Re: [Catalyst] progressive authentication via db & LDAP

Tue, 25 Jan 2011 06:56:29 -0800 

Am 25.01.2011 11:16, schrieb Tomas Doran:


On 25 Jan 2011, at 10:01, piccard wrote:

In view of that, I've got one more question. What I would really 
need, is a password authentification against LDAP and if successful,
get the user and his roles from the database. So, is it possible to 
split up this process and still use methods like check_any_user_role()?



I don't think you want the authentication framework to be doing that 
for you.



If that's what you're _actually_ doing, then putting the 
authentication logic into your user class makes much more sense, and 
makes your data model much more consistent... Otherwise you have to 
replicate the authentication framework if you ever want to log a user 
in (or simulate a 'proper' user, or change password, or..) outside the 
context of the Catalyst application.

I'm not sure if I will really run into these problems. I've tried it so 
far this way:


a user authenticates hisself succesfully via LDAP.
afterwards the user will be logged out immediately.

then a dbix find_or_create-routine is going to fetch the user-object 
which I'll use to reauthenticate via DB.



so I think this could work properly and at least I've got all the 
goodies the authentication-framwork provides. what do you think?



unfortunately I'm using a 'dirty' hack to authenticate (the DB shouldn't 
safe LDAP-passwords):



my $user = $c->model('DB::User')->find_or_create({ user_identification 
=> $username });

$c->session->{__user} = { $user->get_columns };


I would prefer using $c->set_authenticated( $user, 'dbAuth'); but 
somehow it doesn't work for me. I think I just use the wrong user-object.



The authentication framework already provides this sort of hook for 
you, with the self_check configuration option, which says that the 
user class is responsible for checking it's own password.

I'm not sure how this should work. the doc says  'self_check indicates 
that the password should be passed to the check_password() routine on 
the user object returned from the store'.

How or in which way I can set the hook?

_______________________________________________
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/






















					Reply via email to