- base
-
- As they are already taken care of by other configuration options.
-
- user_results_filter
- This is a Perl CODE ref that can be used to filter out multiple results
- from your LDAP query. In theory, your LDAP query should only return one
- result and find_user() will throw an exception if it encounters more
- than one result. However, if you have, for whatever reason, a legitimate
- reason for returning multiple search results from your LDAP query, use
- "user_results_filter" to filter out the LDAP entries you do not want
- considered. Your CODE ref should expect a single argument, a
- Net::LDAP::Search object, and it should return exactly one value, a
- Net::LDAP::Entry object.
-
- Example:
-
- user_results_filter => sub {
- my $search_obj = shift;
- foreach my $entry ($search_obj->entries) {
- return $entry if my_match_logic( $entry );
- }
- return undef; # i.e., no match
- }
-
- use_roles
- Whether or not to enable role lookups. It defaults to true; set it to 0
- if you want to always avoid role lookups.
-
- role_basedn
- This should be the basedn where the LDAP Objects representing your roles
- are.
-
- role_filter
- This should be the LDAP Search filter to use during the role lookup. It
- defaults to '(memberUid=%s)'. The %s in this filter is replaced with the
- value of the "role_value" configuration option.
-
- So, if you had a role_value of "cn", then this would be populated with
- the cn of the User's LDAP object. The special case is a role_value of
- "dn", which will be replaced with the User's DN.
-
- role_scope
- This specifies the scope of the search for the user's role lookup. Valid
- values are "base", "one", and "sub". Defaults to "sub".
-
- role_field
- Should be set to the Attribute of the Role Object's returned during Role
- lookup you want to use as the "name" of the role. Defaults to "CN".
-
- role_value
- This is the attribute of the User object we want to use in our
- role_filter. If this is set to "dn", we will use the User Objects DN.
-
- role_search_options
- This takes a hashref. It will append it's values to the call to
- Net::LDAP's "search" method during the user's role lookup. See Net::LDAP
- for valid options.
-
- Be careful not to specify:
-
- filter
- scope
- base
-
- As they are already taken care of by other configuration options.
-
- role_search_as_user
- By default this setting is false, and the role search will be performed
- by binding to the directory with the details in the *binddn* and
- *bindpw* fields. If this is set to false, then the role search will
- instead be performed when bound as the user you authenticated as.
-
- entry_class
- The name of the class of LDAP entries returned. This class should exist
- and is expected to be a subclass of Net::LDAP::Entry
-
- user_class
- The name of the class of user object returned. By default, this is
- Catalyst::Authentication::Store::LDAP::User.
-
-METHODS
- new
- This method will populate "default_auth_store" in
- Catalyst::Plugin::Authentication with this object.
-
-AUTHORS
- Adam Jacob <holoway at cpan.org>
-
- Some parts stolen shamelessly and entirely from
- Catalyst::Plugin::Authentication::Store::Htpasswd.
-
- Currently maintained by Peter Karman <karman at cpan.org>.
-
-THANKS
- To nothingmuch, ghenry, castaway and the rest of #catalyst for the help.
- :)
-
-SEE ALSO
- Catalyst::Authentication::Store::LDAP,
- Catalyst::Authentication::Store::LDAP::User,
- Catalyst::Authentication::Store::LDAP::Backend,
- Catalyst::Plugin::Authentication, Net::LDAP
-
-COPYRIGHT & LICENSE
- Copyright (c) 2005 the aforementioned authors. All rights reserved. This
- program is free software; you can redistribute it and/or modify it under
- the same terms as Perl itself.
-
Deleted: Catalyst-Authentication-Store-LDAP/trunk/TODO
===================================================================
--- Catalyst-Authentication-Store-LDAP/trunk/TODO 2014-12-29 21:30:12 UTC (rev 14557)
+++ Catalyst-Authentication-Store-LDAP/trunk/TODO 2015-02-20 16:59:17 UTC (rev 14558)
@@ -1,10 +0,0 @@
-* Cache - this hits the directory a lot during full Auth/Authz usage.
-
-* Recipes - We could handle some default recipes in the documentation for
- different usage patterns.
-
-* Tests - We don't do any but the most cursory of tests
-
-(13:22:23) jayk: karpet: yah. the ability to define the user class to use
-in config would make the module much more flexible.
-able to customize without so much hacking around.
Deleted: Catalyst-Authentication-Store-LDAP/trunk/lib/Catalyst/Authentication/Store/LDAP/Backend.pm
===================================================================
--- Catalyst-Authentication-Store-LDAP/trunk/lib/Catalyst/Authentication/Store/LDAP/Backend.pm 2014-12-29 21:30:12 UTC (rev 14557)
+++ Catalyst-Authentication-Store-LDAP/trunk/lib/Catalyst/Authentication/Store/LDAP/Backend.pm 2015-02-20 16:59:17 UTC (rev 14558)
@@ -1,479 +0,0 @@
-
-=pod
-
-=head1 NAME
-
-Catalyst::Authentication::Store::LDAP::Backend
- - LDAP authentication storage backend.
-
-=head1 SYNOPSIS
-
- # you probably just want Store::LDAP under most cases,
- # but if you insist you can instantiate your own store:
-
- use Catalyst::Authentication::Store::LDAP::Backend;
-
- use Catalyst qw/
- Authentication
- Authentication::Credential::Password
- /;
-
- my %config = (
- 'ldap_server' => 'ldap1.yourcompany.com',
- 'ldap_server_options' => {
- 'timeout' => 30,
- },
- 'binddn' => 'anonymous',
- 'bindpw' => 'dontcarehow',
- 'start_tls' => 1,
- 'start_tls_options' => {
- 'verify' => 'none',
- },
- 'user_basedn' => 'ou=people,dc=yourcompany,dc=com',
- 'user_filter' => '(&(objectClass=posixAccount)(uid=%s))',
- 'user_scope' => 'one', # or 'sub' for Active Directory
- 'user_field' => 'uid',
- 'user_search_options' => {
- 'deref' => 'always',
- },
- 'user_results_filter' => sub { return shift->pop_entry },
- 'entry_class' => 'MyApp::LDAP::Entry',
- 'user_class' => 'MyUser',
- 'use_roles' => 1,
- 'role_basedn' => 'ou=groups,dc=yourcompany,dc=com',
- 'role_filter' => '(&(objectClass=posixGroup)(member=%s))',
- 'role_scope' => 'one',
- 'role_field' => 'cn',
- 'role_value' => 'dn',
- 'role_search_options' => {
- 'deref' => 'always',
- },
- 'role_search_as_user' => 0,
- );
-
- our $users = Catalyst::Authentication::Store::LDAP::Backend->new(\%config);
-
-=head1 DESCRIPTION
-
-You probably want L<Catalyst::Authentication::Store::LDAP>.
-
-Otherwise, this lets you create a store manually.
-
-See the L<Catalyst::Authentication::Store::LDAP> documentation for
-an explanation of the configuration options.
-
-=head1 METHODS
-
-=cut
-
-package Catalyst::Authentication::Store::LDAP::Backend;
-use base qw( Class::Accessor::Fast );
-
-use strict;
-use warnings;
-
-our $VERSION = '1.014';
-
-use Catalyst::Authentication::Store::LDAP::User;
-use Net::LDAP;
-use Catalyst::Utils ();
-
-BEGIN {
- __PACKAGE__->mk_accessors(
- qw( ldap_server ldap_server_options binddn
- bindpw entry_class user_search_options
- user_filter user_basedn user_scope
- user_attrs user_field use_roles role_basedn
- role_filter role_scope role_field role_value
- role_search_options start_tls start_tls_options
- user_results_filter user_class role_search_as_user
- )
- );
-}
-
-=head2 new($config)
-
-Creates a new L<Catalyst::Authentication::Store::LDAP::Backend> object.
-$config should be a hashref, which should contain the configuration options
-listed in L<Catalyst::Authentication::Store::LDAP>'s documentation.
