Beefy Boxes and Bandwidth Generously Provided by pair Networks
more useful options
 
PerlMonks  

Catalyst LDAP Authentication Not Working

by Anonymous Monk
on Oct 17, 2013 at 16:03 UTC ( #1058641=perlquestion: print w/ replies, xml ) Need Help??
Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

I am using LDAP authentication for my Catalyst application. Using tcpdump, I see the initial bind happening, but the Catalyst app never searches for a user name and never tries to bind with the username/password. What information do you need to help me?

Comment on Catalyst LDAP Authentication Not Working
Replies are listed 'Best First'.
Re: Catalyst LDAP Authentication Not Working
by keszler (Priest) on Oct 17, 2013 at 16:42 UTC
      I am running Catalyst 5.90042, Perl v5.10.1, on Red Hat Enterprise Linux Server release 6.4 The configuration in Config::General format
      <Plugin::Authentication> <default> <store> class LDAP ldap_server ldap://ldap.server:3268 binddn bind@domain bindpw password user_basedn basedn user_field samaccountname user_filter (sAMAccountName=%s)) user_scope sub <user_search_options> dref always </user_search_options> </store> <credential> class Password password_type self_check password_field password </credential> </default> </Plugin::Authentication>
      The Controller module action
      sub login : Local { my ( $self, $c ) = @_; if ( my $user = $c->req->params->{user} and my $password = $c->req->params->{password} ) { if ( $c->authenticate( { login => $user, password => $password, })) { $c->response->redirect($c->uri_for('/')); } else { # login incorrect use Data::Dumper; $c->response->body("Login Incorrect"); } } else { # invalid form input $c->response->body("Form Input Invalid"); } }

        Don't know if it's the issue but (sAMAccountName=%s)) has an extra close paren. Might want to add this to the store (sorry, I like YAML better than Config::General)-

        ldap_server_options: timeout: 30 onerror: warn

        I would also recommend never taking query params for login; insist on POST params. Otherwise some user might discover that she can auto-login with a URL with her credentials in the query string.

        my $user = $c->req->params->{user} and my $password = $c->req->params->{password} # Becomes... my $user = $c->request->body_params->{user} and my $password = $c->request->body_params->{password}
        As in http://perlmonks.org/?node_id=856404, I changed $c->authenticate( { login => $user to $c->authenticate( { id => $user, and it didn't help.
Re: Catalyst LDAP Authentication Not Working
by Your Mother (Chancellor) on Oct 17, 2013 at 19:57 UTC

    Sorry, I replied to wrong node. :P See my other post.

      It's okay, you replied to the anonymonk's other post.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://1058641]
Approved by marto
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others taking refuge in the Monastery: (13)
As of 2015-07-30 12:17 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (271 votes), past polls