[Catalyst] LDAP question

Mon May 21 15:18:53 GMT 2012

From:
Tomas Doran <bobtfish at bobtfish.net>
To:
The elegant MVC web framework <catalyst at lists.scsys.co.uk>
Date:
05/21/2012 09:47 AM
Subject:
Re: [Catalyst] LDAP question

On 21 May 2012, at 15:20, Kenneth S Mclane wrote:

> I am continuing on my journey to duplicate a web app for administering a 
db. I have all my pages up and running, as well as search functionality. I 
decided to attack authentication next. I am using a php pages from a 
different web app to get the settings for our LDAP server. 
> 
> //Connect to ldap server 
>         $ds=ldap_connect("xxx.xxx.xxx.xxx"); 
>         if ($ds) { 
>         //Get ID for intranet user 
>                 $sr=ldap_search($ds, "ou=ldap.server, o=domain.com", 
"mail=$username"); 
>                 $info = ldap_get_entries($ds, $sr); 
>                 for ($i=0; $i<$info["count"]; $i++) { 
>                         $uid=$info[$i]["dn"]; 
>                 } 
> 

<snip>

>                                 credential => { 
>                                         class => 'Password', 
>                                         password_field => 'password', 
>                                         password_type => 'self_check', 
>                                 },

You don't want self_check here I don't think.

Since the php code didn't have anything here I was going off docs and 
examples. I set it to clear but it made no difference. I am not aware of 
any other settings, haven't had time to research that as yet.

> 
>                                 store => { 
>                                         binddn  => "username", 
>                                                        bindpw  => 
"password", 
>                                         class => 'LDAP', 
>                                         ldap_server => '9.17.186.253', 
>                                         ldap_server_options => { timeout 
=> 30 }, 
>                                         user_basedn => 'o=domain, 
o=com', 

Original code has:
> "ou=ldap.server, o=domain.com

as the base? (Although a base higher up the tree should be fine)

I have added and removed that, makes no difference.

>                                         user_field => 'mail', 
>                                         user_filter => 
'(&(mail=%s)(objectclass=person))', 

You're searching more restrictively than the PHP code.

Try just 'mail=%s'

Tried this, no joy.

>                                         user_scope => 'sub',  
>                                 }, 
>                         }, 
>                 }, 
>         }, 
> );
> 
> They are apparently doing the initial bind with the credentials 
submitted by the user, I am getting invalid credentials the way I have it 
above, if I change it to anonymous I get a "LDAP Error while searching for 
user: No such object".  I could use some suggestions. 

You can turn on LDAP debugging and get a print out of what is actually 
going to <=> from the LDAP server, which would help determine which query 
specifically is failing..

I cannot find anything out there on turning on LDAP debugging? Strangely, 
if I out my username and password in the bind fields it gives me Invalid 
credentials. I authenticate through this ldap server many times a day, so 
I'm almost sure it's some setting that is wrong. 

Cheers
t0m

_______________________________________________
List: Catalyst at lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: 
http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20120521/797b7335/attachment.htm