-
-Also sets a few sensible defaults.
-
-=cut
-
-sub new {
- my ( $class, $config ) = @_;
-
- unless ( defined($config) && ref($config) eq "HASH" ) {
- Catalyst::Exception->throw(
- "Catalyst::Authentication::Store::LDAP::Backend needs to be configured with a hashref."
- );
- }
- my %config_hash = %{$config};
- $config_hash{'binddn'} ||= 'anonymous';
- $config_hash{'user_filter'} ||= '(uid=%s)';
- $config_hash{'user_scope'} ||= 'sub';
- $config_hash{'user_field'} ||= 'uid';
- $config_hash{'role_filter'} ||= '(memberUid=%s)';
- $config_hash{'role_scope'} ||= 'sub';
- $config_hash{'role_field'} ||= 'cn';
- $config_hash{'use_roles'} ||= '1';
- $config_hash{'start_tls'} ||= '0';
- $config_hash{'entry_class'} ||= 'Catalyst::Model::LDAP::Entry';
- $config_hash{'user_class'}
- ||= 'Catalyst::Authentication::Store::LDAP::User';
- $config_hash{'role_search_as_user'} ||= 0;
-
- Catalyst::Utils::ensure_class_loaded( $config_hash{'user_class'} );
- my $self = \%config_hash;
- bless( $self, $class );
- return $self;
-}
-
-=head2 find_user( I<authinfo>, $c )
-
-Creates a L<Catalyst::Authentication::Store::LDAP::User> object
-for the given User ID. This is the preferred mechanism for getting a
-given User out of the Store.
-
-I<authinfo> should be a hashref with a key of either C<id> or
-C<username>. The value will be compared against the LDAP C<user_field> field.
-
-=cut
-
-sub find_user {
- my ( $self, $authinfo, $c ) = @_;
- return $self->get_user( $authinfo->{id} || $authinfo->{username}, $c );
-}
-
-=head2 get_user( I<id>, $c)
-
-Creates a L<Catalyst::Authentication::Store::LDAP::User> object
-for the given User ID, or calls C<new> on the class specified in
-C<user_class>. This instance of the store object, the results of
-C<lookup_user> and $c are passed as arguments (in that order) to C<new>.
-This is the preferred mechanism for getting a given User out of the Store.
-
-=cut
-
-sub get_user {
- my ( $self, $id, $c ) = @_;
- my $user = $self->user_class->new( $self, $self->lookup_user($id), $c );
- return $user;
-}
-
-=head2 ldap_connect
-
-Returns a L<Net::LDAP> object, connected to your LDAP server. (According
-to how you configured the Backend, of course)
-
-=cut
-
-sub ldap_connect {
- my ($self) = shift;
- my $ldap;
- if ( defined( $self->ldap_server_options() ) ) {
- $ldap
- = Net::LDAP->new( $self->ldap_server,
- %{ $self->ldap_server_options } )
- or Catalyst::Exception->throw($@);
- }
- else {
- $ldap = Net::LDAP->new( $self->ldap_server )
- or Catalyst::Exception->throw($@);
- }
- if ( defined( $self->start_tls ) && $self->start_tls =~ /(1|true)/i ) {
- my $mesg;
- if ( defined( $self->start_tls_options ) ) {
- $mesg = $ldap->start_tls( %{ $self->start_tls_options } );
- }
- else {
- $mesg = $ldap->start_tls;
- }
- if ( $mesg->is_error ) {
- Catalyst::Exception->throw( "TLS Error: " . $mesg->error );
- }
- }
- return $ldap;
-}
-
-=head2 ldap_bind($ldap, $binddn, $bindpw)
-
-Bind's to the directory. If $ldap is undef, it will connect to the
-LDAP server first. $binddn should be the DN of the object you wish
-to bind as, and $bindpw the password.
-
-If $binddn is "anonymous", an anonymous bind will be performed.
-
-=cut
-
-sub ldap_bind {
- my ( $self, $ldap, $binddn, $bindpw, $forauth ) = @_;
- $forauth ||= 0;
- $ldap ||= $self->ldap_connect;
- if ( !defined($ldap) ) {
- Catalyst::Exception->throw("LDAP Server undefined!");
- }
-
- # if username is present, make sure password is present too.
- # see https://rt.cpan.org/Ticket/Display.html?id=81908
- if ( !defined $binddn ) {
- $binddn = $self->binddn;
- $bindpw = $self->bindpw;
- }
-
- if ( $binddn eq "anonymous" ) {
- $self->_ldap_bind_anon($ldap);
- }
- else {
- # Don't fall back to unauthenticated bind when authenticating
- if ($bindpw or $forauth eq 'forauth') {
- my $mesg = $ldap->bind( $binddn, 'password' => $bindpw );
- if ( $mesg->is_error ) {
-
- # If we're not checking this bind for authentication purposes
- # Go ahead an blow up if we fail.
- if ( $forauth ne 'forauth' ) {
- Catalyst::Exception->throw(
- "Error on Initial Bind: " . $mesg->error );
- }
- else {
- return undef;
- }
- }
- }
- else {
- $self->_ldap_bind_anon( $ldap, $binddn );
- }
- }
- return $ldap;
-}
-
-sub _ldap_bind_anon {
- my ( $self, $ldap, $dn ) = @_;
- my $mesg = $ldap->bind($dn);
- if ( $mesg->is_error ) {
- Catalyst::Exception->throw( "Error on Bind: " . $mesg->error );
- }
-}
-
-=head2 lookup_user($id)
-
-Given a User ID, this method will:
-
- A) Bind to the directory using the configured binddn and bindpw
- B) Perform a search for the User Object in the directory, using
- user_basedn, user_filter, and user_scope.
- C) Assuming we found the object, we will walk it's attributes
- using L<Net::LDAP::Entry>'s get_value method. We store the
- results in a hashref. If we do not find the object, then
- undef is returned.
- D) Return a hashref that looks like:
-
- $results = {
- 'ldap_entry' => $entry, # The Net::LDAP::Entry object
- 'attributes' => $attributes,
- }
-
-This method is usually only called by find_user().
-
-=cut
-
-sub lookup_user {
- my ( $self, $id ) = @_;
-
- # No sneaking in wildcards!
- if ( $id =~ /\*/ ) {
- Catalyst::Exception->throw("ID $id contains wildcards!");
- }
-
- # Trim trailing space or we confuse ourselves
- $id =~ s/\s+$//;
- my $ldap = $self->ldap_bind;
- my @searchopts;
- if ( defined( $self->user_basedn ) ) {
- push( @searchopts, 'base' => $self->user_basedn );
- }
- else {
- Catalyst::Exception->throw(
- "You must set user_basedn before looking up users!");
- }
- my $filter = $self->_replace_filter( $self->user_filter, $id );
- push( @searchopts, 'filter' => $filter );
- push( @searchopts, 'scope' => $self->user_scope );
- if ( defined( $self->user_search_options ) ) {
- push( @searchopts, %{ $self->user_search_options } );
- }
- my $usersearch = $ldap->search(@searchopts);
-
- return undef if ( $usersearch->is_error );
-
- my $userentry;
- my $user_field = $self->user_field;
- my $results_filter = $self->user_results_filter;
- my $entry;
- if ( defined($results_filter) ) {
- $entry = &$results_filter($usersearch);
- }
- else {
- $entry = $usersearch->pop_entry;
- }
- if ( $usersearch->pop_entry ) {
- Catalyst::Exception->throw(
- "More than one entry matches user search.\n"
- . "Consider defining a user_results_filter sub." );
- }
-
- # a little extra sanity check with the 'eq' since LDAP already
- # says it matches.
- # NOTE that Net::LDAP returns exactly what you asked for, but
- # because LDAP is often case insensitive, FoO can match foo
- # and so we normalize with lc().
