[Catalyst] LDAP question
bobtfish at bobtfish.net
Mon May 21 15:56:33 GMT 2012
On 21 May 2012, at 16:42, Robert Wohlfarth wrote:
> On Mon, May 21, 2012 at 9:20 AM, Kenneth S Mclane <ksmclane at us.ibm.com> wrote:
> They are apparently doing the initial bind with the credentials submitted by the user, I am getting invalid credentials the way I have it above, if I change it to anonymous I get a "LDAP Error while searching for user: No such object". I could use some suggestions.
> I dealt with an LDAP server that required you to login to query your own information. The standard Catalyst::Authentication::Store::LDAP does not work with this model.
Yes it does! What makes you think it doesn't?
> So I wrote a credential module that did nothing more than connect to the LDAP server. If the connection succeeded, then that user is authenticated.
That sort of strategy is usually a bad idea, as you're mandating that you have 1 flat level of LDAP for users - you have to know the DN to bind as initially, and so if you do this, you have to concatenate the username to a DN in some way - which means if you ever reorganise your LDAP (for example putting users into grouped OU containers), then your auth will stop working.
More information about the Catalyst