[Catalyst] LDAP question

Luis Muñoz luisemunoz at gmail.com
Mon May 21 16:03:40 GMT 2012

On May 21, 2012, at 11:42 AM, Robert Wohlfarth wrote:

> The standard Catalyst::Authentication::Store::LDAP does not work with this model.

I've been told that the "right" way to do authentication against LDAP is

* bind with a read-only set of credentials
* Lookup the user's entry (here is where you apply your base and filters)
* Try to bind with the just-found DN and the user-supplied password

The first set of credentials has just enough privileges (via ACLs) so that only the required search can be performed. This scheme has the advantage of not allowing annon bound sessions to search your tree while supporting user hierarchies (that can change as the directory is reorganized).

Best regards.


More information about the Catalyst mailing list