[Catalyst] Catalyst and LDAP with sessions

Birger Burkhardt sysdev41 at googlemail.com
Mon Feb 27 21:06:02 GMT 2012 

Hi Francisco,

thank you for your reply. I already use sessions (FastMmap for Storage and
Cookies for State). I can login to the GUI via my LDAP credentials. But the
problem is: every further request has to be done with my personal
credentials. Therefore the password should be stored somewhere safe. I
don't want to store the userpassword in a unencrypted sessionvariable.

Best regards,
Birger


On Mon, Feb 27, 2012 at 6:52 PM, Francisco Obispo <fobispo at isc.org> wrote:

> Hi Birger,
>
> Once you've authenticated with LDAP, or with any backend, it is important
> that you store the session information somewhere.. Some people use a
> database, memcached, tmp file, or any other method.
>
> That way, when the client comes with the next request, he will offer a
> cookie that can be verified for authorization purposes.
>
> francisco
>
>
>
> On Feb 27, 2012, at 2:30 AM, Birger Burkhardt wrote:
>
> > Hello Peter,
> >
> > thank you for your reply.
> >
> > no, i am not storing these credentials as i thought the module would do
> this. I also tried to use the following package, but it doesn't work eith=
er:
> >
> >
> http://cpansearch.perl.org/src/BOBTFISH/Catalyst-Model-LDAP-FromAuthentic=
ation-0.02/README
> >
> > According to this changelog (see entry in Version 1.007):
> >
> http://cpan.uwinnipeg.ca/htdocs/Catalyst-Authentication-Store-LDAP/Change=
s.html
> > the user object has to be serialized and stored in the session. Do you
> have an idea how to do this?
> >
> > Best regards,
> > Birger
> >
> >
> > On Sat, Feb 25, 2012 at 3:41 AM, Peter Karman <peter at peknet.com> wrote:
> > Birger Burkhardt wrote on 2/24/12 7:22 AM:
> >
> > > After successful authentication, all further request
> > > should be executed via the credentials of the logged in user.
> > >
> >
> > are you somehow storing those credentials so that they persist over the
> life of
> > the session? The LDAP authn plugin does not do that for you, afaik. The
> > credentials exist only for the life of that particular login HTTP
> request.
> >
> > or maybe I'm misunderstanding what you're trying to do?
> >
> > > In the login controller the user is authenticated
> > > [...]
> > >         # Get the username and password from form
> > >         my $username =3D3D $c->request->params->{username};
> > >         my $password =3D3D $c->request->params->{password};
> > >
> > >         # If the username and password values were found in form
> > >         if ($username && $password) {
> > >             # Attempt to log the user in
> > >             if ($c->authenticate({ username =3D3D> $username,
> > >                                    password =3D3D> $password })) {
> > > [...]
> > >
> > > But when I do a new request from within another controller, i get an
> ldap
> > > error meaning the credentials are invalid:
> > >
> > > code in other controller:
> > > [...]
> > >     my $ldapconn =3D3D $c->user->ldap_connection();
> > >     my $mesg =3D3D $ldapconn->search(     base =3D3D>
> "ou=3D3Dusers,dc=3D3Dexample,=3D
> > > dc=3D3Dcom",
> > > filter =3D3D> "(uid=3D3D*)");
> > >     my @entries =3D3D $mesg->sorted('uid');
> > >     $c->stash(users =3D3D> \@entries,);
> > >     $c->stash(template =3D3D> 'userList.tt2');
> > > [...]
> > >
> >
> >
> > --
> > Peter Karman  .  http://peknet.com/  .  peter at peknet.com
> >
> > _______________________________________________
> > List: Catalyst at lists.scsys.co.uk
> > Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> > Searchable archive:
> http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> > Dev site: http://dev.catalyst.perl.org/
> >
> > _______________________________________________
> > List: Catalyst at lists.scsys.co.uk
> > Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> > Searchable archive:
> http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> > Dev site: http://dev.catalyst.perl.org/
>
> Francisco Obispo
> email: fobispo at isc.org
> Phone: +1 650 423 1374 || INOC-DBA *3557* NOC
> PGP KeyID =3D B38DB1BE
>
>
> _______________________________________________
> List: Catalyst at lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive:
> http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20120227/38382=
946/attachment.htm

More information about the Catalyst mailing list