Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid

Catalyst LDAP Authentication Not Working

by Anonymous Monk
on Oct 17, 2013 at 16:03 UTC ( #1058641=perlquestion: print w/ replies, xml ) Need Help??
Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

I am using LDAP authentication for my Catalyst application. Using tcpdump, I see the initial bind happening, but the Catalyst app never searches for a user name and never tries to bind with the username/password. What information do you need to help me?

Comment on Catalyst LDAP Authentication Not Working
Replies are listed 'Best First'.
Re: Catalyst LDAP Authentication Not Working
by keszler (Priest) on Oct 17, 2013 at 16:42 UTC
      I am running Catalyst 5.90042, Perl v5.10.1, on Red Hat Enterprise Linux Server release 6.4 The configuration in Config::General format
      <Plugin::Authentication> <default> <store> class LDAP ldap_server ldap://ldap.server:3268 binddn bind@domain bindpw password user_basedn basedn user_field samaccountname user_filter (sAMAccountName=%s)) user_scope sub <user_search_options> dref always </user_search_options> </store> <credential> class Password password_type self_check password_field password </credential> </default> </Plugin::Authentication>
      The Controller module action
      sub login : Local { my ( $self, $c ) = @_; if ( my $user = $c->req->params->{user} and my $password = $c->req->params->{password} ) { if ( $c->authenticate( { login => $user, password => $password, })) { $c->response->redirect($c->uri_for('/')); } else { # login incorrect use Data::Dumper; $c->response->body("Login Incorrect"); } } else { # invalid form input $c->response->body("Form Input Invalid"); } }

        Don't know if it's the issue but (sAMAccountName=%s)) has an extra close paren. Might want to add this to the store (sorry, I like YAML better than Config::General)-

        ldap_server_options: timeout: 30 onerror: warn

        I would also recommend never taking query params for login; insist on POST params. Otherwise some user might discover that she can auto-login with a URL with her credentials in the query string.

        my $user = $c->req->params->{user} and my $password = $c->req->params->{password} # Becomes... my $user = $c->request->body_params->{user} and my $password = $c->request->body_params->{password}
        As in, I changed $c->authenticate( { login => $user to $c->authenticate( { id => $user, and it didn't help.
Re: Catalyst LDAP Authentication Not Working
by Your Mother (Chancellor) on Oct 17, 2013 at 19:57 UTC

    Sorry, I replied to wrong node. :P See my other post.

      It's okay, you replied to the anonymonk's other post.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://1058641]
Approved by marto
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others examining the Monastery: (3)
As of 2015-11-28 04:57 GMT
Find Nodes?
    Voting Booth?

    What would be the most significant thing to happen if a rope (or wire) tied the Earth and the Moon together?

    Results (737 votes), past polls