table of contents
| Wallet::ACL::LDAP::Attribute::Root(3pm) | User Contributed Perl Documentation | Wallet::ACL::LDAP::Attribute::Root(3pm) |
NAME¶
Wallet::ACL::LDAP::Attribute::Root - Wallet ACL verifier for LDAP attributes (root instances)
SYNOPSIS¶
my $verifier = Wallet::ACL::LDAP::Attribute::Root->new;
my $status = $verifier->check ($principal, "$attr=$value");
if (not defined $status) {
die "Something failed: ", $verifier->error, "\n";
} elsif ($status) {
print "Access granted\n";
} else {
print "Access denied\n";
}
DESCRIPTION¶
Wallet::ACL::LDAP::Attribute::Root works identically to Wallet::ACL::LDAP::Attribute except that it requires the principal to be a root instance (in other words, to be in the form <principal>/root@<realm>) and strips the "/root" portion from the principal before checking against the LDAP attribute and value. As with the base LDAP Attribute ACL verifier, the value of such a "ldap-attr-root" ACL is an attribute followed by an equal sign and a value, and the ACL grants access to a given principal if and only if the LDAP entry for that principal (with "/root" stripped) has that attribute set to that value.
To use this object, the same configuration parameters must be set as for Wallet::ACL::LDAP::Attribute. See Wallet::Config(3) for details on those configuration parameters and information about how to set wallet configuration.
METHODS¶
- check(PRINCIPAL, ACL)
- Returns true if PRINCIPAL is granted access according to ACL, false if not, and undef on an error (see "DIAGNOSTICS" below). ACL must be an attribute name and a value, separated by an equal sign (with no whitespace). PRINCIPAL will be granted access if it has an instance of "root" and if (with "/root" stripped off) its LDAP entry contains that attribute with that value
DIAGNOSTICS¶
Same as for Wallet::ACL::LDAP::Attribute.
CAVEATS¶
The instance to strip is not currently configurable.
SEE ALSO¶
Net::Remctl(3), Wallet::ACL(3), Wallet::ACL::Base(3), Wallet::ACL::LDAP::Attribute(3), Wallet::Config(3), wallet-backend(8)
This module is part of the wallet system. The current version is available from <https://www.eyrie.org/~eagle/software/wallet/>.
AUTHORS¶
Jon Robertson <jonrober@stanford.edu> Russ Allbery <eagle@eyrie.org>
| 2024-08-01 | perl v5.38.2 |