[Catalyst-dev] Trouble using Authentication::Store::LDAP
Jillian Rowe
jir2004 at qatar-med.cornell.edu
Wed Apr 10 11:46:18 GMT 2013
Hello all,
I am trying to get LDAP authentication (Open directory) going with a catalyst application.
I can connect to LDAP and run a query through NET::LDAP like so:
--------------------------------------------------------------------------------------------
my $domain = "ldap://od.someplace.edu";
my $ldap = Net::LDAP->new( $domain ) or die print "$@\n";
$mesg = $ldap->bind();
$mesg = $ldap->search( base => "cn=users,dc=someplace,dc=edu",
filter=>"(uid=auser)",
) or die print "$@\n";
---------------------------------------------------------------------------------------------
However, if I try to bind with a particular username and password
$ldap->bind("user", "password");
I get an error message: "No AUTH supplied".
I can also run a query using ldapsearch
----------------------------------------------------------------------------------------
ldapsearch -H ldap://od.someplacel.edu -x -b "cn=groupname,cn=groups,dc=someplace,dc=edu"
----------------------------------------------------------------------------------------
Here's is the MyApp.yml
-----------------------------------------------------------------------------------------
authentication:
default_realm: ldap
realms:
ldap:
credential:
class: Password
password_field: userPassword
store:
binddn: anonymous
bindpw: dontcarehow
class: LDAP
ldap_server: od.someplace.edu
ldap_server_options:
onerror: warn
timeout: 30
start_tls: 0
user_basedn: cn=users,dc=someplace,dc=edu
user_field: uid
user_filter: (&(objectClass=posixAccount)(uid=%s))
user_scope: sub
user_search_options:
deref: always
use_roles: 0
#role_basedn: cn=groups,dc=qatar-med,dc=cornell,dc=edu
#role_filter: (&(objectClass=inetOrgPerson)(memberUid=%s))
#role_scope: one
#role_field: uid
#role_value: dn
#role_search_options:
#deref: always
--------------------------------------------------------------------------------------
The password field is defined userPassword.
I have tried having the ldap_server be ldap://od.someplace.edu
Also instead binddn/bindpw being anonymous/dontcarehow I have tried setting them to a valid username/password
I would like to get roles going as well, but for right now I would like to just authenticate a single user.
My controller Login.pm looks like this:
-----------------------------------------------------------------------------------
sub index :Path :Args(0) {
my ( $self, $c ) = @_;
if ( my $user = $c->req->params->{username} and my $password = $c->req->params->{password} ){
if ( $c->authenticate( { id => $user, password => $password } ) ) {
$c->res->body( "hello " . $c->user->get("name") );
}
else{
# login incorrect
$c->stash(error => "Login is incorrect. Please try again");
$c->stash(template => 'login/login.tt2');
}
}
else {
$c->stash(error => "Invalid form input");
$c->stash(template => 'login/login.tt2');
}
$c->stash(template => 'login/login.tt2');
}
------------------------------------------------------------------------------
In the catalyst debug menu I get the correct form submission, but each time it fails the authentication step and displaying the "login is incorrect" message. There is no other output in the debugger.
I believe it is connecting. I can do something to put in a typo so I get an error stating 'Invalid credentials' or else an SSL timeout error. This doesn't get me any error messages, but its not authenticating a valid user either.
Any ideas for me?
Best,
Jillian
More information about the Catalyst-dev
mailing list