- if ( defined($entry) ) {
- unless ( lc( $entry->get_value($user_field) ) eq lc($id) ) {
- Catalyst::Exception->throw(
- "LDAP claims '$user_field' equals '$id' but results entry does not match."
- );
- }
- $userentry = $entry;
- }
-
- $ldap->unbind;
- $ldap->disconnect;
- unless ($userentry) {
- return undef;
- }
- my $attrhash;
- foreach my $attr ( $userentry->attributes ) {
- my @attrvalues = $userentry->get_value($attr);
- if ( scalar(@attrvalues) == 1 ) {
- $attrhash->{ lc($attr) } = $attrvalues[0];
- }
- else {
- $attrhash->{ lc($attr) } = \@attrvalues;
- }
- }
-
- eval { Catalyst::Utils::ensure_class_loaded( $self->entry_class ) };
- if ( !$@ ) {
- bless( $userentry, $self->entry_class );
- $userentry->{_use_unicode}++;
- }
- my $rv = {
- 'ldap_entry' => $userentry,
- 'attributes' => $attrhash,
- };
- return $rv;
-}
-
-=head2 lookup_roles($userobj, [$ldap])
-
-This method looks up the roles for a given user. It takes a
-L<Catalyst::Authentication::Store::LDAP::User> object
-as it's first argument, and can optionally take a I<Net::LDAP> object which
-is used rather than the default binding if supplied.
-
-It returns an array containing the role_field attribute from all the
-objects that match it's criteria.
-
-=cut
-
-sub lookup_roles {
- my ( $self, $userobj, $ldap ) = @_;
- if ( $self->use_roles == 0 || $self->use_roles =~ /^false$/i ) {
- return undef;
- }
- $ldap ||= $self->ldap_bind;
- my @searchopts;
- if ( defined( $self->role_basedn ) ) {
- push( @searchopts, 'base' => $self->role_basedn );
- }
- else {
- Catalyst::Exception->throw(
- "You must set up role_basedn before looking up roles!");
- }
- my $filter_value = $userobj->has_attribute( $self->role_value );
- if ( !defined($filter_value) ) {
- Catalyst::Exception->throw( "User object "
- . $userobj->username
- . " has no "
- . $self->role_value
- . " attribute, so I can't look up it's roles!" );
- }
- my $filter = $self->_replace_filter( $self->role_filter, $filter_value );
- push( @searchopts, 'filter' => $filter );
- push( @searchopts, 'scope' => $self->role_scope );
- push( @searchopts, 'attrs' => [ $self->role_field ] );
- if ( defined( $self->role_search_options ) ) {
- push( @searchopts, %{ $self->role_search_options } );
- }
- my $rolesearch = $ldap->search(@searchopts);
- my @roles;
-RESULT: foreach my $entry ( $rolesearch->entries ) {
- push( @roles, $entry->get_value( $self->role_field ) );
- }
- return @roles;
-}
-
-sub _replace_filter {
- my $self = shift;
- my $filter = shift;
- my $replace = shift;
- $filter =~ s/\%s/$replace/g;
- return $filter;
-}
-
-=head2 user_supports
-
-Returns the value of
-Catalyst::Authentication::Store::LDAP::User->supports(@_).
-
-=cut
-
-sub user_supports {
- my $self = shift;
-
- # this can work as a class method
- Catalyst::Authentication::Store::LDAP::User->supports(@_);
-}
-
-=head2 from_session( I<id>, I<$c> )
-
-Returns get_user() for I<id>.
-
-=cut
-
-sub from_session {
- my ( $self, $c, $id ) = @_;
- $self->get_user( $id, $c );
-}
-
-1;
-
-__END__
-
-=head1 AUTHORS
-
-Adam Jacob <holoway at cpan.org>
-
-Some parts stolen shamelessly and entirely from
-L<Catalyst::Plugin::Authentication::Store::Htpasswd>.
-
-Currently maintained by Peter Karman <karman at cpan.org>.
-
-=head1 THANKS
-
-To nothingmuch, ghenry, castaway and the rest of #catalyst for the help. :)
-
-=head1 SEE ALSO
-
-L<Catalyst::Authentication::Store::LDAP>, L<Catalyst::Authentication::Store::LDAP::User>, L<Catalyst::Plugin::Authentication>, L<Net::LDAP>
-
-=head1 COPYRIGHT & LICENSE
-
-Copyright (c) 2005 the aforementioned authors. All rights
-reserved. This program is free software; you can redistribute
-it and/or modify it under the same terms as Perl itself.
-
-=cut
-
Deleted: Catalyst-Authentication-Store-LDAP/trunk/lib/Catalyst/Authentication/Store/LDAP/User.pm
===================================================================
--- Catalyst-Authentication-Store-LDAP/trunk/lib/Catalyst/Authentication/Store/LDAP/User.pm 2014-12-29 21:30:12 UTC (rev 14557)
+++ Catalyst-Authentication-Store-LDAP/trunk/lib/Catalyst/Authentication/Store/LDAP/User.pm 2015-02-20 16:59:17 UTC (rev 14558)
@@ -1,372 +0,0 @@
-
-=pod
-
-=head1 NAME
-
-Catalyst::Authentication::Store::LDAP::User
- - A User object representing an LDAP object.
-
-=head1 SYNOPSIS
-
-You should be creating these objects through L<Catalyst::Authentication::Store::LDAP::Backend>'s "get_user" method, or just letting $c->authenticate do
-it for you.
-
- sub action : Local {
- my ( $self, $c ) = @_;
- $c->authenticate({
- id => $c->req->param(username),
- password => $c->req->param(password)
- );
- $c->log->debug($c->user->username . "is really neat!");
- }
-
-If you access just $c->user in a scalar context, it will return the current
-username.
-
-=head1 DESCRIPTION
-
-This wraps up an LDAP object and presents a simplified interface to it's
-contents. It uses some AUTOLOAD magic to pass method calls it doesn't
-understand through as simple read only accessors for the LDAP entries
-various attributes.
-
-It gets grumpy if you ask for an attribute via the AUTOLOAD mechanism
-that it doesn't know about. Avoid that with using "has_attribute",
-discussed in more detail below.
-
-You can skip all that and just go straight to the L<Net::LDAP::Entry>
-object through the "ldap_entry" method:
-
- my $entry = $c->user->ldap_entry;
-
-It also has support for Roles.
-
-=cut
-
-package Catalyst::Authentication::Store::LDAP::User;
-use base qw( Catalyst::Authentication::User Class::Accessor::Fast );
-
-use strict;
-use warnings;
-use Scalar::Util qw/refaddr/;
-
-our $VERSION = '1.014';
-
-BEGIN { __PACKAGE__->mk_accessors(qw/user store/) }
-
-use overload '""' => sub { shift->stringify }, fallback => 1;
-
-my %_ldap_connection_passwords; # Store inside-out so that they don't show up
- # in dumps..
-
-=head1 METHODS
-
-=head2 new($store, $user, $c)
-
-Takes a L<Catalyst::Authentication::Store::LDAP::Backend> object
-as $store, and the data structure returned by that class's "get_user"
-method as $user. The final argument is an instance of your application,
-which is passed along for those wanting to subclass User and perhaps use
-models for fetching data.
-
-Returns a L<Catalyst::Authentication::Store::LDAP::User> object.
-
-=cut
-
-sub new {
- my ( $class, $store, $user, $c ) = @_;
-
- return unless $user;
-
- bless { store => $store, user => $user, }, $class;
-}
-
-=head2 id
-
-Returns the results of the "stringify" method.
-
-=cut
-
-sub id {
- my $self = shift;
- return $self->stringify;
-}
-
-=head2 stringify
-
-Uses the "user_field" configuration option to determine what the "username"
-of this object is, and returns it.
-
-If you use the special value "dn" for user_field, it will return the DN
-of the L<Net::LDAP::Entry> object.
