[Catalyst] Catalyst::Plugin::Authentication::Store::LDAP settings for Microsoft Active Directory

Hermida, Leandro Leandro.Hermida at fmi.ch
Fri Dec 15 09:15:38 GMT 2006

Hi everyone,

For the life of me I can't find the complete and correct settings that
will get Catalyst::Plugin::Authentication::Store::LDAP to authenticate
under Microsoft Active Directory.  In my old code I did it using
Net::LDAP directly and using a non-standard shortcut available in Active
Directory to quickly authenticate a user:

my $ldap = Net::LDAP->new('myhostname.domain.com', version => 3) or die
"\nLDAP server connection failure\n\n";
my $mesg = $ldap->bind("$username at domain.com", password => "$password");
return (!$mesg or $mesg->is_error or $mesg->code) ? 0 : 1;

With Active Directory you don't need a separate ldap search account to
use in the initial bind and if you want to do a simple authentication,
you just use the $username and $password from your login web page to
bind and check to see that $mesg->code == 0 (which means success).
Since Catalyst::Plugin::Authentication::Store::LDAP is much more
powerful and uses the standard approach of authenticating against LDAP I
cannot use this shortcut.  So I looked into the source and have
attempted to map things but am running into trouble:

In my myapp.yml file:

        ldap_server: myhostname.domain.com
            version : 3
        binddn: searchuser
        bindpw: searchpwd
        user_basedn: cn=Users,dc=domain,dc=com
        user_filter: ???
        user_scope: sub
        user_field: ???
        user_search_options: ???

Does anyone know the correct settings for the user_* settings?

Thank you,

Leandro Hermida

More information about the Catalyst mailing list