Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl: the Markov chain saw
 
PerlMonks  

Re: Catalyst LDAP Authentication Not Working

by keszler (Priest)
on Oct 17, 2013 at 16:42 UTC ( #1058646=note: print w/ replies, xml ) Need Help??


in reply to Catalyst LDAP Authentication Not Working

"What information do you need to help me?"

Something like Not Authenticating - Catalyst::Authentication::Store::LDAP


Comment on Re: Catalyst LDAP Authentication Not Working
Re^2: Catalyst LDAP Authentication Not Working
by Anonymous Monk on Oct 17, 2013 at 18:51 UTC
    I am running Catalyst 5.90042, Perl v5.10.1, on Red Hat Enterprise Linux Server release 6.4 The configuration in Config::General format
    <Plugin::Authentication> <default> <store> class LDAP ldap_server ldap://ldap.server:3268 binddn bind@domain bindpw password user_basedn basedn user_field samaccountname user_filter (sAMAccountName=%s)) user_scope sub <user_search_options> dref always </user_search_options> </store> <credential> class Password password_type self_check password_field password </credential> </default> </Plugin::Authentication>
    The Controller module action
    sub login : Local { my ( $self, $c ) = @_; if ( my $user = $c->req->params->{user} and my $password = $c->req->params->{password} ) { if ( $c->authenticate( { login => $user, password => $password, })) { $c->response->redirect($c->uri_for('/')); } else { # login incorrect use Data::Dumper; $c->response->body("Login Incorrect"); } } else { # invalid form input $c->response->body("Form Input Invalid"); } }
      As in http://perlmonks.org/?node_id=856404, I changed $c->authenticate( { login => $user to $c->authenticate( { id => $user, and it didn't help.
        Here is the packet capture
        1 0.000000 catserver -> ldapserver TCP 38760 > msft-gc [SYN] Seq=0 + Win=14600 Len=0 MSS=1460 TSV=4135990048 TSER=0 WS=6 2 0.000244 ldapserver -> catserver TCP msft-gc > 38760 [SYN, ACK] +Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=8 TSV=338886467 TSER=413599004 +8 3 0.000271 catserver -> ldapserver TCP 38760 > msft-gc [ACK] Seq=1 + Ack=1 Win=14656 Len=0 TSV=4135990049 TSER=338886467 4 0.013696 catserver -> ldapserver LDAP bindRequest(1) "apache@ads +.state.mo.us" simple 5 0.031177 ldapserver -> catserver LDAP bindResponse(1) success 6 0.031310 catserver -> ldapserver TCP 38760 > msft-gc [ACK] Seq=4 +5 Ack=23 Win=14656 Len=0 TSV=4135990080 TSER=338886470 7 0.055315 catserver -> ldapserver TCP 38760 > msft-gc [FIN, ACK] +Seq=45 Ack=23 Win=14656 Len=0 TSV=4135990104 TSER=338886470 8 0.055602 ldapserver -> catserver TCP msft-gc > 38760 [ACK] Seq=2 +3 Ack=46 Win=66560 Len=0 TSV=338886473 TSER=4135990104 9 0.055662 ldapserver -> catserver TCP msft-gc > 38760 [RST, ACK] +Seq=23 Ack=46 Win=0 Len=0

      Don't know if it's the issue but (sAMAccountName=%s)) has an extra close paren. Might want to add this to the store (sorry, I like YAML better than Config::General)-

      ldap_server_options: timeout: 30 onerror: warn

      I would also recommend never taking query params for login; insist on POST params. Otherwise some user might discover that she can auto-login with a URL with her credentials in the query string.

      my $user = $c->req->params->{user} and my $password = $c->req->params->{password} # Becomes... my $user = $c->request->body_params->{user} and my $password = $c->request->body_params->{password}
        Thanks. The extra parenthesis was the problem. If it was a snake, I'd be bit.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1058646]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others drinking their drinks and smoking their pipes about the Monastery: (6)
As of 2014-12-28 11:55 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (180 votes), past polls