-
-=cut
-
-sub stringify {
- my ($self) = @_;
- my $userfield = $self->store->user_field;
- $userfield = $$userfield[0] if ref $userfield eq 'ARRAY';
- if ( $userfield eq "dn" ) {
- my ($string) = $self->user->ldap_entry->dn;
- return $string;
- }
- else {
- my $val = $self->$userfield;
- return ref($val) eq 'ARRAY' ? $val->[0] : $val;
- }
-}
-
-=head2 supported_features
-
-Returns hashref of features that this Authentication::User subclass supports.
-
-=cut
-
-sub supported_features {
- return {
- password => { self_check => 1, },
- session => 1,
- roles => { self_check => 0, },
- };
-}
-
-=head2 check_password($password)
-
-Bind's to the directory as the DN of the internal L<Net::LDAP::Entry> object,
-using the bind password supplied in $password. Returns 1 on a successful
-bind, 0 on failure.
-
-=cut
-
-sub check_password {
- my ( $self, $password ) = @_;
- my $ldap
- = $self->store->ldap_bind( undef, $self->ldap_entry->dn, $password,
- 'forauth' );
- if ( defined($ldap) ) {
- if ($self->store->role_search_as_user) {
- # FIXME - This can be removed and made to use the code below..
- # Have to do the role lookup _now_, as this is the only time
- # that we have the user's password/ldap bind..
- $self->roles($ldap);
- }
- # Stash a closure which can be used to retrieve the connection in the users context later.
- $_ldap_connection_passwords{refaddr($self)} = $password;
- return 1;
- }
- else {
- return 0;
- }
-}
-
-=head2 roles
-
-Returns the results of L<Catalyst::Authentication::Store::LDAP::Backend>'s "lookup_roles" method, an array of roles that are valid for this user.
-
-=cut
-
-sub roles {
- my $self = shift;
- my $ldap = shift;
- $self->{_roles} ||= [$self->store->lookup_roles($self, $ldap)];
- return @{$self->{_roles}};
-}
-
-=head2 for_session
-
-Returns the User object, stringified.
-
-=cut
-
-sub for_session {
- my $self = shift;
- return $self->stringify;
-}
-
-=head2 ldap_entry
-
-Returns the raw ldap_entry.
-
-=cut
-
-sub ldap_entry {
- my $self = shift;
- return $self->user->{'ldap_entry'};
-}
-
-=head2 attributes($type)
-
-Returns an array of attributes present for this user. If $type is "ashash",
-it will return a hash with the attribute names as keys. (And the values of
-those attributes as, well, the values of the hash)
-
-=cut
-
-sub attributes {
- my ( $self, $type ) = @_;
- if ( $type eq "ashash" ) {
- return $self->user->{'attributes'};
- }
- else {
- return keys( %{ $self->user->{'attributes'} } );
- }
-}
-
-=head2 has_attribute
-
-Returns the values for an attribute, or undef if that attribute is not present.
-The safest way to get at an attribute.
-
-=cut
-
-sub has_attribute {
- my ( $self, $attribute ) = @_;
- if ( !defined($attribute) ) {
- Catalyst::Exception->throw(
- "You must provide an attribute to has_attribute!");
- }
- if ( $attribute eq "dn" ) {
- return $self->ldap_entry->dn;
- }
- elsif ( $attribute eq "username" ) {
- return $self->user->{'attributes'}->{$self->store->user_field};
- }
- elsif ( exists( $self->user->{'attributes'}->{$attribute} ) ) {
- return $self->user->{'attributes'}->{$attribute};
- }
- else {
- return undef;
- }
-}
-
-=head2 get
-
-A simple wrapper around has_attribute() to satisfy the Catalyst::Authentication::User API.
-
-=cut
-
-sub get { return shift->has_attribute(@_) }
-
-=head2 get_object
-
-Satisfies the Catalyst::Authentication::User API and returns the contents of the user()
-attribute.
-
-=cut
-
-sub get_object { return shift->user }
-
-=head2 ldap_connection
-
-Re-binds to the auth store with the credentials of the user you logged in
-as, and returns a L<Net::LDAP> object which you can use to do further queries.
-
-=cut
-
-sub ldap_connection {
- my $self = shift;
- $self->store->ldap_bind( undef, $self->ldap_entry->dn,
- $_ldap_connection_passwords{refaddr($self)} );
-}
-
-=head2 AUTOLOADed methods
-
-We automatically map the attributes of the underlying L<Net::LDAP::Entry>
-object to read-only accessor methods. So, if you have an entry that looks
-like this one:
-
- dn: cn=adam,ou=users,dc=yourcompany,dc=com
- cn: adam
- loginShell: /bin/zsh
- homeDirectory: /home/adam
- gecos: Adam Jacob
- gidNumber: 100
- uidNumber: 1053
- mail: adam at yourcompany.com
- uid: adam
- givenName: Adam
- sn: Jacob
- objectClass: inetOrgPerson
- objectClass: organizationalPerson
- objectClass: Person
- objectClass: Top
- objectClass: posixAccount
-
-You can call:
-
- $c->user->homedirectory
-
-And you'll get the value of the "homeDirectory" attribute. Note that
-all the AUTOLOADed methods are automatically lower-cased.
-
-=head2 Special Keywords
-
-The highly useful and common method "username" will map to the configured
-value of user_field (uid by default.)
-
- $c->user->username == $c->user->uid
-
-=cut
-
-sub DESTROY {
- my $self = shift;
- # Don't leak passwords..
- delete $_ldap_connection_passwords{refaddr($self)};
-}
-
-sub can {
- my ($self, $method) = @_;
-
- return $self->SUPER::can($method) || do {
- return unless $self->has_attribute($method);
- return sub { $_[0]->has_attribute($method) };
- };
-}
-
-sub AUTOLOAD {
- my $self = shift;
-
- ( my $method ) = ( our $AUTOLOAD =~ /([^:]+)$/ );
-
- if ( $method eq "DESTROY" ) {
- return;
- }
-
- if ( my $attribute = $self->has_attribute($method) ) {
- return $attribute;
- }
- else {
- Catalyst::Exception->throw(
- "No attribute $method for User " . $self->stringify );
- }
-}
-
-1;
-
-__END__
-
-=head1 AUTHORS
-
-Adam Jacob <holoway at cpan.org>
-
-Some parts stolen shamelessly and entirely from
-L<Catalyst::Plugin::Authentication::Store::Htpasswd>.
-
-Currently maintained by Peter Karman <karman at cpan.org>.
-
-=head1 THANKS
-
-To nothingmuch, ghenry, castaway and the rest of #catalyst for the help. :)
-
-=head1 SEE ALSO
-
-L<Catalyst::Authentication::Store::LDAP>, L<Catalyst::Authentication::Store::LDAP::Backend>, L<Catalyst::Plugin::Authentication>, L<Net::LDAP>
-
-=head1 COPYRIGHT & LICENSE
-
-Copyright (c) 2005 the aforementioned authors. All rights
-reserved. This program is free software; you can redistribute
-it and/or modify it under the same terms as Perl itself.
-
-=cut
-
Deleted: Catalyst-Authentication-Store-LDAP/trunk/lib/Catalyst/Authentication/Store/LDAP.pm
===================================================================
--- Catalyst-Authentication-Store-LDAP/trunk/lib/Catalyst/Authentication/Store/LDAP.pm 2014-12-29 21:30:12 UTC (rev 14557)
+++ Catalyst-Authentication-Store-LDAP/trunk/lib/Catalyst/Authentication/Store/LDAP.pm 2015-02-20 16:59:17 UTC (rev 14558)
@@ -1,359 +0,0 @@
-package Catalyst::Authentication::Store::LDAP;
-
-use strict;
-use warnings;
-
-our $VERSION = '1.014';
-
-use Catalyst::Authentication::Store::LDAP::Backend;
-
-sub new {
- my ( $class, $config, $app ) = @_;
- return Catalyst::Authentication::Store::LDAP::Backend->new(
- $config);
-}
-
-1;
-
-__END__
-
-=pod
-
-=head1 NAME
-
-Catalyst::Authentication::Store::LDAP
- - Authentication from an LDAP Directory.
