FAQ
We are using Catalyst for an internal infrastructure management application.
Some of the data we want to manage lives in LDAP, and we already use LDAP for
authentication and roles in our application.

However, I would like to have the LDAP server do it's job in authorizing
access to some of this data, and I would also like to have LDAP-side auditing
(as direct LDAP access has to be available, doing it application-side would
miss any direct modifications).

So, I would prefer to have my Model::LDAP models (re-)bind as the
authenticated user.

So far I have stored the cleartext password in the session, after encrypting
it with the session key. Now, I would like to find some way of providing the
credentials to the model.

I wrote a connection_class for my models, but it seems that the
connection_class doesn't have access to the context, so I can't retrieve $c-
user->ldap_entry->dn or $c->sessionid().
Is there really no way to do this at present (without dumping Model::LDAP and
doing everything via Net::LDAP directly)?

Regards,
Buchan

Search Discussions

  • Daniel Westermann-Clark at Aug 7, 2008 at 5:27 pm

    On 2008-08-07 17:52:36 +0200, Buchan Milne wrote:
    So, I would prefer to have my Model::LDAP models (re-)bind as the
    authenticated user.

    I wrote a connection_class for my models, but it seems that the
    connection_class doesn't have access to the context, so I can't
    retrieve $c- >user->ldap_entry->dn or $c->sessionid().
    You can do this using an ACCEPT_CONTEXT method on your model class,
    which tells Catalyst that your model needs information about the
    current request to do its job.

    For example:

    package YourApp::Model::People;

    use base qw/Catalyst::Model::LDAP/;
    use Class::C3;

    __PACKAGE__->config(connection_class => 'YourApp::LDAP::Connection');

    sub ACCEPT_CONTEXT {
    my $self = shift;
    my $c = $_[0];

    my $conn = $self->next::method(@_);

    if ($conn->can('catalyst_user') and $c->user_exists) {
    $conn->catalyst_user($c->user);
    }

    return $conn;
    }

    1;

    In your connection class, you simply add an accessor for
    e.g. 'catalyst_user' and then use it in the bind step:

    YourApp::LDAP::Connection;

    use base qw/Catalyst::Model::LDAP::Connection/;
    use Authen::SASL qw/Perl/;
    use Class::C3;

    __PACKAGE__->mk_accessors(qw/catalyst_user/);

    sub bind {
    my ($self, %args) = @_;

    # Manipulate %args to include information from $self->catalyst_user

    return $self->next::method(%args);
    }

    1;

    Hope this helps!

    --
    Daniel Westermann-Clark
  • Peter Karman at Aug 11, 2008 at 5:49 pm

    On 08/07/2008 10:52 AM, Buchan Milne wrote:
    So far I have stored the cleartext password in the session, after encrypting
    it with the session key. Now, I would like to find some way of providing the
    credentials to the model.

    I wrote a connection_class for my models, but it seems that the
    connection_class doesn't have access to the context, so I can't retrieve $c-
    user->ldap_entry->dn or $c->sessionid().
    Is there really no way to do this at present (without dumping Model::LDAP and
    doing everything via Net::LDAP directly)?
    I am going to be doing something similar eventually using Net::LDAP::Class and either
    C::Model::LDAP or a CatalystX::CRUD::ModelAdapter::LDAP. You might look at
    Net::LDAP::Class to see if it makes what you're doing any easier.

    --
    Peter Karman . peter@peknet.com . http://peknet.com/
  • Matt S Trout at Aug 17, 2008 at 6:39 pm

    On Mon, Aug 11, 2008 at 11:49:00AM -0500, Peter Karman wrote:
    I am going to be doing something similar eventually using Net::LDAP::Class and either
    C::Model::LDAP or a CatalystX::CRUD::ModelAdapter::LDAP. You might look at
    Net::LDAP::Class to see if it makes what you're doing any easier.
    Damn. Net::LDAP::Class reserves ->meta for a crappy metadata object.

    Could that not be called metadata or something to make it easier to use
    with catamoose?

    --
    Matt S Trout Need help with your Catalyst or DBIx::Class project?
    Technical Director http://www.shadowcat.co.uk/catalyst/
    Shadowcat Systems Ltd. Want a managed development or deployment platform?
    http://chainsawblues.vox.com/ http://www.shadowcat.co.uk/servers/
  • Peter Karman at Aug 17, 2008 at 8:09 pm

    Matt S Trout wrote on 8/17/08 12:39 PM:
    On Mon, Aug 11, 2008 at 11:49:00AM -0500, Peter Karman wrote:
    I am going to be doing something similar eventually using Net::LDAP::Class and either
    C::Model::LDAP or a CatalystX::CRUD::ModelAdapter::LDAP. You might look at
    Net::LDAP::Class to see if it makes what you're doing any easier.
    Damn. Net::LDAP::Class reserves ->meta for a crappy metadata object.

    Could that not be called metadata or something to make it easier to use
    with catamoose?
    yes, it could. I'll change it for the next release.

    --
    Peter Karman . http://peknet.com/ . peter@peknet.com
  • Peter Karman at Aug 22, 2008 at 5:17 am

    Peter Karman wrote on 8/17/08 2:09 PM:

    Matt S Trout wrote on 8/17/08 12:39 PM:
    On Mon, Aug 11, 2008 at 11:49:00AM -0500, Peter Karman wrote:
    I am going to be doing something similar eventually using
    Net::LDAP::Class and either
    C::Model::LDAP or a CatalystX::CRUD::ModelAdapter::LDAP. You might
    look at
    Net::LDAP::Class to see if it makes what you're doing any easier.
    Damn. Net::LDAP::Class reserves ->meta for a crappy metadata object.

    Could that not be called metadata or something to make it easier to use
    with catamoose?
    yes, it could. I'll change it for the next release.
    Thanks for the feedback, Matt. Uploaded as 0.09.

    --
    Peter Karman . http://peknet.com/ . peter@peknet.com
  • Matt S Trout at Aug 22, 2008 at 3:44 pm

    On Thu, Aug 21, 2008 at 11:17:05PM -0500, Peter Karman wrote:

    Peter Karman wrote on 8/17/08 2:09 PM:

    Matt S Trout wrote on 8/17/08 12:39 PM:
    On Mon, Aug 11, 2008 at 11:49:00AM -0500, Peter Karman wrote:
    I am going to be doing something similar eventually using
    Net::LDAP::Class and either
    C::Model::LDAP or a CatalystX::CRUD::ModelAdapter::LDAP. You might
    look at
    Net::LDAP::Class to see if it makes what you're doing any easier.
    Damn. Net::LDAP::Class reserves ->meta for a crappy metadata object.

    Could that not be called metadata or something to make it easier to use
    with catamoose?
    yes, it could. I'll change it for the next release.
    Thanks for the feedback, Matt. Uploaded as 0.09.
    karpet++

    --
    Matt S Trout Need help with your Catalyst or DBIx::Class project?
    Technical Director http://www.shadowcat.co.uk/catalyst/
    Shadowcat Systems Ltd. Want a managed development or deployment platform?
    http://chainsawblues.vox.com/ http://www.shadowcat.co.uk/servers/

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupcatalyst @
categoriescatalyst, perl
postedAug 7, '08 at 4:52p
activeAug 22, '08 at 3:44p
posts7
users4
websitecatalystframework.org
irc#catalyst

People

Translate

site design / logo © 2022 Grokbase