[Catalyst] LDAP question

Kenneth S Mclane ksmclane at us.ibm.com
Mon May 21 14:20:22 GMT 2012

I am continuing on my journey to duplicate a web app for administering a 
db. I have all my pages up and running, as well as search functionality. I 
decided to attack authentication next. I am using a php pages from a 
different web app to get the settings for our LDAP server.

//Connect to ldap server
        if ($ds) { 
        //Get ID for intranet user
                $sr=ldap_search($ds, "ou=ldap.server, o=domain.com", 
                $info = ldap_get_entries($ds, $sr);
                for ($i=0; $i<$info["count"]; $i++) {
                if (strpos($uid,'uid') !== false)
        //Bind to ldap server with $uid and $password to verify 
                $bind_results=ldap_bind($ds, "$uid", "$password") or 
die("Could not log you in please check your UserName and Password and try 
                if ( $bind_results == "1" )
                        $sr=ldap_search($ds, "ou=bluepages, o=ibm.com", 
                        $info = ldap_get_entries($ds, $sr);
                        for ($i=0; $i<$info["count"]; $i++) {

It then goes on to create session stuff, but I want to use the built-in 
LDAP authentication. I have this in my Login.pm:

sub index :Path :Args(0) {
    my ( $self, $c ) = @_;
        # Get the username and password from form
        my $username = $c->request->params->{username};
        my $password = $c->request->params->{password};
        # If the username and password values were found in form
        if ($username && $password) {
            # Attempt to log the user in
            if ($c->authenticate({ username => $username,
                                   password => $password  } )) {
                # If successful, then let them use the application
            } else {
                # Set an error message
                $c->stash(error_msg => "Bad username or password.");
        } else {
            # Set an error message
            $c->stash(error_msg => "Empty username or password.")
                unless ($c->user_exists);
         # If either of above don't work out, send to the login page
        $c->stash(template => 'login.tt2'); 

and this code in my Root.pm:

sub auto :Private {
    my ($self, $c) = @_;
    # Allow unauthenticated users to reach the login page.  This
    # allows unauthenticated users to reach any action in the Login
    # controller.  To lock it down to a single action, we could use:
    # if ($c->action eq $c->controller('Login')->action_for('index'))
    # to only allow unauthenticated access to the 'index' action we
    # added above.
    if ($c->controller eq $c->controller('Login')) {
        return 1;
    # If a user doesn't exist, force login
    if (!$c->user_exists) {
        # Dump a log message to the development server debug output
        $c->log->debug('***Root::auto User not found, forwarding to 
        # Redirect the user to the login page
        # Return 0 to cancel 'post-auto' processing and prevent use of 
        return 0;
    # User found, so return 1 to continue with processing after this 
    return 1;

And in MyApp.pm:

        'authentication' => {
                default_realm => 'ldap',
                realms => {
                        ldap => {
                                credential => {
                                        class => 'Password',
                                        password_field => 'password',
                                        password_type => 'self_check',
                                store => {
                                        binddn  => "username",
                                                bindpw  => "password",
                                        class => 'LDAP',
                                        ldap_server => '',
                                        ldap_server_options => { timeout 
=> 30 },
                                        user_basedn => 'o=domain, o=com',
                                        user_field => 'mail',
                                        user_filter => 
                                        user_scope => 'sub', 

They are apparently doing the initial bind with the credentials submitted 
by the user, I am getting invalid credentials the way I have it above, if 
I change it to anonymous I get a "LDAP Error while searching for user: No 
such object".  I could use some suggestions.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20120521/03ddbcf2/attachment.htm

More information about the Catalyst mailing list