[Catalyst] LDAP question
luisemunoz at gmail.com
Mon May 21 16:03:40 GMT 2012
On May 21, 2012, at 11:42 AM, Robert Wohlfarth wrote:
> The standard Catalyst::Authentication::Store::LDAP does not work with this model.
I've been told that the "right" way to do authentication against LDAP is
* bind with a read-only set of credentials
* Lookup the user's entry (here is where you apply your base and filters)
* Try to bind with the just-found DN and the user-supplied password
The first set of credentials has just enough privileges (via ACLs) so that only the required search can be performed. This scheme has the advantage of not allowing annon bound sessions to search your tree while supporting user hierarchies (that can change as the directory is reorganized).
More information about the Catalyst