<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal>I am attempting to authenticate against the LDAP server used
for our Unix authentication environment. A use entry looks like:<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>dn:
uid=uname,ou=People,dc=company,dc=com<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>objectClass:
top<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>objectClass:
person<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>objectClass:
organizationalPerson<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>objectClass:
inetOrgPerson<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>objectClass:
posixAccount<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>objectClass:
shadowAccount<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>uid:
uname<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>sn: LastName<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>givenName:
FirstName<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>cn: uname<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>userPassword:
{crypt}sFBVlCCFXromo<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>loginShell:
/bin/csh<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>uidNumber:
7904<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>gidNumber:
6062<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>homeDirectory:
/user/uname<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>gecos:
FirstName LastName<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>mail:
email@email.com<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>displayName:
LastName, FirstName<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>telephoneNumber:
555<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'><o:p> </o:p></span></p>
<p class=MsoNormal>I have configure authentication using:<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>use
Catalyst qw/-Debug ConfigLoader Static::Simple<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>
Session<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>
Session::State::Cookie<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>
Session::Store::FastMmap<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>
Authentication/;<o:p></o:p></span></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>__PACKAGE__->config(<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>
'authentication' => {<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>
default_realm => "ldap",<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>
realms => {<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>
ldap => {<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>
credential => {<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>
class => "Password",<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>
password_field => "userPassword",<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>
password_type => "crypted",<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>
},<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>
store => {<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>
class
=> "LDAP",<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>
binddn
=> "cn=proxyagent,ou=profile,dc=xyz,dc=company,dc=com",<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>
bindpw
=> "proxy",<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>
ldap_server => "my.host.name",<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>
ldap_server_options => { timeout => 30 },<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>
start_tls => 0,<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>
use_roles => 0,<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>
user_basedn =>
"ou=People,dc=company,dc=com",<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>
user_field =>
"uid",<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>
user_filter =>
"(&(objectClass=posixAccount)(uid=%s))",<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>
user_scope =>
"one",<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>
user_search_options => { attrs => ['*'] },<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>
},<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>
},<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>
},<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>
},<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>);<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'><o:p> </o:p></span></p>
<p class=MsoNormal>Reusing some of the code from "The Book" I have
implemented a login action:<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>sub
login : Global Form {<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>
my ($self, $c) = @_;<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>
my $form = $self->formbuilder;<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>
<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>
return unless $form->submitted && $form->validate;<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>
<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>
if ($c->authenticate({username => $form->field('username'),<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>
password => $form->field('password')})){<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>
$c->flash->{message} = "Logged in successfully.";<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>
$c->res->redirect($c->uri_for('/'));<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>
$c->detach;<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>
}<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>
else {<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>
$c->stash->{error} = "Login failed.";<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>
}<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>}<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'><o:p> </o:p></span></p>
<p class=MsoNormal>I have tested the C::A::Store::LDAP ability to talk to the
server by first using a bogus hostname (which generated an error) and putting a
bogus password in for my proxy account (which generated an error) so I know
that the issue is with the final phase of testing the user's password hash.
>From the debug output of the server I see this happen when trying to
authenticate:<o:p></o:p></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>[CGI::FormBuilder::Field::validate]
(debug1) password: validation passed<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>[CGI::FormBuilder::validate]
(debug1) validation done, ok = 1 (should be 1)<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>[CGI::FormBuilder::field]
(debug2) called $form->field(username)<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>[CGI::FormBuilder::field]
(debug2) searching fields for 'username'<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>[CGI::FormBuilder::Field::value]
(debug2) username: called $field->value()<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>[CGI::FormBuilder::Field::value]
(debug2) username: sticky && ! force<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>[CGI::FormBuilder::Field::cgi_value]
(debug2) username: called $field->cgi_value<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>[CGI::FormBuilder::Field::cgi_value]
(debug2) username: cgi value = (uname)<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>[CGI::FormBuilder::Field::value]
(debug1) username: returning value (uname)<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>[CGI::FormBuilder::Field::inflate_value]
(debug2) username: called $field->inflate_value<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>[CGI::FormBuilder::field]
(debug2) called $form->field(password)<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>[CGI::FormBuilder::field]
(debug2) searching fields for 'password'<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>[CGI::FormBuilder::Field::value]
(debug2) password: called $field->value()<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>[CGI::FormBuilder::Field::value]
(debug2) password: sticky && ! force<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>[CGI::FormBuilder::Field::cgi_value]
(debug2) password: called $field->cgi_value<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>[CGI::FormBuilder::Field::cgi_value]
(debug2) password: cgi value = (sdfd)<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>[CGI::FormBuilder::Field::value]
(debug1) password: returning value (sdfd)<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>[CGI::FormBuilder::Field::inflate_value]
(debug2) password: called $field->inflate_value<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>Use
of uninitialized value in crypt at
/usr/lib/perl5/site_perl/5.8.8/Catalyst/Authentication/Credential/Password.pm
line 69.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>Use
of uninitialized value in crypt at
/usr/lib/perl5/site_perl/5.8.8/Catalyst/Authentication/Credential/Password.pm
line 69.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>Use of
uninitialized value in string eq at
/usr/lib/perl5/site_perl/5.8.8/Catalyst/Authentication/Credential/Password.pm
line 69.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>[info]
*** Request 1 (0.001/s) [12951] [Wed Feb 27 10:37:32 2008] ***<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>[debug]
Body Parameters are:<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>.-------------------------------------+--------------------------------------.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>|
Parameter
|
Value
|<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>+-------------------------------------+--------------------------------------+<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>|
_submit
| Login |<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>|
_submitted_login
|
1
|<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>|
password
| sdfd
|<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>|
username
| matthewr
|<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'>'-------------------------------------+--------------------------------------|<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'><o:p> </o:p></span></p>
<p class=MsoNormal>At this point the bogus password is being verified and I am
authenticated and redirected to /, which is not correct. Can anyone see what I
am doing wrong?<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Thanks,<o:p></o:p></p>
<p class=MsoNormal>Matt<span style='font-size:8.0pt;font-family:"Courier New"'><o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Courier New"'><o:p> </o:p></span></p>
</div>
</body>
</html>