[Catalyst] LDAP question

Mon May 21 21:12:35 GMT 2012

Actually, it is the anonymous bind that is returning the data it seems, =

then when it tries to rebind with the credentials provided it errors out. =

I see it send and receive the following:

Net::LDAP=3DHASH(0x44d55e0) sending:

30 0C 02 01 01 60 07 02 01 03 04 00 80 00 __ __ 0....`........

Net::LDAP=3DHASH(0x44d55e0) received:

30 84 00 00 00 10 02 01 01 61 84 00 00 00 07 0A 0........a......
01 00 04 00 04 00 __ __ __ __ __ __ __ __ __ __ ......

Net::LDAP=3DHASH(0x44d55e0) sending:

30 64 02 01 02 63 5F 04 16 6F 75 3D 62 6C 75 65 0d...c_..ou=3Dblue
70 61 67 65 73 2C 6F 3D 69 62 6D 2E 63 6F 6D 0A pages,o=3Dibm.com.
01 02 0A 01 02 02 01 00 02 01 00 01 01 00 A0 34 ...............4
A3 15 04 0B 6F 62 6A 65 63 74 63 6C 61 73 73 04 ....objectclass.
06 70 65 72 73 6F 6E A3 1B 04 04 6D 61 69 6C 04 .person....mail.
13 6B 73 6D 63 6C 61 6E 65 40 75 73 2E 69 62 6D .ksmclane at us.ibm
2E 63 6F 6D 30 00 __ __ __ __ __ __ __ __ __ __ .com0.

Net::LDAP=3DHASH(0x44d55e0) received:
<snip>This is a very long hash with ALL the ldap fields.

Strangely it receives again without sending anything.

Net::LDAP=3DHASH(0x44d55e0) received:

30 84 00 00 00 10 02 01 02 65 84 00 00 00 07 0A 0........e......
01 00 04 00 04 00 __ __ __ __ __ __ __ __ __ __ ......

Net::LDAP=3DHASH(0x44d55e0) sending:

30 05 02 01 03 42 00 __ __ __ __ __ __ __ __ __ 0....B.

Then it gives the "Unable to locate user matching user info provided in =

realm: ldap".

I'm getting closer. I'm wondering if I need to find out what form they are =

encrypting the password in? It defaults to SHA-1, but I do not know if =

that is correct.

Kenneth S Mclane/Dubuque/IBM at IBMUS wrote on 05/21/2012 03:34:48 PM:

> From:
> =

> Kenneth S Mclane/Dubuque/IBM at IBMUS
> =

> To:
> =

> The elegant MVC web framework <catalyst at lists.scsys.co.uk>
> =

> Date:
> =

> 05/21/2012 03:36 PM
> =

> Subject:
> =

> Re: [Catalyst] LDAP question
> =

> ok, making progress, I am getting all the data back in the return =

> hash, however, I get the error: "Unable to locate user matching user
> info provided in realm: ldap" and get redirected back to the login =

> page. I built this using some examples from the tutorial and the =

> definitive guide, so I may have a wire crossed somewhere. Any ideas? =

> =

> Luis Mu=F1oz <luisemunoz at gmail.com> wrote on 05/21/2012 11:18:48 AM:
> =

> > From: =

> > =

> > Luis Mu=F1oz <luisemunoz at gmail.com> =

> > =

> > To: =

> > =

> > The elegant MVC web framework <catalyst at lists.scsys.co.uk> =

> > =

> > Date: =

> > =

> > 05/21/2012 11:20 AM =

> > =

> > Subject: =

> > =

> > Re: [Catalyst] LDAP question =

> > =

> > =

> > On May 21, 2012, at 12:02 PM, Kenneth S Mclane wrote:
> > =

> > > I have no control over the LDAP server, How would I change things =

> > so the submitted username and password would be inserted as the =

> > credentials to be used as the initial bind? =

> > =

> > You use that from the client.
> > =

> > Below is a snippet from a configuration file from a tool we use at =

> > $work for managing LDAP entries. It works in the way I described =

before.
> > =

> > Pay attention to the binddn (the account to do the initial bind) and
> > basedn (the place where you begin your search for a matching =

> > username, using the filter expression). Start simple and build up =

> > your expression to narrow down the tuples that it can retrieve. I'm =

> > pro very strict filters based on object types, but there are perhaps
> > other opinions.
> > =

> > Best regards
> > =

> > -lem
> > =

> > --8<----
> > =

> > # Configure the authentication subsystem. This is the component that
> > # validates the current password for change requests. This service is
> > # provided by Catalyst::Authentication::Store::LDAP.
> > # =

> > # The ldap realm is mandatory, as this is used not only for
> > # authentication but for access to the user's LDAP entry, both for
> > # searching and for updating it. This means that we need to use a
> > # binddn with enough privileges to read and write to the
> > # directory. It's not enough to rely on the users' credentials for
> > # rebinding, because in the case of a password recovery, we don't have
> > # user credentials.
> > =

> > authentication:
> >   default_realm: ldap
> >   realms:
> >     ldap:
> >       credential:
> >         class:          Password
> >         password_field: password
> >         password_type:  self_check
> >       store:
> >         class:          LDAP
> >         ldap_server:    localhost:3389
> >         binddn:         cn=3Dyour_initial_id,dc=3Ddomain,dc=3Dcom,dc=3D=
INVALID
> >         bindpw:         Y0urS3cr3tB!ndP@$sw0rd
> >         user_basedn: =

> > ou=3DThe,ou=3DContainer,ou=3DHierarchy,dc=3Ddomain,dc=3Dcom,dc=3DINVALID
> >         user_filter: =

(&(objectClass=3DinetOrgPerson)(|(uid=3D%s)(email=3D%s)))
> >         user_field:     uid
> >         use_roles:      0
> > =

> > =

> > _______________________________________________
> > List: Catalyst at lists.scsys.co.uk
> > Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> > Searchable archive: =

http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> > Dev site: http://dev.catalyst.perl.org/
> > _______________________________________________
> List: Catalyst at lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive: =

http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20120521/776ea=
fb9/attachment.htm