[Catalyst-dev] Trouble using Authentication::Store::LDAP

Thu Apr 11 06:06:16 GMT 2013

Hi again,

Thanks for the tip about the binddn! I'm completely new to authentication.

[snip]
So firstly, if you can't get the authentication working outside Catalyst, using Net::LDAP alone (and clearly you can't) then this isn't a Catalyst issue!
Secondly, the docs say you should pass a "bind DN" and not a simple username. For example $ldap->bind("cn=someusername,o=University of Nowhere,c=US", $password) seems more likely to work.
[snip]

Now I've got the binding going in both ldapsearch and Net::LDAP, but I'm still having trouble with catalyst.

------------------------------------------------------------------------------------------------------------------------------------------------------
use Net::LDAP;

my $USERNAME = 'auser';
my $PASSWORD = 'secret';
my $LDAP_SERVER = "ldap://od.someplace.edu";
my $LDAP_PORT = '389';
my $LDAP_BASE = 'cn=users,dc=someplace,dc=edu';

my $userDN = "uid=$USERNAME,cn=users,dc=someplace,dc=edu";

$ldap = Net::LDAP->new($LDAP_SERVER, port => $LDAP_PORT) or die "Coult not create LDAP object\n";

$ldapMsg = $ldap->bind($userDN, password => $PASSWORD);

die $ldapMsg->error if $ldapMsg->is_error;

my $ldapSearch = $ldap->search(base => $LDAP_BASE,
                filter => "uid=$USERNAME");

die "There was an error during search:\n\t" . ldap_error_text($ldapSearch->code) 
    if $ldapSearch->code;

print "Results returned: ".$ldapSearch->count."\n";
print "No results returned\n" and exit 
    if( (!$ldapSearch) || ($ldapSearch->count == 0) );
----------------------------------------------------------------------------------------------------------------------------------------------------

This tells me that one result is returned, which is correct.

----------------------------------------------------------------------------------------------------------------------------------------------------

ldapsearch

ldapsearch  -H ldap://od.someplace.edu  -b "cn=users,dc=someplace,dc=edu" -D "uid=auser,cn=users,dc=someplace,dc=edu" -W
----------------------------------------------------------------------------------------------------------------------------------------------------

Also works as expected.

----------------------------------------------------------------------------------------------------------------------------------------------------
MyApp.yml

authentication:
    default_realm: ldap
    realms:
        ldap:
            credential:
                class: Password
                password_field: password
            store:
                binddn: uid=auser,cn=users,dc=someplace,dc=edu 
                bindpw: secret
                class: LDAP
                ldap_server: ldap://od.someplace.edu 
                ldap_server_options:
                    onerror:  warn
                    timeout:  30  
                start_tls: 0
                user_basedn: cn=users,dc=someplace,dc=edu
                user_field:  uid 
                user_filter:  (&(objectClass=posixAccount)(uid=%s))
                user_scope: sub 
                user_search_options:
                    deref: always
                use_roles: 0

----------------------------------------------------------------------------------------------------------------------------------------------------

The login is still not working, and also not giving any errors!

Best,
Jillian