-
-=head1 SYNOPSIS
-
- use Catalyst qw(
- Authentication
- );
-
- __PACKAGE__->config(
- 'authentication' => {
- default_realm => "ldap",
- realms => {
- ldap => {
- credential => {
- class => "Password",
- password_field => "password",
- password_type => "self_check",
- },
- store => {
- binddn => "anonymous",
- bindpw => "dontcarehow",
- class => "LDAP",
- ldap_server => "ldap.yourcompany.com",
- ldap_server_options => { timeout => 30 },
- role_basedn => "ou=groups,ou=OxObjects,dc=yourcompany,dc=com",
- role_field => "uid",
- role_filter => "(&(objectClass=posixGroup)(memberUid=%s))",
- role_scope => "one",
- role_search_options => { deref => "always" },
- role_value => "dn",
- role_search_as_user => 0,
- start_tls => 1,
- start_tls_options => { verify => "none" },
- entry_class => "MyApp::LDAP::Entry",
- use_roles => 1,
- user_basedn => "ou=people,dc=yourcompany,dc=com",
- user_field => "uid",
- user_filter => "(&(objectClass=posixAccount)(uid=%s))",
- user_scope => "one", # or "sub" for Active Directory
- user_search_options => { deref => "always" },
- user_results_filter => sub { return shift->pop_entry },
- },
- },
- },
- },
- );
-
- sub login : Global {
- my ( $self, $c ) = @_;
-
- $c->authenticate({
- id => $c->req->param("login"),
- password => $c->req->param("password")
- });
- $c->res->body("Welcome " . $c->user->username . "!");
- }
-
-=head1 DESCRIPTION
-
-This plugin implements the L<Catalyst::Authentication> v.10 API. Read that documentation first if
-you are upgrading from a previous version of this plugin.
-
-This plugin uses C<Net::LDAP> to let your application authenticate against
-an LDAP directory. It has a pretty high degree of flexibility, given the
-wide variation of LDAP directories and schemas from one system to another.
-
-It authenticates users in two steps:
-
-1) A search of the directory is performed, looking for a user object that
- matches the username you pass. This is done with the bind credentials
- supplied in the "binddn" and "bindpw" configuration options.
-
-2) If that object is found, we then re-bind to the directory as that object.
- Assuming this is successful, the user is Authenticated.
-
-=head1 CONFIGURATION OPTIONS
-
-=head2 Configuring with YAML
-
-Set Configuration to be loaded via Config.yml in YourApp.pm
-
- use YAML qw(LoadFile);
- use Path::Class 'file';
-
- __PACKAGE__->config(
- LoadFile(
- file(__PACKAGE__->config->{home}, 'Config.yml')
- )
- );
-
-Settings in Config.yml (adapt these to whatever configuration format you use):
-
- # Config for Store::LDAP
- authentication:
- default_realm: ldap
- realms:
- ldap:
- credential:
- class: Password
- password_field: password
- password_type: self_check
- store:
- class: LDAP
- ldap_server: ldap.yourcompany.com
- ldap_server_options:
- timeout: 30
- binddn: anonymous
- bindpw: dontcarehow
- start_tls: 1
- start_tls_options:
- verify: none
- user_basedn: ou=people,dc=yourcompany,dc=com
- user_filter: (&(objectClass=posixAccount)(uid=%s))
- user_scope: one
- user_field: uid
- user_search_options:
- deref: always
- use_roles: 1
- role_basedn: ou=groups,ou=OxObjects,dc=yourcompany,dc=com
- role_filter: (&(objectClass=posixGroup)(memberUid=%s))
- role_scope: one
- role_field: uid
- role_value: dn
- role_search_options:
- deref: always
-
-
-B<NOTE:> The settings above reflect the default values for OpenLDAP. If you
-are using Active Directory instead, Matija Grabnar suggests that the following
-tweeks to the example configuration will work:
-
- user_basedn: ou=Domain Users,ou=Accounts,dc=mycompany,dc=com
- user_field: samaccountname
- user_filter: (sAMAccountName=%s)
- user_scope: sub
-
-He also notes: "I found the case in the value of user_field to be significant:
-it didn't seem to work when I had the mixed case value there."
-
-=head2 ldap_server
-
-This should be the hostname of your LDAP server.
-
-=head2 ldap_server_options
-
-This should be a hashref containing options to pass to L<Net::LDAP>->new().
-See L<Net::LDAP> for the full list.
-
-=head2 binddn
-
-This should be the DN of the object you wish to bind to the directory as
-during the first phase of authentication. (The user lookup phase)
-
-If you supply the value "anonymous" to this option, we will bind anonymously
-to the directory. This is the default.
-
-=head2 bindpw
-
-This is the password for the initial bind.
-
-=head2 start_tls
-
-If this is set to 1, we will convert the LDAP connection to use SSL.
-
-=head2 start_tls_options
-
-This is a hashref, which contains the arguments to the L<Net::LDAP> start_tls
-method. See L<Net::LDAP> for the complete list of options.
-
-=head2 user_basedn
-
-This is the basedn for the initial user lookup. Usually points to the
-top of your "users" branch; ie "ou=people,dc=yourcompany,dc=com".
-
-=head2 user_filter
-
-This is the LDAP Search filter used during user lookup. The special string
-'%s' will be replaced with the username you pass to $c->login. By default
-it is set to '(uid=%s)'. Other possibly useful filters:
-
- (&(objectClass=posixAccount)(uid=%s))
- (&(objectClass=User)(cn=%s))
-
-=head2 user_scope
-
-This specifies the scope of the search for the initial user lookup. Valid
-values are "base", "one", and "sub". Defaults to "sub".
-
-=head2 user_field
-
-This is the attribute of the returned LDAP object we will use for their
-"username". This defaults to "uid". If you had user_filter set to:
-
- (&(objectClass=User)(cn=%s))
-
-You would probably set this to "cn". You can also set it to an array,
-to allow more than one login field. The first field will be returned
-as identifier for the user.
-
-=head2 user_search_options
-
-This takes a hashref. It will append it's values to the call to
-L<Net::LDAP>'s "search" method during the initial user lookup. See
-L<Net::LDAP> for valid options.
-
-Be careful not to specify:
-
- filter
- scope
- base
-
-As they are already taken care of by other configuration options.
-
-=head2 user_results_filter
-
-This is a Perl CODE ref that can be used to filter out multiple results
-from your LDAP query. In theory, your LDAP query should only return one result
-and find_user() will throw an exception if it encounters more than one result.
-However, if you have, for whatever reason, a legitimate reason for returning
-multiple search results from your LDAP query, use C<user_results_filter> to filter
-out the LDAP entries you do not want considered. Your CODE ref should expect
-a single argument, a Net::LDAP::Search object, and it should return exactly one
-value, a Net::LDAP::Entry object.
-
-Example:
-
- user_results_filter => sub {
- my $search_obj = shift;
- foreach my $entry ($search_obj->entries) {
- return $entry if my_match_logic( $entry );
- }
- return undef; # i.e., no match
- }
-
-=head2 use_roles
-
-Whether or not to enable role lookups. It defaults to true; set it to 0 if
-you want to always avoid role lookups.
-
-=head2 role_basedn
-
-This should be the basedn where the LDAP Objects representing your roles are.
-
-=head2 role_filter
-
-This should be the LDAP Search filter to use during the role lookup. It
-defaults to '(memberUid=%s)'. The %s in this filter is replaced with the value
-of the "role_value" configuration option.
-
-So, if you had a role_value of "cn", then this would be populated with the cn
-of the User's LDAP object. The special case is a role_value of "dn", which
-will be replaced with the User's DN.
