.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
.    if \nF \{\
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{\
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "Net::LDAP::Control::ProxyAuth 3"
.TH Net::LDAP::Control::ProxyAuth 3 "2021-01-03" "perl v5.26.3" "User Contributed Perl Documentation"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
Net::LDAP::Control::ProxyAuth \- LDAPv3 Proxy Authorization control object
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 2
\& use Net::LDAP;
\& use Net::LDAP::Control::ProxyAuth;
\&
\& $ldap = Net::LDAP\->new( "ldap.mydomain.eg" );
\&
\& $auth = Net::LDAP::Control::ProxyAuth\->new( authzID => \*(Aqdn:cn=me,ou=people,o=myorg.com\*(Aq );
\&
\& @args = ( base     => "cn=subnets,cn=sites,cn=configuration,$BASE_DN",
\&           scope    => "subtree",
\&           filter   => "(objectClass=subnet)",
\&           callback => \e&process_entry, # Call this sub for each entry
\&           control  => [ $auth ],
\& );
\&
\& while (1) {
\&   # Perform search
\&   my $mesg = $ldap\->search( @args );
\&
\&   # Only continue on LDAP_SUCCESS
\&   $mesg\->code and last;
\&
\& }
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\f(CW\*(C`Net::LDAP::Control::ProxyAuth\*(C'\fR provides an interface for the creation and manipulation
of objects that represent the \f(CW\*(C`Proxy Authorization Control\*(C'\fR as described by \s-1RFC 4370.\s0
.PP
It allows a client to be bound to an \s-1LDAP\s0 server with its own identity, but to perform
operations on behalf of another user, the \f(CW\*(C`authzID\*(C'\fR.
.PP
With the exception of any extension that causes a change in authentication,
authorization or data confidentiality, a single \f(CW\*(C`Proxy Authorization Control\*(C'\fR
may be included in any search, compare, modify, add, delete, or moddn or
extended operation.
.PP
As required by the \s-1RFC,\s0 the criticality of this control is automatically set to
\&\s-1TRUE\s0 in order to protect clients from submitting requests with other identities
than they intend to.
.SH "CONSTRUCTOR ARGUMENTS"
.IX Header "CONSTRUCTOR ARGUMENTS"
In addition to the constructor arguments described in
Net::LDAP::Control the following are provided.
.IP "authzID" 4
.IX Item "authzID"
The authzID that is required. This is the identity we are requesting operations to use.
.IP "proxyDN" 4
.IX Item "proxyDN"
In early versions of the drafts to \s-1RFC 4370,\s0 draft\-weltman\-ldapv3\-proxy\-XX.txt,
the value in the control and thus the constructor argument was a \s-1DN\s0 and was called \f(CW\*(C`proxyDN\*(C'\fR.
It served the same purpose as \f(CW\*(C`authzID\*(C'\fR in recent versions of \f(CW\*(C`proxyAuthorization\*(C'\fR control.
.PP
\&\fBPlease note:\fR
Unfortunately the \s-1OID\s0 and the encoding or the \f(CW\*(C`Proxy Authorization Control\*(C'\fR
changed significantly between early versions of draft\-weltman\-ldapv3\-proxy\-XX.txt
and the final \s-1RFC.\s0
Net::LDAP::Control::ProxyAuth tries to cope with that situation and changes
the \s-1OID\s0 and encoding used depending on the constructor argument.
.PP
With \f(CW\*(C`proxyDN\*(C'\fR as constructor argument the old \s-1OID\s0 and encoding are used,
while with \f(CW\*(C`authzID\*(C'\fR as constructor argument the new \s-1OID\s0 and encoding are used.
Using this logic servers supporting either \s-1OID\s0 can be handled correctly.
.SH "METHODS"
.IX Header "METHODS"
As with Net::LDAP::Control each constructor argument
described above is also available as a method on the object which will
return the current value for the attribute if called without an argument,
and set a new value for the attribute if called with an argument.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
Net::LDAP,
Net::LDAP::Control,
.SH "AUTHORS"
.IX Header "AUTHORS"
Olivier Dubois, Swift sa/nv based on Net::LDAP::Control::Page from
Graham Barr <[email protected]>.
Peter Marschall <[email protected]> added authzID extensions
based on ideas from Graham Barr <[email protected]>.
.PP
Please report any bugs, or post any suggestions, to the perl-ldap
mailing list <perl\[email protected]>
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright (c) 2001\-2004 Graham Barr. All rights reserved. This program is
free software; you can redistribute it and/or modify it under the same
terms as Perl itself.