table of contents
| Wallet::ACL::LDAP::Attribute(3pm) | User Contributed Perl Documentation | Wallet::ACL::LDAP::Attribute(3pm) |
NAME¶
Wallet::ACL::LDAP::Attribute - Wallet ACL verifier for LDAP attribute compares
SYNOPSIS¶
my $verifier = Wallet::ACL::LDAP::Attribute->new;
my $status = $verifier->check ($principal, "$attr=$value");
if (not defined $status) {
die "Something failed: ", $verifier->error, "\n";
} elsif ($status) {
print "Access granted\n";
} else {
print "Access denied\n";
}
DESCRIPTION¶
Wallet::ACL::LDAP::Attribute checks whether the LDAP record for the entry corresponding to a principal contains an attribute with a particular value. It is used to verify ACL lines of type "ldap-attr". The value of such an ACL is a valid LDAP filter, and the ACL grants access to a given principal if and only if an LDAP search using a filter constructed of the principal filter AND the ACL filter returns a single entry.
To use this object, several configuration parameters must be set. See Wallet::Config for details on those configuration parameters and information about how to set wallet configuration.
METHODS¶
- new()
- Creates a new ACL verifier. Opens and binds the connection to the LDAP server.
- check(PRINCIPAL, ACL)
- Returns true if PRINCIPAL is granted access according to ACL, false if not, and undef on an error (see "DIAGNOSTICS" below). ACL must be a valid LDAP filter. The filter formed using the PRINCIPAL and the ACL filter must return a single entry for access to be granted.
- error()
- Returns the error if check() returned undef.
DIAGNOSTICS¶
The new() method may fail with one of the following exceptions:
- LDAP attribute ACL support not available: %s
- Attempting to connect or bind to the LDAP server failed.
- LDAP attribute ACL support not configured
- The required configuration parameters were not set. See Wallet::Config(3) for the required configuration parameters and how to set them.
Verifying an LDAP attribute ACL may fail with the following errors (returned by the error() method):
- search for %s failed in LDAP: %s
- The search for an ldap entry failed because of a configuration error in Wallet or the LDAP server. For example the Wallet configuration includes an invalid root DN.
- malformed ldap-attr LDAP filter, no equal sign present
- The ACL filter stored as ldap-attr is not a valid LDAP filter.
- malformed ldap-attr LDAP filter, parenthesis mismatch
- The ACL filter stored as ldap-attr is not a valid LDAP filter.
- mapping principal to LDAP failed: %s
- There was an ldap_map_principal() function defined in the wallet configuration, but calling it for the PRINCIPAL argument failed.
- no ACL specified
- The ACL parameter to check() was undefined or the empty string.
- no principal specified
- The PRINCIPAL parameter to check() was undefined or the empty string.
SEE ALSO¶
Wallet::ACL(3), Wallet::ACL::Base(3), Wallet::Config(3), wallet-backend(8)
This module is part of the wallet system. The current version is available from <https://www.eyrie.org/~eagle/software/wallet/>.
AUTHOR¶
Russ Allbery <eagle@eyrie.org>
| 2024-11-12 | perl v5.40.0 |