logo
Free, unlimited AI code reviews that run on commit
git-lrc git-lrc GitHub Install Now We'd appreciate a star git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt

Wallet::ACL::LDAP::Attribute::Root - Wallet ACL verifier for LDAP attributes (root instances)

Contents

Authors

       Jon Robertson <jonrober@stanford.edu> Russ Allbery <eagle@eyrie.org>

perl v5.40.0                                       2024-11-12             Wallet::ACL::LD...Attribute::Root(3pm)

Caveats

       The instance to strip is not currently configurable.

Description

       Wallet::ACL::LDAP::Attribute::Root works identically to Wallet::ACL::LDAP::Attribute except that it
       requires the principal to be a root instance (in other words, to be in the form <principal>/root@<realm>)
       and strips the "/root" portion from the principal before checking against the LDAP attribute and value.
       As with the base LDAP Attribute ACL verifier, the value of such a "ldap-attr-root" ACL is an attribute
       followed by an equal sign and a value, and the ACL grants access to a given principal if and only if the
       LDAP entry for that principal (with "/root" stripped) has that attribute set to that value.

       To use this object, the same configuration parameters must be set as for Wallet::ACL::LDAP::Attribute.
       See Wallet::Config(3) for details on those configuration parameters and information about how to set
       wallet configuration.

Diagnostics

       Same as for Wallet::ACL::LDAP::Attribute.

Methods

       check(PRINCIPAL, ACL)
           Returns  true  if  PRINCIPAL  is granted access according to ACL, false if not, and undef on an error
           (see "DIAGNOSTICS" below).  ACL must be an attribute name and a value, separated  by  an  equal  sign
           (with  no whitespace).  PRINCIPAL will be granted access if it has an instance of "root" and if (with
           "/root" stripped off)  its LDAP entry contains that attribute with that value

Name

       Wallet::ACL::LDAP::Attribute::Root - Wallet ACL verifier for LDAP attributes (root instances)

See Also

Net::Remctl(3), Wallet::ACL(3), Wallet::ACL::Base(3), Wallet::ACL::LDAP::Attribute(3), Wallet::Config(3),
       wallet-backend(8)

       This  module   is   part   of   the   wallet   system.    The   current   version   is   available   from
       <https://www.eyrie.org/~eagle/software/wallet/>.

Synopsis

           my $verifier = Wallet::ACL::LDAP::Attribute::Root->new;
           my $status = $verifier->check ($principal, "$attr=$value");
           if (not defined $status) {
               die "Something failed: ", $verifier->error, "\n";
           } elsif ($status) {
               print "Access granted\n";
           } else {
               print "Access denied\n";
           }
← View Library functions Category← Back to String manipulation🙏  Credits & Acknowledgments