[Catalyst-dev] Trouble using Authentication::Store::LDAP
Jillian Rowe
jir2004 at qatar-med.cornell.edu
Mon Apr 15 06:41:37 GMT 2013
Hello all,
So after much bungling of source code by adding in Catalyst::Exception->throw(Dumper(whatever)) I have figured out it is binding to ldap correctly, and it is fetching the correct user information. The catch is in the password, which I still haven't figured out.
I did figure out in my conf file the password_field should be userpassword so it matches the ldap entry. Same for the controller.
---------------------------------------------------------
authentication:
default_realm: ldap
realms:
ldap:
credential:
class: Password
password_field: userpassword
password_type: crypted
password_hash_type: MD5
store:
binddn: anonymous
bindpw: dontcarehow
class: LDAP
ldap_server: ldap://od.qatar-med.cornell.edu
ldap_server_options:
onerror: warn
timeout: 30
start_tls: 0
use_roles: 0
user_basedn: cn=users,dc=qatar-med,dc=cornell,dc=edu
user_field: uid
user_filter: (&(objectClass=posixAccount)(uid=%s))
user_scope: sub
user_search_options:
deref: always
--------------------------------------------------
$c->authenticate( {id => $user, userpassword => $password} );
-------------------------------------------------
Where its failing is in Authentication::Credential::Password. It doesn't look as if I'm getting the right password type. It shows up as just '********' from the ldap entry.
I also noticed in Authentication::Credential::Password it is deleting the password in stored from the webform login info.
-------------------------------------------
sub authenticate {
my ( $self, $c, $realm, $authinfo ) = @_;
## because passwords may be in a hashed format, we have to make sure that we remove the
## password_field before we pass it to the user routine, as some auth modules use
## all data passed to them to find a matching user...
$c->log->debug("In Authentication::Credential::Password");
my $userfindauthinfo = {%{$authinfo}};
# die $c->log->debug("User info is: ".Dumper($userfindauthinfo));
delete($userfindauthinfo->{$self->_config->{'password_field'}}); <------------------------------------Deleting here
my $user_obj = $realm->find_user($userfindauthinfo, $c);
$c->log->debug("User is ".Dumper($user_obj));
if (ref($user_obj)) {
if ($self->check_password($c, $user_obj, $authinfo)) {
$c->log->debug("Check password returned as true");
return $user_obj;
}
else{
$c->log->debug("Password type probably incorrect");
}
} else {
$c->log->debug(
'Unable to locate user matching user info provided in realm: '
. $realm->name
) if $c->debug;
return;
}
}
Then where it checks the password
sub check_password {
my ( $self, $c, $user, $authinfo ) = @_;
$c->log->debug("Password type is: ".$self->_config->{'password_type'});
if ($self->_config->{'password_type'} eq 'self_check') {
return $user->check_password($authinfo->{$self->_config->{'password_field'}});
} else {
my $password = $authinfo->{$self->_config->{'password_field'}};
my $storedpassword = $user->get($self->_config->{'password_field'});
... and so on. It should be getting the password from $authinfo->{$self->_config->{'password_field'}, but it is deleting it in previously and it comes up as undef. If I comment out the line at least it isn't undef, but I am still getting stuck on the password type.
---------------------------------------------------------------------------------------------------------------
Does anyone have any tips on possible combinations of password types I could try?
Best,
Jillian
P.S. It would be nice if there were more debugging messages in the Password module. I went and added these all in by hand, but in general I prefer not to change source code. :)
More information about the Catalyst-dev
mailing list