[Catalyst] LDAP question

Tomas Doran bobtfish at bobtfish.net
Mon May 21 15:56:33 GMT 2012


On 21 May 2012, at 16:42, Robert Wohlfarth wrote:

> On Mon, May 21, 2012 at 9:20 AM, Kenneth S Mclane <ksmclane at us.ibm.com> wrote:
> They are apparently doing the initial bind with the credentials submitted by the user, I am getting invalid credentials the way I have it above, if I change it to anonymous I get a "LDAP Error while searching for user: No such object".  I could use some suggestions. 
> 
> I dealt with an LDAP server that required you to login to query your own information. The standard Catalyst::Authentication::Store::LDAP does not work with this model.

Yes it does! What makes you think it doesn't?

> So I wrote a credential module that did nothing more than connect to the LDAP server. If the connection succeeded, then that user is authenticated. 

That sort of strategy is usually a bad idea, as you're mandating that you have 1 flat level of LDAP for users - you have to know the DN to bind as initially, and so if you do this, you have to concatenate the username to a DN in some way - which means if you ever reorganise your LDAP (for example putting users into grouped OU containers), then your auth will stop working.

Cheers
t0m





More information about the Catalyst mailing list