-
-=head2 role_scope
-
-This specifies the scope of the search for the user's role lookup. Valid
-values are "base", "one", and "sub". Defaults to "sub".
-
-=head2 role_field
-
-Should be set to the Attribute of the Role Object's returned during Role lookup you want to use as the "name" of the role. Defaults to "CN".
-
-=head2 role_value
-
-This is the attribute of the User object we want to use in our role_filter.
-If this is set to "dn", we will use the User Objects DN.
-
-=head2 role_search_options
-
-This takes a hashref. It will append it's values to the call to
-L<Net::LDAP>'s "search" method during the user's role lookup. See
-L<Net::LDAP> for valid options.
-
-Be careful not to specify:
-
- filter
- scope
- base
-
-As they are already taken care of by other configuration options.
-
-=head2 role_search_as_user
-
-By default this setting is false, and the role search will be performed
-by binding to the directory with the details in the I<binddn> and I<bindpw>
-fields. If this is set to false, then the role search will instead be
-performed when bound as the user you authenticated as.
-
-=head2 entry_class
-
-The name of the class of LDAP entries returned. This class should
-exist and is expected to be a subclass of Net::LDAP::Entry
-
-=head2 user_class
-
-The name of the class of user object returned. By default, this is
-L<Catalyst::Authentication::Store::LDAP::User>.
-
-=head1 METHODS
-
-=head2 new
-
-This method will populate
-L<Catalyst::Plugin::Authentication/default_auth_store> with this object.
-
-=head1 AUTHORS
-
-Adam Jacob <holoway at cpan.org>
-
-Some parts stolen shamelessly and entirely from
-L<Catalyst::Plugin::Authentication::Store::Htpasswd>.
-
-Currently maintained by Peter Karman <karman at cpan.org>.
-
-=head1 THANKS
-
-To nothingmuch, ghenry, castaway and the rest of #catalyst for the help. :)
-
-=head1 SEE ALSO
-
-L<Catalyst::Authentication::Store::LDAP>,
-L<Catalyst::Authentication::Store::LDAP::User>,
-L<Catalyst::Authentication::Store::LDAP::Backend>,
-L<Catalyst::Plugin::Authentication>,
-L<Net::LDAP>
-
-=head1 COPYRIGHT & LICENSE
-
-Copyright (c) 2005 the aforementioned authors. All rights
-reserved. This program is free software; you can redistribute
-it and/or modify it under the same terms as Perl itself.
-
-=cut
-
-
Deleted: Catalyst-Authentication-Store-LDAP/trunk/t/01-basic.t
===================================================================
--- Catalyst-Authentication-Store-LDAP/trunk/t/01-basic.t 2014-12-29 21:30:12 UTC (rev 14557)
+++ Catalyst-Authentication-Store-LDAP/trunk/t/01-basic.t 2015-02-20 16:59:17 UTC (rev 14558)
@@ -1,9 +0,0 @@
-use strict;
-use Test::More tests => 2;
-use_ok('Catalyst');
-use_ok('Catalyst::Authentication::Store::LDAP');
-
-diag("Testing Catalyst::Authentication::Store::LDAP version " .
- $Catalyst::Authentication::Store::LDAP::VERSION);
-diag("Testing Catalyst version " . $Catalyst::VERSION);
-
Deleted: Catalyst-Authentication-Store-LDAP/trunk/t/02-realms_api.t
===================================================================
--- Catalyst-Authentication-Store-LDAP/trunk/t/02-realms_api.t 2014-12-29 21:30:12 UTC (rev 14557)
+++ Catalyst-Authentication-Store-LDAP/trunk/t/02-realms_api.t 2015-02-20 16:59:17 UTC (rev 14558)
@@ -1,37 +0,0 @@
-#!/usr/bin/perl
-
-use strict;
-use warnings;
-use Catalyst::Exception;
-
-use Test::More tests => 5;
-use lib 't/lib';
-use LDAPTest;
-my $server = LDAPTest::spawn_server();
-
-use_ok("Catalyst::Authentication::Store::LDAP::Backend");
-
-my $back = Catalyst::Authentication::Store::LDAP::Backend->new(
- { 'ldap_server' => LDAPTest::server_host(),
-
- # can test the timeout SKIP with this
- 'ldap_server_options' =>
- { timeout => -1, debug => $ENV{PERL_DEBUG} || 0 },
-
- 'binddn' => 'anonymous',
- 'bindpw' => 'dontcarehow',
- 'start_tls' => 0,
- 'user_basedn' => 'ou=foobar',
- 'user_filter' => '(&(objectClass=person)(uid=%s))',
- 'user_scope' => 'one',
- 'user_field' => 'uid',
- 'use_roles' => 0,
- }
-);
-
-isa_ok( $back, "Catalyst::Authentication::Store::LDAP::Backend" );
-ok( my $user = $back->find_user( { username => 'somebody' } ), "find_user" );
-isa_ok( $user, "Catalyst::Authentication::Store::LDAP::User" );
-my $displayname = $user->displayname;
-cmp_ok( $displayname, 'eq', 'Some Body', 'Should be Some Body' );
-
Deleted: Catalyst-Authentication-Store-LDAP/trunk/t/03-entry_class.t
===================================================================
--- Catalyst-Authentication-Store-LDAP/trunk/t/03-entry_class.t 2014-12-29 21:30:12 UTC (rev 14557)
+++ Catalyst-Authentication-Store-LDAP/trunk/t/03-entry_class.t 2015-02-20 16:59:17 UTC (rev 14558)
@@ -1,45 +0,0 @@
-#!/usr/bin/perl
-
-use strict;
-use warnings;
-use Catalyst::Exception;
-
-use Test::More tests => 6;
-use lib 't/lib';
-use LDAPTest;
-
-SKIP: {
-
- eval "use Catalyst::Model::LDAP";
- if ($@) {
- skip "Catalyst::Model::LDAP not installed", 6;
- }
-
- my $server = LDAPTest::spawn_server();
-
- use_ok("Catalyst::Authentication::Store::LDAP::Backend");
-
- my $back = Catalyst::Authentication::Store::LDAP::Backend->new(
- { 'ldap_server' => LDAPTest::server_host(),
- 'binddn' => 'anonymous',
- 'bindpw' => 'dontcarehow',
- 'start_tls' => 0,
- 'user_basedn' => 'ou=foobar',
- 'user_filter' => '(&(objectClass=person)(uid=%s))',
- 'user_scope' => 'one',
- 'user_field' => 'uid',
- 'use_roles' => 0,
- 'entry_class' => 'EntryClass',
- }
- );
-
- isa_ok( $back, "Catalyst::Authentication::Store::LDAP::Backend" );
- my $user = $back->find_user( { username => 'somebody' } );
- isa_ok( $user, "Catalyst::Authentication::Store::LDAP::User" );
- my $displayname = $user->displayname;
- cmp_ok( $displayname, 'eq', 'Some Body', 'Should be Some Body' );
-
- isa_ok( $user->ldap_entry, "EntryClass", "entry_class works" );
- is( $user->ldap_entry->my_method, 1001, "methods on entry_class works" );
-
-}
Deleted: Catalyst-Authentication-Store-LDAP/trunk/t/04-user_class.t
===================================================================
--- Catalyst-Authentication-Store-LDAP/trunk/t/04-user_class.t 2014-12-29 21:30:12 UTC (rev 14557)
+++ Catalyst-Authentication-Store-LDAP/trunk/t/04-user_class.t 2015-02-20 16:59:17 UTC (rev 14558)
@@ -1,61 +0,0 @@
-#!/usr/bin/perl
-
-use strict;
