[Catalyst-dev] Trouble using Authentication::Store::LDAP

[Tomas Doran]

On 15 Apr 2013, at 07:41, Jillian Rowe <jir2004 at qatar-med.cornell.edu> wrote:

> Hello all,
> 
> So after much bungling of source code by adding in Catalyst::Exception->throw(Dumper(whatever)) I have figured out it is binding to ldap correctly, and it is fetching the correct user information. The catch is in the password, which I still haven't figured out.
> 
> I did figure out in my conf file the password_field should be userpassword so it matches the ldap entry. Same for the controller.
> 
> ---------------------------------------------------------
> authentication:
>    default_realm: ldap
>    realms:
>        ldap:
>            credential:
>                class: Password
>                password_field: userpassword
>                password_type: crypted
>                password_hash_type: MD5 


You want password_type: self_check
> 
> Does anyone have any tips on possible combinations of password types I could try?
> 

LDAP works somewhat differently to other stores..

What happens is:

. Connect to LDAP server
. Search for user
. Re-connect (i.e. bind) to LDAP server as that user, with that user's password
 
At this point, you've verified that the user's password is ok.. There doesn't need to be another step!

Thus if you use self_check, then the LDAP user class will just say 'yes', as the user is already authenticated..

> P.S. It would be nice if there were more debugging messages in the Password module. I went and added these all in by hand, but in general I prefer not to change source code. :)

You're right - I've just never succeeded at writing any debug messages which would actually make sense or help with debugging this without also reading the code side-by-side.

I'd love a patch which attempted to do this however!

Cheers
t0m