Beefy Boxes and Bandwidth Generously Provided by pair Networks
Your skill will accomplish
what the force of many cannot

Catalyst LDAP Authentication Not Working

by Anonymous Monk
on Oct 17, 2013 at 16:03 UTC ( #1058641=perlquestion: print w/replies, xml ) Need Help??
Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

I am using LDAP authentication for my Catalyst application. Using tcpdump, I see the initial bind happening, but the Catalyst app never searches for a user name and never tries to bind with the username/password. What information do you need to help me?
  • Comment on Catalyst LDAP Authentication Not Working

Replies are listed 'Best First'.
Re: Catalyst LDAP Authentication Not Working
by keszler (Priest) on Oct 17, 2013 at 16:42 UTC
      I am running Catalyst 5.90042, Perl v5.10.1, on Red Hat Enterprise Linux Server release 6.4 The configuration in Config::General format
      <Plugin::Authentication> <default> <store> class LDAP ldap_server ldap://ldap.server:3268 binddn bind@domain bindpw password user_basedn basedn user_field samaccountname user_filter (sAMAccountName=%s)) user_scope sub <user_search_options> dref always </user_search_options> </store> <credential> class Password password_type self_check password_field password </credential> </default> </Plugin::Authentication>
      The Controller module action
      sub login : Local { my ( $self, $c ) = @_; if ( my $user = $c->req->params->{user} and my $password = $c->req->params->{password} ) { if ( $c->authenticate( { login => $user, password => $password, })) { $c->response->redirect($c->uri_for('/')); } else { # login incorrect use Data::Dumper; $c->response->body("Login Incorrect"); } } else { # invalid form input $c->response->body("Form Input Invalid"); } }

        Don't know if it's the issue but (sAMAccountName=%s)) has an extra close paren. Might want to add this to the store (sorry, I like YAML better than Config::General)-

        ldap_server_options: timeout: 30 onerror: warn

        I would also recommend never taking query params for login; insist on POST params. Otherwise some user might discover that she can auto-login with a URL with her credentials in the query string.

        my $user = $c->req->params->{user} and my $password = $c->req->params->{password} # Becomes... my $user = $c->request->body_params->{user} and my $password = $c->request->body_params->{password}
        As in, I changed $c->authenticate( { login => $user to $c->authenticate( { id => $user, and it didn't help.
Re: Catalyst LDAP Authentication Not Working
by Your Mother (Chancellor) on Oct 17, 2013 at 19:57 UTC

    Sorry, I replied to wrong node. :P See my other post.

      It's okay, you replied to the anonymonk's other post.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://1058641]
Approved by marto
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others taking refuge in the Monastery: (12)
As of 2017-09-20 11:37 GMT
Find Nodes?
    Voting Booth?
    During the recent solar eclipse, I:

    Results (236 votes). Check out past polls.