-use warnings;
-use Catalyst::Exception;
-
-use Test::More tests => 8;
-use lib 't/lib';
-use LDAPTest;
-use Storable qw/ freeze /;
-use Test::Exception;
-
-SKIP: {
-
- eval "use Catalyst::Model::LDAP";
- if ($@) {
- skip "Catalyst::Model::LDAP not installed", 8;
- }
-
- my $server = LDAPTest::spawn_server();
-
- use_ok("Catalyst::Authentication::Store::LDAP::Backend");
-
- my $back = Catalyst::Authentication::Store::LDAP::Backend->new(
- { 'ldap_server' => LDAPTest::server_host(),
- 'binddn' => 'anonymous',
- 'bindpw' => 'dontcarehow',
- 'start_tls' => 0,
- 'user_basedn' => 'ou=foobar',
- 'user_filter' => '(&(objectClass=person)(uid=%s))',
- 'user_scope' => 'one',
- 'user_field' => 'uid',
- 'use_roles' => 0,
- 'user_class' => 'UserClass',
- }
- );
-
- isa_ok( $back, "Catalyst::Authentication::Store::LDAP::Backend" );
- my $user = $back->find_user( { username => 'somebody' } );
- isa_ok( $user, "Catalyst::Authentication::Store::LDAP::User" );
- isa_ok( $user, "UserClass");
-
- is( $user->my_method, 'frobnitz', "methods on user class work" );
-
- # RT 69615
- diag("stop() server");
- $server->stop();
-
- $server = LDAPTest::spawn_server();
- ok $user->check_password('foo'), 'Can check password';
-
- my $frozen_user;
- lives_ok { $frozen_user = freeze $user } 'Can freeze user with Storable';
- ok $frozen_user, 'is frozen';
-
- # RT 69615
- diag("stop() server");
- $server->stop();
-
-}
-
Deleted: Catalyst-Authentication-Store-LDAP/trunk/t/05-user_attributes.t
===================================================================
--- Catalyst-Authentication-Store-LDAP/trunk/t/05-user_attributes.t 2014-12-29 21:30:12 UTC (rev 14557)
+++ Catalyst-Authentication-Store-LDAP/trunk/t/05-user_attributes.t 2015-02-20 16:59:17 UTC (rev 14558)
@@ -1,53 +0,0 @@
-#!/usr/bin/perl
-
-use strict;
-use warnings;
-use Catalyst::Exception;
-
-use Test::More tests => 9;
-use lib 't/lib';
-use LDAPTest;
-
-SKIP: {
-
- eval "use Catalyst::Model::LDAP";
- if ($@) {
- skip "Catalyst::Model::LDAP not installed", 9;
- }
-
- my $server = LDAPTest::spawn_server();
-
- use_ok("Catalyst::Authentication::Store::LDAP::Backend");
-
- my $back = Catalyst::Authentication::Store::LDAP::Backend->new(
- { 'ldap_server' => LDAPTest::server_host(),
- 'binddn' => 'anonymous',
- 'bindpw' => 'dontcarehow',
- 'start_tls' => 0,
- 'user_basedn' => 'ou=foobar',
- 'user_filter' => '(&(objectClass=person)(uid=%s))',
- 'user_scope' => 'one',
- 'user_field' => 'uid',
- 'use_roles' => 0,
- 'entry_class' => 'EntryClass',
- }
- );
-
- isa_ok( $back, "Catalyst::Authentication::Store::LDAP::Backend" );
- my $user = $back->find_user( { username => 'somebody' } );
- isa_ok( $user, "Catalyst::Authentication::Store::LDAP::User" );
-
- #Check DN
- ok $user->dn,"Get DN from AUTOLOAD"; #THIS ONLY WORKS BECAUSE dn is included as a user attribute in the test LDAP server.
- ok defined $user->has_attribute('dn'),"Get dn from has_attribute";
-
- #Check Username
- ok $user->username, "Get username from AUTOLOAD";
- ok defined $user->has_attribute('username'),"Get username from has_attribute";
-
- #Make sure both methods match output
- ok $user->username eq $user->has_attribute('username'),"username from AUTOLOAD and has_attribute should match";
- ok $user->dn eq $user->has_attribute('dn'),"dn from AUTOLOAD and has_attribute should match";
-
-
-}
Deleted: Catalyst-Authentication-Store-LDAP/trunk/t/06-user_autoload.t
===================================================================
--- Catalyst-Authentication-Store-LDAP/trunk/t/06-user_autoload.t 2014-12-29 21:30:12 UTC (rev 14557)
+++ Catalyst-Authentication-Store-LDAP/trunk/t/06-user_autoload.t 2015-02-20 16:59:17 UTC (rev 14558)
@@ -1,26 +0,0 @@
-use strict;
-use warnings;
-use Test::More;
-
-use Catalyst::Authentication::Store::LDAP::User;
-
-my $message = 'I exist';
-
-{
- package TestUser;
- use base 'Catalyst::Authentication::Store::LDAP::User';
- sub has_attribute {
- return unless pop eq 'exists';
- return $message;
- }
-}
-
-my $o = bless {}, 'TestUser';
-
-is($o->exists, $message, 'AUTOLOAD proxies ok');
-
-ok(my $meth = $o->can('exists'), 'can returns true');
-
-is($o->$meth, $message, 'can returns right coderef');
-
-done_testing;;
Deleted: Catalyst-Authentication-Store-LDAP/trunk/t/10-roles-mock.t
===================================================================
--- Catalyst-Authentication-Store-LDAP/trunk/t/10-roles-mock.t 2014-12-29 21:30:12 UTC (rev 14557)
+++ Catalyst-Authentication-Store-LDAP/trunk/t/10-roles-mock.t 2015-02-20 16:59:17 UTC (rev 14558)
@@ -1,114 +0,0 @@
-#!/usr/bin/perl
-
-use strict;
-use warnings;
-use Catalyst::Exception;
-
-use Test::More tests => 11;
-use Test::MockObject::Extends;
-use Test::Exception;
-use Net::LDAP::Entry;
-use lib 't/lib';
-
-SKIP: {
-
- eval "use Catalyst::Model::LDAP";
- if ($@) {
- skip "Catalyst::Model::LDAP not installed", 11;
- }
-
- use_ok("Catalyst::Authentication::Store::LDAP::Backend");
-
- my (@searches, @binds);
- for my $i (0..1) {
-
- my $back = Catalyst::Authentication::Store::LDAP::Backend->new({
- 'ldap_server' => 'ldap://127.0.0.1:555',
- 'binddn' => 'anonymous',
- 'bindpw' => 'dontcarehow',
- 'start_tls' => 0,
- 'user_basedn' => 'ou=foobar',
- 'user_filter' => '(&(objectClass=inetOrgPerson)(uid=%s))',
- 'user_scope' => 'one',
- 'user_field' => 'uid',
- 'use_roles' => 1,
- 'role_basedn' => 'ou=roles',
- 'role_filter' => '(&(objectClass=posixGroup)(memberUid=%s))',
- 'role_scope' => 'one',
- 'role_field' => 'userinrole',
- 'role_value' => 'cn',
- 'role_search_as_user' => $i,
- });
- $back = Test::MockObject::Extends->new($back);
- my $bind_msg = Test::MockObject->new;
- $bind_msg->mock(is_error => sub {}); # Cause bind call to always succeed
- my $ldap = Test::MockObject->new;
- $ldap->mock('bind', sub { shift; push (@binds, [@_]); return $bind_msg});
- $ldap->mock('unbind' => sub {});
- $ldap->mock('disconnect' => sub {});
- my $search_res = Test::MockObject->new();
- my $search_is_error = 0;
- $search_res->mock(is_error => sub { $search_is_error });
- $search_res->mock(entries => sub {
- return map
- { my $id = $_;
- Test::MockObject->new->mock(
- get_value => sub { "quux$id" }
- )
- }
- qw/one two/
- });
- my @user_entries;
- $search_res->mock(pop_entry => sub { return pop @user_entries });
