[Catalyst] LDAP question

[Kenneth S Mclane]

I have no control over the LDAP server, How would I change things so the 
submitted username and password would be inserted as the credentials to be 
used as the initial bind?



From:
Tomas Doran <bobtfish at bobtfish.net>
To:
The elegant MVC web framework <catalyst at lists.scsys.co.uk>
Date:
05/21/2012 10:57 AM
Subject:
Re: [Catalyst] LDAP question




On 21 May 2012, at 16:42, Robert Wohlfarth wrote:

> On Mon, May 21, 2012 at 9:20 AM, Kenneth S Mclane <ksmclane at us.ibm.com> 
wrote:
> They are apparently doing the initial bind with the credentials 
submitted by the user, I am getting invalid credentials the way I have it 
above, if I change it to anonymous I get a "LDAP Error while searching for 
user: No such object".  I could use some suggestions. 
> 
> I dealt with an LDAP server that required you to login to query your own 
information. The standard Catalyst::Authentication::Store::LDAP does not 
work with this model.

Yes it does! What makes you think it doesn't?

> So I wrote a credential module that did nothing more than connect to the 
LDAP server. If the connection succeeded, then that user is authenticated. 


That sort of strategy is usually a bad idea, as you're mandating that you 
have 1 flat level of LDAP for users - you have to know the DN to bind as 
initially, and so if you do this, you have to concatenate the username to 
a DN in some way - which means if you ever reorganise your LDAP (for 
example putting users into grouped OU containers), then your auth will 
stop working.

Cheers
t0m



_______________________________________________
List: Catalyst at lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: 
http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20120521/e6ce25bc/attachment.htm