[Catalyst-dev] Trouble using Authentication::Store::LDAP

Jillian Rowe jir2004 at qatar-med.cornell.edu
Wed Apr 17 07:25:43 GMT 2013 

Thanks, t0m! It works with the self_check password_type.

So all in all the things I learned are that the password_field has to match what is actually in your ldap in both the config file (with all the authentication info) and in the controller.

The credential: password_field should be userpassword for me, and in my controller $c->authenticate({id => $username, userpassword => $password})

Although when I do an ldap search it comes out as userPassword, it still needs to be lowercase.

Thanks for the help! 

________________________________________
From: Tomas Doran [bobtfish at bobtfish.net]
Sent: Monday, April 15, 2013 2:48 PM
To: Development of the elegant MVC web framework
Subject: Re: [Catalyst-dev] Trouble using Authentication::Store::LDAP

On 15 Apr 2013, at 07:41, Jillian Rowe <jir2004 at qatar-med.cornell.edu> wrote:

> Hello all,
>
> So after much bungling of source code by adding in Catalyst::Exception->throw(Dumper(whatever)) I have figured out it is binding to ldap correctly, and it is fetching the correct user information. The catch is in the password, which I still haven't figured out.
>
> I did figure out in my conf file the password_field should be userpassword so it matches the ldap entry. Same for the controller.
>
> ---------------------------------------------------------
> authentication:
>    default_realm: ldap
>    realms:
>        ldap:
>            credential:
>                class: Password
>                password_field: userpassword
>                password_type: crypted
>                password_hash_type: MD5


You want password_type: self_check
>
> Does anyone have any tips on possible combinations of password types I could try?
>

LDAP works somewhat differently to other stores..

What happens is:

. Connect to LDAP server
. Search for user
. Re-connect (i.e. bind) to LDAP server as that user, with that user's password

At this point, you've verified that the user's password is ok.. There doesn't need to be another step!

Thus if you use self_check, then the LDAP user class will just say 'yes', as the user is already authenticated..

> P.S. It would be nice if there were more debugging messages in the Password module. I went and added these all in by hand, but in general I prefer not to change source code. :)

You're right - I've just never succeeded at writing any debug messages which would actually make sense or help with debugging this without also reading the code side-by-side.

I'd love a patch which attempted to do this however!

Cheers
t0m


_______________________________________________
Catalyst-dev mailing list
Catalyst-dev at lists.scsys.co.uk
http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst-dev

More information about the Catalyst-dev mailing list