- $ldap->mock('search', sub { shift; push(@searches, [@_]); return $search_res; });
- $back->mock('ldap_connect' => sub { $ldap });
- my $user_entry = Net::LDAP::Entry->new;
- push(@user_entries, $user_entry);
- $user_entry->dn('ou=foobar');
- $user_entry->add(
- uid => 'somebody',
- cn => 'test',
- );
- my $user = $back->find_user( { username => 'somebody' } );
- isa_ok( $user, "Catalyst::Authentication::Store::LDAP::User" );
- $user->check_password('password');
- is_deeply( [sort $user->roles],
- [sort qw/quuxone quuxtwo/],
- "User has the expected set of roles" );
-
- $search_is_error = 1;
- lives_ok {
- ok !$back->find_user( { username => 'doesnotexist' } ),
- 'Nonexistent user returns undef';
- } 'No exception thrown for nonexistent user';
-
- }
- is_deeply(\@searches, [
- ['base', 'ou=foobar', 'filter', '(&(objectClass=inetOrgPerson)(uid=somebody))', 'scope', 'one'],
- ['base', 'ou=roles', 'filter', '(&(objectClass=posixGroup)(memberUid=test))', 'scope', 'one', 'attrs', [ 'userinrole' ]],
- ['base', 'ou=foobar', 'filter', '(&(objectClass=inetOrgPerson)(uid=doesnotexist))', 'scope', 'one'],
- ['base', 'ou=foobar', 'filter', '(&(objectClass=inetOrgPerson)(uid=somebody))', 'scope', 'one'],
- ['base', 'ou=roles', 'filter', '(&(objectClass=posixGroup)(memberUid=test))', 'scope', 'one', 'attrs', [ 'userinrole' ]],
- ['base', 'ou=foobar', 'filter', '(&(objectClass=inetOrgPerson)(uid=doesnotexist))', 'scope', 'one'],
- ], 'User searches as expected');
- is_deeply(\@binds, [
- [ undef ], # First user search
- [
- 'ou=foobar',
- 'password',
- 'password'
- ], # Rebind to confirm user
- [
- undef
- ], # Rebind with initial credentials to find roles
- [ undef ], # Second user search
- # 2nd pass round main loop
- [ undef ], # First user search
- [
- 'ou=foobar',
- 'password',
- 'password'
- ], # Rebind to confirm user _and_ lookup roles;
- [ undef ], # Second user search
- ], 'Binds as expected');
-}
Deleted: Catalyst-Authentication-Store-LDAP/trunk/t/50.auth.case.sensitivity.t
===================================================================
--- Catalyst-Authentication-Store-LDAP/trunk/t/50.auth.case.sensitivity.t 2014-12-29 21:30:12 UTC (rev 14557)
+++ Catalyst-Authentication-Store-LDAP/trunk/t/50.auth.case.sensitivity.t 2015-02-20 16:59:17 UTC (rev 14558)
@@ -1,37 +0,0 @@
-#!/usr/bin/env perl
-# vim: ts=8 sts=4 et sw=4 sr sta
-use strict;
-use warnings;
-use Catalyst::Exception;
-
-use Test::More tests => 4;
-
-use lib 't/lib';
-use LDAPTest;
-
-my $server = LDAPTest::spawn_server();
-
-use_ok("Catalyst::Authentication::Store::LDAP::Backend");
-
-my $back = Catalyst::Authentication::Store::LDAP::Backend->new(
- { 'ldap_server' => LDAPTest::server_host(),
-
- # can test the timeout SKIP with this
- 'ldap_server_options' =>
- { timeout => -1, debug => $ENV{PERL_DEBUG} || 0 },
-
- 'binddn' => 'anonymous',
- 'bindpw' => 'dontcarehow',
- 'start_tls' => 0,
- 'user_basedn' => 'ou=foobar',
- 'user_filter' => '(&(objectClass=person)(uid=%s))',
- 'user_scope' => 'one',
- 'user_field' => 'uid',
- 'use_roles' => 0,
- }
-);
-isa_ok( $back, "Catalyst::Authentication::Store::LDAP::Backend" );
-
-ok( my $user_mixed = $back->find_user( { username => 'SOmeBOdy' } ), "find_user (mixed case)" );
-isa_ok( $user_mixed, "Catalyst::Authentication::Store::LDAP::User" );
-
Deleted: Catalyst-Authentication-Store-LDAP/trunk/t/lib/EntryClass.pm
===================================================================
--- Catalyst-Authentication-Store-LDAP/trunk/t/lib/EntryClass.pm 2014-12-29 21:30:12 UTC (rev 14557)
+++ Catalyst-Authentication-Store-LDAP/trunk/t/lib/EntryClass.pm 2015-02-20 16:59:17 UTC (rev 14558)
@@ -1,8 +0,0 @@
-package EntryClass;
-
-use base qw( Catalyst::Model::LDAP::Entry );
-
-sub my_method {
- return 1001;
-}
-1;
Deleted: Catalyst-Authentication-Store-LDAP/trunk/t/lib/LDAPTest.pm
===================================================================
--- Catalyst-Authentication-Store-LDAP/trunk/t/lib/LDAPTest.pm 2014-12-29 21:30:12 UTC (rev 14557)
+++ Catalyst-Authentication-Store-LDAP/trunk/t/lib/LDAPTest.pm 2015-02-20 16:59:17 UTC (rev 14558)
@@ -1,26 +0,0 @@
-# local test ldap server
-
-package LDAPTest;
-
-use Net::LDAP::Server::Test;
-use Net::LDAP::Entry;
-
-sub server_port {10636}
-sub server_host { 'ldap://127.0.0.1:' . server_port() }
-
-sub spawn_server {
- my @mydata;
- my $entry = Net::LDAP::Entry->new;
- $entry->dn('ou=foobar');
- $entry->add(
- dn => 'ou=foobar',
- uid => 'somebody',
- displayName => 'Some Body',
- cn => [qw(value1 value2)]
- );
- push @mydata, $entry;
-
- return Net::LDAP::Server::Test->new( server_port(), data => \@mydata );
-}
-
-1;
Deleted: Catalyst-Authentication-Store-LDAP/trunk/t/lib/UserClass.pm
===================================================================
--- Catalyst-Authentication-Store-LDAP/trunk/t/lib/UserClass.pm 2014-12-29 21:30:12 UTC (rev 14557)
+++ Catalyst-Authentication-Store-LDAP/trunk/t/lib/UserClass.pm 2015-02-20 16:59:17 UTC (rev 14558)
@@ -1,10 +0,0 @@
-package UserClass;
-use strict;
-use warnings;
-use base qw( Catalyst::Authentication::Store::LDAP::User );
-
-sub my_method {
- return 'frobnitz';
-}
-
-1;
Deleted: Catalyst-Authentication-Store-LDAP/trunk/t/pod-coverage.t
===================================================================
--- Catalyst-Authentication-Store-LDAP/trunk/t/pod-coverage.t 2014-12-29 21:30:12 UTC (rev 14557)
+++ Catalyst-Authentication-Store-LDAP/trunk/t/pod-coverage.t 2015-02-20 16:59:17 UTC (rev 14558)
@@ -1,6 +0,0 @@
-#!perl -T
-
-use Test::More;
-eval "use Test::Pod::Coverage 1.04";
-plan skip_all => "Test::Pod::Coverage 1.04 required for testing POD coverage" if $@;
-all_pod_coverage_ok({ also_private => ['can'] });
Deleted: Catalyst-Authentication-Store-LDAP/trunk/t/pod.t
===================================================================
--- Catalyst-Authentication-Store-LDAP/trunk/t/pod.t 2014-12-29 21:30:12 UTC (rev 14557)
+++ Catalyst-Authentication-Store-LDAP/trunk/t/pod.t 2015-02-20 16:59:17 UTC (rev 14558)
@@ -1,6 +0,0 @@
-#!perl -T
-
-use Test::More;
-eval "use Test::Pod 1.14";
-plan skip_all => "Test::Pod 1.14 required for testing POD" if $@;
-all_pod_files_ok();
More information about the Catalyst-commits
mailing list