Wallet::ACL::LDAP::Attribute::Root

(Wallet ACL verifier for LDAP attributes (root instances))

SYNOPSIS

    my $verifier = Wallet::ACL::LDAP::Attribute::Root->new;
    my $status = $verifier->check ($principal, "$attr=$value");
    if (not defined $status) {
        die "Something failed: ", $verifier->error, "\n";
    } elsif ($status) {
        print "Access granted\n";
    } else {
        print "Access denied\n";
    }

DESCRIPTION

Wallet::ACL::LDAP::Attribute::Root works identically to Wallet::ACL::LDAP::Attribute except that it requires the principal to be a root instance (in other words, to be in the form <principal>/root@<realm>) and strips the /root portion from the principal before checking against the LDAP attribute and value. As with the base LDAP Attribute ACL verifier, the value of such a ldap-attr-root ACL is an attribute followed by an equal sign and a value, and the ACL grants access to a given principal if and only if the LDAP entry for that principal (with /root stripped) has that attribute set to that value.

To use this object, the same configuration parameters must be set as for Wallet::ACL::LDAP::Attribute. See Wallet::Config(3) for details on those configuration parameters and information about how to set wallet configuration.

METHODS

check(PRINCIPAL, ACL)

Returns true if PRINCIPAL is granted access according to ACL, false if not, and undef on an error (see DIAGNOSTICS below). ACL must be an attribute name and a value, separated by an equal sign (with no whitespace). PRINCIPAL will be granted access if it has an instance of root and if (with /root stripped off) its LDAP entry contains that attribute with that value

DIAGNOSTICS

Same as for Wallet::ACL::LDAP::Attribute.

CAVEATS

The instance to strip is not currently configurable.

SEE ALSO

Net::Remctl(3), Wallet::ACL(3), Wallet::ACL::Base(3), Wallet::ACL::LDAP::Attribute(3), Wallet::Config(3), wallet-backend(8)

This module is part of the wallet system. The current version is available from <http://www.eyrie.org/~eagle/software/wallet/>.

AUTHORS

Jon Robertson <jonrober@stanford.edu> Russ Allbery <eagle@eyrie.org>

Last modified and spun 2016-01-24