Beefy Boxes and Bandwidth Generously Provided by pair Networks
Your skill will accomplish
what the force of many cannot
 
PerlMonks  

Re: Catalyst LDAP Authentication Not Working

by keszler (Priest)
on Oct 17, 2013 at 16:42 UTC ( #1058646=note: print w/replies, xml ) Need Help??


in reply to Catalyst LDAP Authentication Not Working

"What information do you need to help me?"

Something like Not Authenticating - Catalyst::Authentication::Store::LDAP

  • Comment on Re: Catalyst LDAP Authentication Not Working

Replies are listed 'Best First'.
Re^2: Catalyst LDAP Authentication Not Working
by Anonymous Monk on Oct 17, 2013 at 18:51 UTC
    I am running Catalyst 5.90042, Perl v5.10.1, on Red Hat Enterprise Linux Server release 6.4 The configuration in Config::General format
    <Plugin::Authentication> <default> <store> class LDAP ldap_server ldap://ldap.server:3268 binddn bind@domain bindpw password user_basedn basedn user_field samaccountname user_filter (sAMAccountName=%s)) user_scope sub <user_search_options> dref always </user_search_options> </store> <credential> class Password password_type self_check password_field password </credential> </default> </Plugin::Authentication>
    The Controller module action
    sub login : Local { my ( $self, $c ) = @_; if ( my $user = $c->req->params->{user} and my $password = $c->req->params->{password} ) { if ( $c->authenticate( { login => $user, password => $password, })) { $c->response->redirect($c->uri_for('/')); } else { # login incorrect use Data::Dumper; $c->response->body("Login Incorrect"); } } else { # invalid form input $c->response->body("Form Input Invalid"); } }

      Don't know if it's the issue but (sAMAccountName=%s)) has an extra close paren. Might want to add this to the store (sorry, I like YAML better than Config::General)-

      ldap_server_options: timeout: 30 onerror: warn

      I would also recommend never taking query params for login; insist on POST params. Otherwise some user might discover that she can auto-login with a URL with her credentials in the query string.

      my $user = $c->req->params->{user} and my $password = $c->req->params->{password} # Becomes... my $user = $c->request->body_params->{user} and my $password = $c->request->body_params->{password}
        Thanks. The extra parenthesis was the problem. If it was a snake, I'd be bit.
      As in http://perlmonks.org/?node_id=856404, I changed $c->authenticate( { login => $user to $c->authenticate( { id => $user, and it didn't help.
        Here is the packet capture
        1 0.000000 catserver -> ldapserver TCP 38760 > msft-gc [SYN] Seq=0 + Win=14600 Len=0 MSS=1460 TSV=4135990048 TSER=0 WS=6 2 0.000244 ldapserver -> catserver TCP msft-gc > 38760 [SYN, ACK] +Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=8 TSV=338886467 TSER=413599004 +8 3 0.000271 catserver -> ldapserver TCP 38760 > msft-gc [ACK] Seq=1 + Ack=1 Win=14656 Len=0 TSV=4135990049 TSER=338886467 4 0.013696 catserver -> ldapserver LDAP bindRequest(1) "apache@ads +.state.mo.us" simple 5 0.031177 ldapserver -> catserver LDAP bindResponse(1) success 6 0.031310 catserver -> ldapserver TCP 38760 > msft-gc [ACK] Seq=4 +5 Ack=23 Win=14656 Len=0 TSV=4135990080 TSER=338886470 7 0.055315 catserver -> ldapserver TCP 38760 > msft-gc [FIN, ACK] +Seq=45 Ack=23 Win=14656 Len=0 TSV=4135990104 TSER=338886470 8 0.055602 ldapserver -> catserver TCP msft-gc > 38760 [ACK] Seq=2 +3 Ack=46 Win=66560 Len=0 TSV=338886473 TSER=4135990104 9 0.055662 ldapserver -> catserver TCP msft-gc > 38760 [RST, ACK] +Seq=23 Ack=46 Win=0 Len=0

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1058646]
help
Chatterbox?
[ambrus]: Corion: well Prima::Object says something like that the cleanup method will send an onDestory message and that you can't get more messages after cleanup, or something.
[Corion]: ambrus: Yeah - I don't think the deep source dive will be necessary if things are implemented as simple as they could be :)) And hopefully I won't need (more) timely object destruction. I can update the screen at 60Hz and hopefully even do HTTP ...
[Corion]: ... transfers in the background. Now that I think about it, this maybe even means that I can run the OpenGL filters on Youtube input :)
[ambrus]: Corion: I mentioned that the unix event loop of Prima always wakes up at least once every 0.2 seconds. Have you found out whether the win32 event loop of Prima does that too?
[Corion]: ambrus: Hmm - I would assume that the onDestroy message is sent from the destructor and doesn't go through the messageloop, but maybe it is sent when a window gets destroyed but all components are still alive...
[ambrus]: Corion: partly deep source dive, partly just conservative coding even if it adds an overhead.
[Corion]: ambrus: Hmm - no, I haven't looked at wakeup intervals ... I wonder why it should want to wakeup periodically because it gets a lot of messages from the Windows message loop (on Windows obviously)
[ambrus]: (Alternately a deep source dive and then rewrite that event loop to make it better, and then as a bonus you get an idle method.)
[ambrus]: The 0.2 seconds wakeup is likely a workaround for some bug, but I can't guess what bug that is.
[ambrus]: It's been there since Prima 1.00 iirc

How do I use this? | Other CB clients
Other Users?
Others chanting in the Monastery: (7)
As of 2016-12-09 10:29 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    On a regular basis, I'm most likely to spy upon:













    Results (150 votes). Check out past polls.