Re: LDAP store patches (Was: Re: [Catalyst] mix authentication stores)

[Peter Karman]

Tomas Doran wrote on 9/30/08 9:27 PM:
> 
> On 1 Oct 2008, at 03:11, Peter Karman wrote:
> 
>> Tomas Doran wrote on 9/30/08 8:24 PM:
>>
>>> so if anyone reading could poke the Store::LDAP
>>> maintainer and get them to join the thread (and respond to my patches!),
>>> that'd be awesome...
>>
>> that'd be me.
> 
> Hi!
> 
>> I've seen the tickets; haven't yet read the patches, but in
>> general the feature ideas look sane. If someone else has time to look
>> at the
>> patches, I likely won't get to it for a few more days.
> 
> No huge rush, I'm just totally spoilt by the Moose community where you
> end up finding a bug, writing a test case, and then finding it's been
> fixed in trunk already.
> 
> As long as you're around and alive, have seen my patches 'in theory' and
> will get to them at some point then I'm more than happy to await your
> leisure..

and finally, time made itself available.

committed to cat svn as r8570 and uploaded just now to pause as 0.1004. Thanks
for the patches.


-- 
Peter Karman  .  http://peknet.com/  .  [EMAIL PROTECTED]

___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] mix authentication stores

[Jose Luis Martinez]

Matt S Trout escribió:
Catalyst::Authentication::Credential::Authen::Simple should do the 
trick. 
http://search.cpan.org/~jlmartin/Catalyst-Authentication-Credential-Authen-Simple-0.02/lib/Catalyst/Authentication/Credential/Authen/Simple.pm 
becasue Authen::Simple does support LDAP.


Fucking awesome.


Thanks. :)



This needs to be more widely publicised, do you think you could do doc
patches fr C::P::Authentication and a wiki write up? :)


I'll try to get some time to do it...

Jose Luis Martinez
[EMAIL PROTECTED]

___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] mix authentication stores

[Matt S Trout]

On Wed, Oct 01, 2008 at 04:58:51PM +0200, Jose Luis Martinez wrote:
> Tomas Doran escribió:
> 
> >Unfortunately, there is no such thing as an LDAP credential module on 
> >CPAN at the moment.
> >
> 
> Catalyst::Authentication::Credential::Authen::Simple should do the 
> trick. 
> http://search.cpan.org/~jlmartin/Catalyst-Authentication-Credential-Authen-Simple-0.02/lib/Catalyst/Authentication/Credential/Authen/Simple.pm
>  
> becasue Authen::Simple does support LDAP.

Fucking awesome.

This needs to be more widely publicised, do you think you could do doc
patches fr C::P::Authentication and a wiki write up? :)

-- 
  Matt S Trout   Need help with your Catalyst or DBIx::Class project?
   Technical Directorhttp://www.shadowcat.co.uk/catalyst/
 Shadowcat Systems Ltd.  Want a managed development or deployment platform?
http://chainsawblues.vox.com/http://www.shadowcat.co.uk/servers/

___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] mix authentication stores

[Jose Luis Martinez]

Tomas Doran escribió:

Unfortunately, there is no such thing as an LDAP credential module on 
CPAN at the moment.




Catalyst::Authentication::Credential::Authen::Simple should do the 
trick. 
http://search.cpan.org/~jlmartin/Catalyst-Authentication-Credential-Authen-Simple-0.02/lib/Catalyst/Authentication/Credential/Authen/Simple.pm 
becasue Authen::Simple does support LDAP.



Regards,

Jose Luis Martinez
[EMAIL PROTECTED]

___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

LDAP store patches (Was: Re: [Catalyst] mix authentication stores)

[Tomas Doran]

On 1 Oct 2008, at 03:11, Peter Karman wrote:


Tomas Doran wrote on 9/30/08 8:24 PM:


so if anyone reading could poke the Store::LDAP
maintainer and get them to join the thread (and respond to my  
patches!),

that'd be awesome...


that'd be me.


Hi!


I've seen the tickets; haven't yet read the patches, but in
general the feature ideas look sane. If someone else has time to  
look at the

patches, I likely won't get to it for a few more days.


No huge rush, I'm just totally spoilt by the Moose community where  
you end up finding a bug, writing a test case, and then finding it's  
been fixed in trunk already.


As long as you're around and alive, have seen my patches 'in theory'  
and will get to them at some point then I'm more than happy to await  
your leisure..


Cheers
t0m


___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] mix authentication stores

[jay kuri]

Hello Stephan,

The short answer is yes, it is possible. But you will need to do some
work to make it happen.

The long answer is Yee.  Basically, Catalyst authentication
is split into two pieces Credentials and Stores.  A Store finds / holds
the users.  A credential is responsible for comparing the authentication
information with a user (somehow) and determining whether they are who
they claim to be.

It is possible to use LDAP to authenticate the user, but store that
user's information in the database.  Unfortunately there are not any
LDAP credentials.  There is an LDAP store, but it expects that role
information is stored in LDAP also.

So what you need to do is create a credential that verifies your user
via LDAP (probably using Catalyst::Model::LDAP) and then use the
DBIx::Class Store to store your user information.  Alternately you could
create a module that subclasses (or even just wraps) the LDAP store and
override the role related methods to access the database.

As someone else mentioned, the Internals doc in
Catalyst::Plugin::Authentication explains in detail how credentials /
stores work... I doubt you'd have much trouble.

