<font size=2 face="sans-serif">I am continuing on my journey to duplicate
a web app for administering a db. I have all my pages up and running, as
well as search functionality. I decided to attack authentication
next. I am using a php pages from a different web app to get the settings
for our LDAP server.</font>
<br>
<br><font size=2 face="sans-serif">//Connect to ldap server</font>
<br><font size=2 face="sans-serif"> $ds=ldap_connect("xxx.xxx.xxx.xxx");</font>
<br><font size=2 face="sans-serif"> if
($ds) { </font>
<br><font size=2 face="sans-serif"> //Get
ID for intranet user</font>
<br><font size=2 face="sans-serif">
$sr=ldap_search($ds, "ou=ldap.server,
o=domain.com", "mail=$username"); </font>
<br><font size=2 face="sans-serif">
$info = ldap_get_entries($ds, $sr);</font>
<br><font size=2 face="sans-serif">
for ($i=0; $i<$info["count"];
$i++) {</font>
<br><font size=2 face="sans-serif">
$uid=$info[$i]["dn"];</font>
<br><font size=2 face="sans-serif">
}</font>
<br><font size=2 face="sans-serif">
if (strpos($uid,'uid') !== false)</font>
<br><font size=2 face="sans-serif">
{</font>
<br><font size=2 face="sans-serif"> //Bind
to ldap server with $uid and $password to verify </font>
<br><font size=2 face="sans-serif">
$bind_results=ldap_bind($ds, "$uid",
"$password") or die("Could not log you in please check your
UserName and Password and try again."); </font>
<br><font size=2 face="sans-serif">
if ( $bind_results == "1" )</font>
<br><font size=2 face="sans-serif">
$sr=ldap_search($ds,
"ou=bluepages, o=ibm.com", "mail=$username"); </font>
<br><font size=2 face="sans-serif">
$info
= ldap_get_entries($ds, $sr);</font>
<br><font size=2 face="sans-serif">
for ($i=0;
$i<$info["count"]; $i++) {</font>
<br><font size=2 face="sans-serif">
$fullname=$info[$i]["cn"][0];</font>
<br><font size=2 face="sans-serif">
}</font>
<br>
<br><font size=2 face="sans-serif">It then goes on to create session stuff,
but I want to use the built-in LDAP authentication. I have this in my Login.pm:</font>
<br>
<br><font size=2 face="sans-serif">sub index :Path :Args(0) {</font>
<br><font size=2 face="sans-serif"> my ( $self, $c ) = @_;</font>
<br><font size=2 face="sans-serif"> #
Get the username and password from form</font>
<br><font size=2 face="sans-serif"> my $username
= $c->request->params->{username};</font>
<br><font size=2 face="sans-serif"> my $password
= $c->request->params->{password};</font>
<br><font size=2 face="sans-serif"> # If the
username and password values were found in form</font>
<br><font size=2 face="sans-serif"> if ($username
&& $password) {</font>
<br><font size=2 face="sans-serif">
# Attempt to log the user in</font>
<br><font size=2 face="sans-serif">
if ($c->authenticate({ username => $username,</font>
<br><font size=2 face="sans-serif">
password => $password } )) {</font>
<br><font size=2 face="sans-serif">
# If successful, then let them use the application</font>
<br><font size=2 face="sans-serif">
$c->response->redirect($c->uri_for(</font>
<br><font size=2 face="sans-serif">
$c->controller('Search')->action_for('search')));</font>
<br><font size=2 face="sans-serif">
return;</font>
<br><font size=2 face="sans-serif">
} else {</font>
<br><font size=2 face="sans-serif">
# Set an error message</font>
<br><font size=2 face="sans-serif">
$c->stash(error_msg => "Bad username or password.");</font>
<br><font size=2 face="sans-serif">
}</font>
<br><font size=2 face="sans-serif"> } else {</font>
<br><font size=2 face="sans-serif">
# Set an error message</font>
<br><font size=2 face="sans-serif">
$c->stash(error_msg => "Empty username or password.")</font>
<br><font size=2 face="sans-serif">
unless ($c->user_exists);</font>
<br><font size=2 face="sans-serif"> }</font>
<br><font size=2 face="sans-serif"> #
If either of above don't work out, send to the login page</font>
<br><font size=2 face="sans-serif"> $c->stash(template
=> 'login.tt2'); </font>
<br><font size=2 face="sans-serif">}</font>
