[Catalyst] Catalyst::Plugin::Authentication::Store::LDAP
settingsfor Microsoft Active Directory
Hermida, Leandro
Leandro.Hermida at fmi.ch
Thu Dec 21 18:18:03 GMT 2006
> From: Adam Jacob [mailto:adam at stalecoffee.org]
> Sent: Friday, December 15, 2006 20:03
> Catalyst::Plugin::Authentication::Store::LDAP settings for
> Microsoft Active Directory
>
> Documentation patches gladly accepted for what a good set of "normal"
> defaults for AD would be.
>
> Adam
>
> On Fri, Dec 15, 2006 at 11:06:10PM +1100, Russell Jenkins wrote:
> > Hermida, Leandro wrote:
> > >authentication:
> > > ldap:
> > > ldap_server: myhostname.domain.com
> > > ldap_server_options:
> > > version : 3
> > > binddn: searchuser
> > > bindpw: searchpwd
> > > user_basedn: cn=Users,dc=domain,dc=com
> > > user_filter: ???
> > > user_scope: sub
> > > user_field: ???
> > > user_search_options: ???
> > >
> > >Does anyone know the correct settings for the user_* settings?
> >
> > That is not too far away from what I'm currently using to
> authenticate
> > against an AD. Here's part of my config;
> > authentication:
> > ldap:
> > user_field: uid
> > user_basedn: ou=grouping,o=Name of Organization,c=country
> > user_scope: one
> > user_filter: (uid=%s)
> >
> > I suggest grabbing the Java LDAP browser at :
> > http://www-unix.mcs.anl.gov/~gawor/ldap/download.html
> > and having a poke around to determine the exact user_field,
> filter and
> > basedn.
> >
> > Hope that helps!
> > R.
Hello,
Thanks for the replies to help with setting up
Catalyst::Plugin::Authentication::Store::LDAP with Microsoft Active
Directory. I figured out what should be the correct "default" settings
and made a test script using Net::LDAP (which
C::P::Authentication::Store::LDAP uses) and the test script works great.
But when I try to use it in Catalyst to authenticate a login I get the
most strange errors and the dev server hangs with CPU at 100% and RAM
usage shooting up until I Ctrl-C it.
Here are the errors shown in the Catalyst debug screen:
Deep recursion on subroutine
"Catalyst::Plugin::Authentication::Store::LDAP::User::stringify" at
/usr/lib/perl5/site_perl/5.8.5/Catalyst/Plugin/Authentication/Store/LDAP
/User.pm line 254.
Deep recursion on subroutine
"Catalyst::Plugin::Authentication::Store::LDAP::User::AUTOLOAD" at
/usr/lib/perl5/site_perl/5.8.5/Catalyst/Plugin/Authentication/Store/LDAP
/User.pm line 100.
Here are my C::P::Authentication::Store::LDAP myapp.yml settings:
ldap:
ldap_server: pdc.domain.com
ldap_server_options:
version: 3
binddn: cn=adssearch,cn=Users,dc=domain,dc=com
bindpw: adssearchpassword
user_basedn: cn=Users,dc=domain,dc=com
user_filter: (&(objectClass=person)(sAMAccountName=%s))
user_field: sAMAccountName
I tried to trace the what it happening in the
C::P::Authentication::Store::LDAP code and here is what I found:
1) In MyApp::Controller::Login,
In my action,
$c->login($username, $password) called
2) In Catalyst::Plugin::Authentication::Credential::Password,
In sub login,
$c->get_user($user, $password) called
3) In Catalyst::Plugin::Authentication,
In sub get_user,
$store->get_user( $uid, @rest ) called
4) In Catalyst::Plugin::Authentication::Store::LDAP::Backend,
In sub get_user,
Catalyst::Plugin::Authentication::Store::LDAP::User->new($self,
$self->lookup_user($id)) called
which calls in same package sub lookup_user
5) In Catalyst::Plugin::Authentication::Store::LDAP::User,
In sub new,
bless { store => $store, user => $user, }, $class;
I dumped the Catalyst::Plugin::Authentication::Store::LDAP::User object
right after instantiation and it looks fine. The user object is
returned back to ::Backend which returns it to ::Authentication which
returns it to ::Password but somehow and some where along the way of
returning this user object it is calling the AUTOLOAD method in
Catalyst::Plugin::Authentication::Store::LDAP::User. Something very
strange happens here and it is getting screwed up.
Could the developers please help with this? It seems like I am doing
something very simple but the Catalyst authentication system doesn't
like it.
Cheers,
Leandro Hermida
More information about the Catalyst
mailing list