[Catalyst] ldap authentication/db authorization

[Byron Young]

Steve Rippl wrote on 2009-08-10:
> Byron Young wrote:
>> Hey Steve,
>> 
>> I do this in my app.  The way I do is it I have two
> authentication realms - LDAP and DBIC.  I authenticate against the
> LDAP realm first, and if that is successful I do a find_or_create
> with the user info on my user DB table, so any first-time users get
> a user created in the DBIC realm with default roles and whatnot.
> Then I authenticate against the DBIC realm.  I do that last because
> $c->user will contain the most recently authenticated user, so in
> this case $c->user would be your DB::Staff object.
>> 
>> HTH
>> 
>> Byron
>> 
>> 
> Thanks for the response.  Makes perfect sense, but I'm having a problem
> with the call to $c->authenticate when I add the realm.
> $c->authenticate({ username => $username, password => $password  },
> 'ldap') throws an error about not using a string as HASH ref (I've got
> my ldap settings under realms -> ldap).  Using $c->authenticate({
> username => $username, password => $password, realm => $realm }) seems
> to work, except it's not authenticating correctly and seems to use dbic
> by default when I don't have a default realm set (I set $realm = 'ldap'
> before the auth call).
> 
> What syntax are using?
> 
> Many thanks,
> Steve
> 

Same as you: $c->authenticate({id => $username, 
                               password => $password},
                              'ldap')

Not sure why that doesn't work for you.  What's in your ldap realm config?  Maybe you have a problem with the way the config is being parsed.

Byron