Beefy Boxes and Bandwidth Generously Provided by pair Networks
go ahead... be a heretic

Not Authenticating - Catalyst::Authentication::Store::LDAP

by awohld (Hermit)
on Aug 21, 2010 at 03:21 UTC ( #856404=perlquestion: print w/replies, xml ) Need Help??
awohld has asked for the wisdom of the Perl Monks concerning the following question:


'user_scope'needs to be 'sub' and not 'one'. And as a side note 'user_field' must be lowercase or a deep recursion search will be done.

I'm trying to authenticate with Catalyst::Authentication::Store::LDAP and in the Catalyst development server it keeps saying "debug: Unable to locate user matching user info provided".

Since it uses Net::LDAP as a backend I made a test script which works and is as seen below. It dumps out all the ActiveDirectory info for me.

#!/usr/bin/perl use Net::LDAP; use Data::Dumper; my $ldap = Net::LDAP->new( '' ); # bind to a directory with dn and password my $mesg = $ldap->bind( '', password => 'mypassword' ); $mesg = $ldap->search( base => "DC=sub,DC=ad,DC=mydomain,DC=org", filter => "(sAMAccountName=myusername)", ); die Dumper $mesg->entries;

Also running "ldapsearch" like below dumps all my ActiveDirectory info:

ldapsearch -H ldap:// \ -b dc=sub,dc=ad,dc=mydomain,dc=org \ -D \ -w mypassword \ '(sAMAccountName=myusername)'

In the documentation for Catalyst::Authentication::Store::LDAP it says for Microsoft ActiveDirectory to change "user_field: samaccountname" to lowercase which I have and I also left it the proper case.

The development server debug info looks like this:

[debug] Body Parameters are: .-------------+-------------. | Parameter | Value | +-------------+-------------+ | password | mypassword | | username | myusername | '-------------+-------------' [debug] Path is "login" [debug] Unable to locate user matching user info provided
Here is what my myapp.conf file looks like for Catalyst:

name MyApp # Config for Store::LDAP <authentication> default_realm ldap <realms> <ldap> <credential> class Password password_field password password_type self_check </credential> <store> class LDAP ldap_server ldap:// <ldap_server_options> timeout 30 onerror warn </ldap_server_options> binddn bindpw mypassword start_tls 0 <start_tls_options> verify none </start_tls_options> user_basedn DC=sub,DC=ad,DC=mydomain,DC=org user_filter (sAMAccountName=%s) user_scope one user_field sAMAccountName # also tried samaccountname <user_search_options> deref always </user_search_options> use_roles 0 </store> </ldap> </realms> </authentication>

And also here's my login method in

sub login : Global { my ( $self, $c ) = @_; # Get the username and password from form my $username = $c->request->params->{username}; my $password = $c->request->params->{password}; if ( $username and $password ) { if ($c->authenticate({username => $username, password => $pass +word })) { $c->res->body("Welcome " . $c->user->username . "!"); } else { $c->stash(error_msg => "Bad username or password."); } } else { # Set an error message $c->stash(error_msg => "Empty username or password."); } }
Any ideas on what I'm doing wrong? Is there something wrong with my Config file? Thanks in advance for any help!

Replies are listed 'Best First'.
Re: Not Authenticating - Catalyst::Authentication::Store::LDAP
by shmem (Canon) on Aug 21, 2010 at 10:09 UTC

    The docs say

    $c->authenticate({ id => $c->req->param("login"), password => $c->req->param("password") });

    id, not username ;-)

      I was really hoping that was it, but it's still saying it can't locate the user matching the info provided.

      So seeing that Catalyst::Plugin::Authentication::LDAP was superceded by Catalyst::Authentication::Store::LDAP, I take it means that C::A::Store::LDAP does the authentication too.

      But looking at C::A::Store::LDAP it says that it authenticates a user if it finds the user info in the LDAP store. So it's really not even looking a the passwords. So this looks like it's not really an Authentication module. But why would an Authenticaiton module be superceeded by a Store module?

      As an update I see that the first step is that C::A::Store::LDAP binds with the pre-set user and password, then it reconnects with the user and password sent in second time. Here's a copy of my config in memory if that helps:
      do { my $a = { "Action::RenderView" => { ignore_classes => [ "DBIx::Class::ResultSource::Table", "DBIx::Class::ResultSourceHandle", "DateTime", ], scrubber_func => sub { ... }, }, "authentication" => { default_realm => "ldap", realms => { ldap => { credential => { class => "Password", password_field => "password", password_hash_type => "SHA-1", password_type => "self_check", }, store => { binddn => "myusername\", bindpw => "mypassword", class => "LDAP", ldap_server => "ldap://", ldap_server_options => { onerror => "warn", timeout => 30 +}, start_tls => 0, start_tls_options => { verify => "none" }, use_roles => 0, user_basedn => "DC=sub,DC=ad,DC=mydomain,DC=org", user_field => "sAMAccountName", user_filter => "(sAMAccountName=%s)", user_scope => "one", user_search_options => { deref => "always" }, }, use_session => 1, }, }, use_session => 1, }, "disable_component_resolution_regex_fallback" => 1, "home" => "/home/me/perl_modules/MyApp", "name" => "MyApp", "Plugin::Authentication" => 'fix', "Plugin::ConfigLoader" => {}, "root" => bless({ dirs => ["", "home", "me", "perl_modules", "MyApp", "root"], file_spec_class => undef, volume => "", }, "Path::Class::Dir"), "stacktrace" => { context => 3, verbose => 0 }, "static" => { debug => 1, dirs => [], ignore_dirs => [], ignore_extensions => ["tmpl", "tt", "tt2", "html", "xhtml"], include_path => ['fix'], mime_types => {}, mime_types_obj => bless({}, "MIME::Types"), no_logs => 1, }, }; $a->{"Plugin::Authentication"} = $a->{"authentication"}; $a->{"static"}{include_path}[0] = $a->{"root"}; $a; }

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://856404]
Approved by planetscape
[Corion]: LanX: Ah, yeah - Frankfurt is in the quake region, but at the very border. I think I've never noticed a quake in Frankfurt myself
[marto]: good morning all
[Corion]: On another topic, in the process of Rubber Duck SoPWing, I wrote a post about the best API for generating HTTP requests (not sending them) and while writing it and fleshing out my sample implementation, I came up with some improvements to my ...
[Corion]: ... existing prototype. Cartesian Products will be proud of that module once it gets out ;)
[Corion]: Hi marto ;)
LanX has the same problem with English accents ...

How do I use this? | Other CB clients
Other Users?
Others perusing the Monastery: (9)
As of 2017-01-18 10:16 GMT
Find Nodes?
    Voting Booth?
    Do you watch meteor showers?

    Results (161 votes). Check out past polls.