1Net::LDAP::Control::ProUxsyeArutCho(n3t)ributed Perl DocNuemte:n:tLaDtAiPo:n:Control::ProxyAuth(3)
2
3
4

NAME

6       Net::LDAP::Control::ProxyAuth - LDAPv3 Proxy Authorization control
7       object
8

SYNOPSIS

10        use Net::LDAP;
11        use Net::LDAP::Control::ProxyAuth;
12
13        $ldap = Net::LDAP->new( "ldap.mydomain.eg" );
14
15        $auth = Net::LDAP::Control::ProxyAuth->new( authzID => 'dn:cn=me,ou=people,o=myorg.com' );
16
17        @args = ( base     => "cn=subnets,cn=sites,cn=configuration,$BASE_DN",
18                  scope    => "subtree",
19                  filter   => "(objectClass=subnet)",
20                  callback => \&process_entry, # Call this sub for each entry
21                  control  => [ $auth ],
22        );
23
24        while (1) {
25          # Perform search
26          my $mesg = $ldap->search( @args );
27
28          # Only continue on LDAP_SUCCESS
29          $mesg->code and last;
30
31        }
32

DESCRIPTION

34       "Net::LDAP::Control::ProxyAuth" provides an interface for the creation
35       and manipulation of objects that represent the "Proxy Authorization
36       Control" as described by RFC 4370.
37
38       It allows a client to be bound to an LDAP server with its own identity,
39       but to perform operations on behalf of another user, the "authzID".
40
41       With the exception of any extension that causes a change in
42       authentication, authorization or data confidentiality, a single "Proxy
43       Authorization Control" may be included in any search, compare, modify,
44       add, delete, or moddn or extended operation.
45
46       As required by the RFC, the criticality of this control is
47       automatically set to TRUE in order to protect clients from submitting
48       requests with other identities than they intend to.
49

CONSTRUCTOR ARGUMENTS

51       In addition to the constructor arguments described in
52       Net::LDAP::Control the following are provided.
53
54       authzID
55           The authzID that is required. This is the identity we are
56           requesting operations to use.
57
58       proxyDN
59           In early versions of the drafts to RFC 4370,
60           draft-weltman-ldapv3-proxy-XX.txt, the value in the control and
61           thus the constructor argument was a DN and was called "proxyDN".
62           It served the same purpose as "authzID" in recent versions of
63           "proxyAuthorization" control.
64
65       Please note: Unfortunately the OID and the encoding or the "Proxy
66       Authorization Control" changed significantly between early versions of
67       draft-weltman-ldapv3-proxy-XX.txt and the final RFC.
68       Net::LDAP::Control::ProxyAuth tries to cope with that situation and
69       changes the OID and encoding used depending on the constructor
70       argument.
71
72       With "proxyDN" as constructor argument the old OID and encoding are
73       used, while with "authzID" as constructor argument the new OID and
74       encoding are used.  Using this logic servers supporting either OID can
75       be handled correctly.
76

METHODS

78       As with Net::LDAP::Control each constructor argument described above is
79       also available as a method on the object which will return the current
80       value for the attribute if called without an argument, and set a new
81       value for the attribute if called with an argument.
82

SEE ALSO

84       Net::LDAP, Net::LDAP::Control,
85

AUTHORS

87       Olivier Dubois, Swift sa/nv based on Net::LDAP::Control::Page from
88       Graham Barr <gbarr@pobox.com>.  Peter Marschall <peter@adpm.de> added
89       authzID extensions based on ideas from Graham Barr <gbarr@pobox.com>.
90
91       Please report any bugs, or post any suggestions, to the perl-ldap
92       mailing list <perl-ldap@perl.org>
93

COPYRIGHT

95       Copyright (c) 2001-2004 Graham Barr. All rights reserved. This program
96       is free software; you can redistribute it and/or modify it under the
97       same terms as Perl itself.
98
99
100
101perl v5.34.0                      2021-07-22  Net::LDAP::Control::ProxyAuth(3)