<br>
<br><font size=2 face="sans-serif">and this code in my Root.pm:</font>
<br>
<br><font size=2 face="sans-serif">sub auto :Private {</font>
<br><font size=2 face="sans-serif"> my ($self, $c) = @_;</font>
<br><font size=2 face="sans-serif"> # Allow unauthenticated
users to reach the login page. This</font>
<br><font size=2 face="sans-serif"> # allows unauthenticated
users to reach any action in the Login</font>
<br><font size=2 face="sans-serif"> # controller. To
lock it down to a single action, we could use:</font>
<br><font size=2 face="sans-serif"> # if ($c->action eq
$c->controller('Login')->action_for('index'))</font>
<br><font size=2 face="sans-serif"> # to only allow unauthenticated
access to the 'index' action we</font>
<br><font size=2 face="sans-serif"> # added above.</font>
<br><font size=2 face="sans-serif"> if ($c->controller
eq $c->controller('Login')) {</font>
<br><font size=2 face="sans-serif"> return 1;</font>
<br><font size=2 face="sans-serif"> }</font>
<br><font size=2 face="sans-serif"> # If a user doesn't exist,
force login</font>
<br><font size=2 face="sans-serif"> if (!$c->user_exists)
{</font>
<br><font size=2 face="sans-serif"> # Dump a
log message to the development server debug output</font>
<br><font size=2 face="sans-serif"> $c->log->debug('***Root::auto
User not found, forwarding to /login');</font>
<br><font size=2 face="sans-serif"> # Redirect
the user to the login page</font>
<br><font size=2 face="sans-serif"> $c->response->redirect($c->uri_for('/login'));</font>
<br><font size=2 face="sans-serif"> # Return
0 to cancel 'post-auto' processing and prevent use of application</font>
<br><font size=2 face="sans-serif"> return 0;</font>
<br><font size=2 face="sans-serif"> }</font>
<br><font size=2 face="sans-serif"> # User found, so return
1 to continue with processing after this 'auto'</font>
<br><font size=2 face="sans-serif"> return 1;</font>
<br><font size=2 face="sans-serif">}</font>
<br>
<br><font size=2 face="sans-serif">And in MyApp.pm:</font>
<br>
<br><font size=2 face="sans-serif">__PACKAGE__->config(</font>
<br><font size=2 face="sans-serif"> 'authentication'
=> {</font>
<br><font size=2 face="sans-serif">
default_realm => 'ldap',</font>
<br><font size=2 face="sans-serif">
realms => {</font>
<br><font size=2 face="sans-serif">
ldap =>
{</font>
<br><font size=2 face="sans-serif">
credential => {</font>
<br><font size=2 face="sans-serif">
class
=> 'Password',</font>
<br><font size=2 face="sans-serif">
password_field
=> 'password',</font>
<br><font size=2 face="sans-serif">
password_type
=> 'self_check',</font>
<br><font size=2 face="sans-serif">
},</font>
<br><font size=2 face="sans-serif">
store => {</font>
<br><font size=2 face="sans-serif">
binddn
=> "username",</font>
<br><font size=2 face="sans-serif">
bindpw => "password",</font>
<br><font size=2 face="sans-serif">
class
=> 'LDAP',</font>
<br><font size=2 face="sans-serif">
ldap_server
=> '9.17.186.253',</font>
<br><font size=2 face="sans-serif">
ldap_server_options
=> { timeout => 30 },</font>
<br><font size=2 face="sans-serif">
user_basedn
=> 'o=domain, o=com',</font>
<br><font size=2 face="sans-serif">
user_field
=> 'mail',</font>
<br><font size=2 face="sans-serif">
user_filter
=> '(&(mail=%s)(objectclass=person))',</font>
<br><font size=2 face="sans-serif">
user_scope
=> 'sub',
</font>
<br><font size=2 face="sans-serif">
},</font>
<br><font size=2 face="sans-serif">
},</font>
<br><font size=2 face="sans-serif">
},</font>
<br><font size=2 face="sans-serif"> },</font>
<br><font size=2 face="sans-serif">);<br>
</font>
<br><font size=2 face="sans-serif">They are apparently doing the initial
bind with the credentials submitted by the user, I am getting invalid credentials
the way I have it above, if I change it to anonymous I get a "</font><tt><font size=3>LDAP
Error while searching for user: No such object</font></tt><font size=2 face="sans-serif">".
I could use some suggestions.</font>
<br>