SOLVED!
'user_scope'needs to be 'sub' and not 'one'. And as a side note 'user_field' must be lowercase or a deep recursion search will be done.
I'm trying to authenticate with Catalyst::Authentication::Store::LDAP and in the Catalyst development server it keeps saying "debug: Unable to locate user matching user info provided".
Since it uses Net::LDAP as a backend I made a test script which works and is as seen below. It dumps out all the ActiveDirectory info for me.
#!/usr/bin/perl
use Net::LDAP;
use Data::Dumper;
my $ldap = Net::LDAP->new( 'sub.ad.mydomain.org' );
# bind to a directory with dn and password
my $mesg = $ldap->bind(
'myusername@ad.mydomain.com',
password => 'mypassword'
);
$mesg = $ldap->search(
base => "DC=sub,DC=ad,DC=mydomain,DC=org",
filter => "(sAMAccountName=myusername)",
);
die Dumper $mesg->entries;
Also running "ldapsearch" like below dumps all my ActiveDirectory info:
ldapsearch -H ldap://sub.ad.mydomain.org \
-b dc=sub,dc=ad,dc=mydomain,dc=org \
-D myusername@ad.subdomain.org \
-w mypassword \
'(sAMAccountName=myusername)'
In the documentation for Catalyst::Authentication::Store::LDAP it says for Microsoft ActiveDirectory to change "user_field: samaccountname" to lowercase which I have and I also left it the proper case.
The development server debug info looks like this:
[debug] Body Parameters are:
.-------------+-------------.
| Parameter | Value |
+-------------+-------------+
| password | mypassword |
| username | myusername |
'-------------+-------------'
[debug] Path is "login"
[debug] Unable to locate user matching user info provided
Here is what my myapp.conf file looks like for Catalyst:
name MyApp
# Config for Store::LDAP
<authentication>
default_realm ldap
<realms>
<ldap>
<credential>
class Password
password_field password
password_type self_check
</credential>
<store>
class LDAP
ldap_server ldap://sub.ad.mydomain.org
<ldap_server_options>
timeout 30
onerror warn
</ldap_server_options>
binddn myusername@ad.mydomain.org
bindpw mypassword
start_tls 0
<start_tls_options>
verify none
</start_tls_options>
user_basedn DC=sub,DC=ad,DC=mydomain,DC=org
user_filter (sAMAccountName=%s)
user_scope one
user_field sAMAccountName # also tried samaccountname
<user_search_options>
deref always
</user_search_options>
use_roles 0
</store>
</ldap>
</realms>
</authentication>
And also here's my login method in Root.pm
sub login : Global {
my ( $self, $c ) = @_;
# Get the username and password from form
my $username = $c->request->params->{username};
my $password = $c->request->params->{password};
if ( $username and $password ) {
if ($c->authenticate({username => $username, password => $pass
+word })) {
$c->res->body("Welcome " . $c->user->username . "!");
} else {
$c->stash(error_msg => "Bad username or password.");
}
} else {
# Set an error message
$c->stash(error_msg => "Empty username or password.");
}
}
Any ideas on what I'm doing wrong? Is there something wrong with my Config file?
Thanks in advance for any help!
-
Are you posting in the right place? Check out Where do I post X? to know for sure.
-
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big>
<blockquote> <br /> <dd>
<dl> <dt> <em> <font>
<h1> <h2> <h3> <h4>
<h5> <h6> <hr /> <i>
<li> <nbsp> <ol> <p>
<small> <strike> <strong>
<sub> <sup> <table>
<td> <th> <tr> <tt>
<u> <ul>
-
Snippets of code should be wrapped in
<code> tags not
<pre> tags. In fact, <pre>
tags should generally be avoided. If they must
be used, extreme care should be
taken to ensure that their contents do not
have long lines (<70 chars), in order to prevent
horizontal scrolling (and possible janitor
intervention).
-
Want more info? How to link
or How to display code and escape characters
are good places to start.