Wallet::ACL::LDAP::Attribute::Root

(Wallet ACL verifier for LDAP attributes (root instances))

SYNOPSIS

    my $verifier = Wallet::ACL::LDAP::Attribute::Root->new;
    my $status = $verifier->check ($principal, "$attr=$value");
    if (not defined $status) {
        die "Something failed: ", $verifier->error, "\n";
    } elsif ($status) {
        print "Access granted\n";
    } else {
        print "Access denied\n";
    }

Wallet::ACL::LDAP::Attribute::Root works identically to Wallet::ACL::LDAP::Attribute except that it requires the principal to be a root instance (in other words, to be in the form <principal>/root@<realm>) and strips the /root portion from the principal before checking against the LDAP attribute and value. As with the base LDAP Attribute ACL verifier, the value of such a ldap-attr-root ACL is an attribute followed by an equal sign and a value, and the ACL grants access to a given principal if and only if the LDAP entry for that principal (with /root stripped) has that attribute set to that value.

To use this object, the same configuration parameters must be set as for Wallet::ACL::LDAP::Attribute. See Wallet::Config(3) for details on those configuration parameters and information about how to set wallet configuration.

METHODS

check(PRINCIPAL, ACL): Returns true if PRINCIPAL is granted access according to ACL, false if not, and undef on an error (see DIAGNOSTICS below). ACL must be an attribute name and a value, separated by an equal sign (with no whitespace). PRINCIPAL will be granted access if it has an instance of root and if (with /root stripped off) its LDAP entry contains that attribute with that value

Wallet::ACL::LDAP::Attribute::Root

SYNOPSIS

DESCRIPTION

METHODS

DIAGNOSTICS

CAVEATS

SEE ALSO

AUTHORS