Let me know if you need any more information.

JayK

On Tue, 2008-09-30 at 20:58 +0200, Stephan Jennewein wrote:
> Hi,
>
> is it possible to use ldap to authenticate and dbic (a database) to handle the
> user role relation ? So that it works like it resides all in one storage
> backend.
> If yes how do I configure that in the $application.conf ?
>
> Stephan
>
> ___
> List: Catalyst@lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/


___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] mix authentication stores

[Peter Karman]

Tomas Doran wrote on 9/30/08 8:24 PM:

> Splitting the current LDAP code so that it could be either a store
> and/or credential also wouldn't be hard, and I volunteer to help with
> the effort.

yes, that's a good idea. The current LDAP auth plugin is in the Store namespace
but does both Store and Credential right now.

> 
> I'm personally fine with the LDAP store, but I've thrown a couple of
> patches in that direction to add stuff I need, so doing a bit more
> hacking on it wouldn't push the boat out. I haven't had any response to
> these yet however, so if anyone reading could poke the Store::LDAP
> maintainer and get them to join the thread (and respond to my patches!),
> that'd be awesome...

that'd be me. I've seen the tickets; haven't yet read the patches, but in
general the feature ideas look sane. If someone else has time to look at the
patches, I likely won't get to it for a few more days.

-- 
Peter Karman  .  http://peknet.com/  .  [EMAIL PROTECTED]

___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] mix authentication stores

[Tomas Doran]

On 1 Oct 2008, at 02:05, Matt S Trout wrote:


On Tue, Sep 30, 2008 at 08:58:04PM +0200, Stephan Jennewein wrote:

Hi,

is it possible to use ldap to authenticate and dbic (a database)  
to handle the
user role relation ? So that it works like it resides all in one  
storage

backend.
If yes how do I configure that in the $application.conf ?


LDAP credential.

DBIx::Class store.

See authentication docs for how to configure each.


Unfortunately, there is no such thing as an LDAP credential module on  
CPAN at the moment.


However, as noted elsewhere in this thread, coming up with one  
wouldn't be that hard.


Splitting the current LDAP code so that it could be either a store  
and/or credential also wouldn't be hard, and I volunteer to help with  
the effort.


I'm personally fine with the LDAP store, but I've thrown a couple of  
patches in that direction to add stuff I need, so doing a bit more  
hacking on it wouldn't push the boat out. I haven't had any response  
to these yet however, so if anyone reading could poke the Store::LDAP  
maintainer and get them to join the thread (and respond to my  
patches!), that'd be awesome...


Cheers
t0m




___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] mix authentication stores

[Matt S Trout]

On Tue, Sep 30, 2008 at 02:26:41PM -0500, Jonathan Hall wrote:
> Not directly... it's not even possible in DBIC to have relationships 
> between different databases, which is essentially what you're talking 
> about doing.

Unless you count mysql as a database in which case ->table('otherdb.foo')
works just fine.

But yeah, DBIC's relationships are specifically things that can be JOINed.

LDAP doesn't count. Fortunately, see my point about store and credential
being different in auth as a possible approach. I'm poking Jay Kuri to
elaborate and/or tell me I'm talking crap :)

-- 
  Matt S Trout   Need help with your Catalyst or DBIx::Class project?
   Technical Directorhttp://www.shadowcat.co.uk/catalyst/
 Shadowcat Systems Ltd.  Want a managed development or deployment platform?
http://chainsawblues.vox.com/http://www.shadowcat.co.uk/servers/

___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] mix authentication stores

[Matt S Trout]

On Tue, Sep 30, 2008 at 08:58:04PM +0200, Stephan Jennewein wrote:
> Hi,
> 
> is it possible to use ldap to authenticate and dbic (a database) to handle 
> the 
> user role relation ? So that it works like it resides all in one storage 
> backend.
> If yes how do I configure that in the $application.conf ?

LDAP credential.

DBIx::Class store.

See authentication docs for how to configure each.

-- 
  Matt S Trout   Need help with your Catalyst or DBIx::Class project?
   Technical Directorhttp://www.shadowcat.co.uk/catalyst/
 Shadowcat Systems Ltd.  Want a managed development or deployment platform?
http://chainsawblues.vox.com/http://www.shadowcat.co.uk/servers/

___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] mix authentication stores

[Jonathan Hall]

Not directly... it's not even possible in DBIC to have relationships 
between different databases, which is essentially what you're talking 
about doing.


You can accomplish the same thing client-side if you write your own user 
store module(s), which is not fundamentally difficult.  I have done a 
similar thing for our Cat application; we authenticate via Unix accounts 
(/etc/passwd), or DBIC, or LDAP or (insert other yet-to-exist 
authentication methods).  The user roles are all defined in the database.


The user store documentation available on CPAN describes how to write 
modules such that they will interface with Catalyst properly, and it's 
not very difficult.  I did my first one in half a day, having 
practically zero experience with catalyst internals at the time.  (I 
have since rewritten it a time or two, and each iteration is better and 
cleaner, as you would expect).


--
Jonathan


Stephan Jennewein wrote:

Hi,

is it possible to use ldap to authenticate and dbic (a database) to handle the
user role relation ? So that it works like it resides all in one storage
backend.
If yes how do I configure that in the $application.conf ?

Stephan

___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/
  



--
Inbound and outbound email scanned for spam and viruses by the

DoubleCheck Email Manager: http://www.doublecheckemail.com

___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/