Beefy Boxes and Bandwidth Generously Provided by pair Networks
Clear questions and runnable code
get the best and fastest answer
 
PerlMonks  

Not Authenticating - Catalyst::Authentication::Store::LDAP

by awohld (Hermit)
on Aug 21, 2010 at 03:21 UTC ( #856404=perlquestion: print w/ replies, xml ) Need Help??
awohld has asked for the wisdom of the Perl Monks concerning the following question:

SOLVED!

'user_scope'needs to be 'sub' and not 'one'. And as a side note 'user_field' must be lowercase or a deep recursion search will be done.

I'm trying to authenticate with Catalyst::Authentication::Store::LDAP and in the Catalyst development server it keeps saying "debug: Unable to locate user matching user info provided".

Since it uses Net::LDAP as a backend I made a test script which works and is as seen below. It dumps out all the ActiveDirectory info for me.

#!/usr/bin/perl use Net::LDAP; use Data::Dumper; my $ldap = Net::LDAP->new( 'sub.ad.mydomain.org' ); # bind to a directory with dn and password my $mesg = $ldap->bind( 'myusername@ad.mydomain.com', password => 'mypassword' ); $mesg = $ldap->search( base => "DC=sub,DC=ad,DC=mydomain,DC=org", filter => "(sAMAccountName=myusername)", ); die Dumper $mesg->entries;

Also running "ldapsearch" like below dumps all my ActiveDirectory info:

ldapsearch -H ldap://sub.ad.mydomain.org \ -b dc=sub,dc=ad,dc=mydomain,dc=org \ -D myusername@ad.subdomain.org \ -w mypassword \ '(sAMAccountName=myusername)'

In the documentation for Catalyst::Authentication::Store::LDAP it says for Microsoft ActiveDirectory to change "user_field: samaccountname" to lowercase which I have and I also left it the proper case.

The development server debug info looks like this:

[debug] Body Parameters are: .-------------+-------------. | Parameter | Value | +-------------+-------------+ | password | mypassword | | username | myusername | '-------------+-------------' [debug] Path is "login" [debug] Unable to locate user matching user info provided
Here is what my myapp.conf file looks like for Catalyst:

name MyApp # Config for Store::LDAP <authentication> default_realm ldap <realms> <ldap> <credential> class Password password_field password password_type self_check </credential> <store> class LDAP ldap_server ldap://sub.ad.mydomain.org <ldap_server_options> timeout 30 onerror warn </ldap_server_options> binddn myusername@ad.mydomain.org bindpw mypassword start_tls 0 <start_tls_options> verify none </start_tls_options> user_basedn DC=sub,DC=ad,DC=mydomain,DC=org user_filter (sAMAccountName=%s) user_scope one user_field sAMAccountName # also tried samaccountname <user_search_options> deref always </user_search_options> use_roles 0 </store> </ldap> </realms> </authentication>

And also here's my login method in Root.pm

sub login : Global { my ( $self, $c ) = @_; # Get the username and password from form my $username = $c->request->params->{username}; my $password = $c->request->params->{password}; if ( $username and $password ) { if ($c->authenticate({username => $username, password => $pass +word })) { $c->res->body("Welcome " . $c->user->username . "!"); } else { $c->stash(error_msg => "Bad username or password."); } } else { # Set an error message $c->stash(error_msg => "Empty username or password."); } }
Any ideas on what I'm doing wrong? Is there something wrong with my Config file? Thanks in advance for any help!

Comment on Not Authenticating - Catalyst::Authentication::Store::LDAP
Select or Download Code
Re: Not Authenticating - Catalyst::Authentication::Store::LDAP
by shmem (Canon) on Aug 21, 2010 at 10:09 UTC

    The docs say

    $c->authenticate({ id => $c->req->param("login"), password => $c->req->param("password") });

    id, not username ;-)

      I was really hoping that was it, but it's still saying it can't locate the user matching the info provided.

      So seeing that Catalyst::Plugin::Authentication::LDAP was superceded by Catalyst::Authentication::Store::LDAP, I take it means that C::A::Store::LDAP does the authentication too.

      But looking at C::A::Store::LDAP it says that it authenticates a user if it finds the user info in the LDAP store. So it's really not even looking a the passwords. So this looks like it's not really an Authentication module. But why would an Authenticaiton module be superceeded by a Store module?

      UPDATE:
      As an update I see that the first step is that C::A::Store::LDAP binds with the pre-set user and password, then it reconnects with the user and password sent in second time. Here's a copy of my config in memory if that helps:
      do { my $a = { "Action::RenderView" => { ignore_classes => [ "DBIx::Class::ResultSource::Table", "DBIx::Class::ResultSourceHandle", "DateTime", ], scrubber_func => sub { ... }, }, "authentication" => { default_realm => "ldap", realms => { ldap => { credential => { class => "Password", password_field => "password", password_hash_type => "SHA-1", password_type => "self_check", }, store => { binddn => "myusername\@ad.mydomain.org", bindpw => "mypassword", class => "LDAP", ldap_server => "ldap://sub.ad.mydomain.org", ldap_server_options => { onerror => "warn", timeout => 30 +}, start_tls => 0, start_tls_options => { verify => "none" }, use_roles => 0, user_basedn => "DC=sub,DC=ad,DC=mydomain,DC=org", user_field => "sAMAccountName", user_filter => "(sAMAccountName=%s)", user_scope => "one", user_search_options => { deref => "always" }, }, use_session => 1, }, }, use_session => 1, }, "disable_component_resolution_regex_fallback" => 1, "home" => "/home/me/perl_modules/MyApp", "name" => "MyApp", "Plugin::Authentication" => 'fix', "Plugin::ConfigLoader" => {}, "root" => bless({ dirs => ["", "home", "me", "perl_modules", "MyApp", "root"], file_spec_class => undef, volume => "", }, "Path::Class::Dir"), "stacktrace" => { context => 3, verbose => 0 }, "static" => { debug => 1, dirs => [], ignore_dirs => [], ignore_extensions => ["tmpl", "tt", "tt2", "html", "xhtml"], include_path => ['fix'], mime_types => {}, mime_types_obj => bless({}, "MIME::Types"), no_logs => 1, }, }; $a->{"Plugin::Authentication"} = $a->{"authentication"}; $a->{"static"}{include_path}[0] = $a->{"root"}; $a; }

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://856404]
Approved by planetscape
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others studying the Monastery: (4)
As of 2015-07-05 04:25 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (60 votes), past polls