[Catalyst] LDAP question
Tomas Doran
bobtfish at bobtfish.net
Mon May 21 14:45:15 GMT 2012
On 21 May 2012, at 15:20, Kenneth S Mclane wrote:
> I am continuing on my journey to duplicate a web app for administering a db. I have all my pages up and running, as well as search functionality. I decided to attack authentication next. I am using a php pages from a different web app to get the settings for our LDAP server.
>
> //Connect to ldap server
> $ds=ldap_connect("xxx.xxx.xxx.xxx");
> if ($ds) {
> //Get ID for intranet user
> $sr=ldap_search($ds, "ou=ldap.server, o=domain.com", "mail=$username");
> $info = ldap_get_entries($ds, $sr);
> for ($i=0; $i<$info["count"]; $i++) {
> $uid=$info[$i]["dn"];
> }
>
<snip>
> credential => {
> class => 'Password',
> password_field => 'password',
> password_type => 'self_check',
> },
You don't want self_check here I don't think.
>
> store => {
> binddn => "username",
> bindpw => "password",
> class => 'LDAP',
> ldap_server => '9.17.186.253',
> ldap_server_options => { timeout => 30 },
> user_basedn => 'o=domain, o=com',
Original code has:
> "ou=ldap.server, o=domain.com
as the base? (Although a base higher up the tree should be fine)
> user_field => 'mail',
> user_filter => '(&(mail=%s)(objectclass=person))',
You're searching more restrictively than the PHP code.
Try just 'mail=%s'
> user_scope => 'sub',
> },
> },
> },
> },
> );
>
> They are apparently doing the initial bind with the credentials submitted by the user, I am getting invalid credentials the way I have it above, if I change it to anonymous I get a "LDAP Error while searching for user: No such object". I could use some suggestions.
You can turn on LDAP debugging and get a print out of what is actually going to <=> from the LDAP server, which would help determine which query specifically is failing..
Cheers
t0m
More information about the Catalyst
mailing list