Re: Catalyst LDAP Authentication Not Working

Replies are listed 'Best First'.
Re^2: Catalyst LDAP Authentication Not Working by Anonymous Monk on Oct 17, 2013 at 18:51 UTC
I am running Catalyst 5.90042, Perl v5.10.1, on Red Hat Enterprise Linux Server release 6.4 The configuration in Config::General format `<Plugin::Authentication> <default> <store> class LDAP ldap_server ldap://ldap.server:3268 binddn bind@domain bindpw password user_basedn basedn user_field samaccountname user_filter (sAMAccountName=%s)) user_scope sub <user_search_options> dref always </user_search_options> </store> <credential> class Password password_type self_check password_field password </credential> </default> </Plugin::Authentication>` [download] The Controller module action `sub login : Local { my ( $self, $c ) = @_; if ( my $user = $c->req->params->{user} and my $password = $c->req->params->{password} ) { if ( $c->authenticate( { login => $user, password => $password, })) { $c->response->redirect($c->uri_for('/')); } else { # login incorrect use Data::Dumper; $c->response->body("Login Incorrect"); } } else { # invalid form input $c->response->body("Form Input Invalid"); } }` [download]	[reply] [d/l] [select]
Re^3: Catalyst LDAP Authentication Not Working by Your Mother (Archbishop) on Oct 17, 2013 at 19:53 UTC
Don't know if it's the issue but `(sAMAccountName=%s))` has an extra close paren. Might want to add this to the `store` (sorry, I like YAML better than Config::General)- `ldap_server_options: timeout: 30 onerror: warn` [download] I would also recommend never taking query params for login; insist on POST params. Otherwise some user might discover that she can auto-login with a URL with her credentials in the query string. `my $user = $c->req->params->{user} and my $password = $c->req->params->{password} # Becomes... my $user = $c->request->body_params->{user} and my $password = $c->request->body_params->{password}` [download]	[reply] [d/l] [select]
Re^4: Catalyst LDAP Authentication Not Working by Anonymous Monk on Oct 17, 2013 at 19:58 UTC
Thanks. The extra parenthesis was the problem. If it was a snake, I'd be bit.	[reply]
Re^3: Catalyst LDAP Authentication Not Working by Anonymous Monk on Oct 17, 2013 at 19:02 UTC
As in http://perlmonks.org/?node_id=856404, I changed `$c->authenticate( { login => $user` to `$c->authenticate( { id => $user,` and it didn't help.	[reply] [d/l] [select]
Re^4: Catalyst LDAP Authentication Not Working by Anonymous Monk on Oct 17, 2013 at 19:13 UTC
Here is the packet capture 1 0.000000 catserver -> ldapserver TCP 38760 > msft-gc [SYN] Seq=0 + Win=14600 Len=0 MSS=1460 TSV=4135990048 TSER=0 WS=6 2 0.000244 ldapserver -> catserver TCP msft-gc > 38760 [SYN, ACK] +Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=8 TSV=338886467 TSER=413599004 +8 3 0.000271 catserver -> ldapserver TCP 38760 > msft-gc [ACK] Seq=1 + Ack=1 Win=14656 Len=0 TSV=4135990049 TSER=338886467 4 0.013696 catserver -> ldapserver LDAP bindRequest(1) "apache@ads +.state.mo.us" simple 5 0.031177 ldapserver -> catserver LDAP bindResponse(1) success 6 0.031310 catserver -> ldapserver TCP 38760 > msft-gc [ACK] Seq=4 +5 Ack=23 Win=14656 Len=0 TSV=4135990080 TSER=338886470 7 0.055315 catserver -> ldapserver TCP 38760 > msft-gc [FIN, ACK] +Seq=45 Ack=23 Win=14656 Len=0 TSV=4135990104 TSER=338886470 8 0.055602 ldapserver -> catserver TCP msft-gc > 38760 [ACK] Seq=2 +3 Ack=46 Win=66560 Len=0 TSV=338886473 TSER=4135990104 9 0.055662 ldapserver -> catserver TCP msft-gc > 38760 [RST, ACK] +Seq=23 Ack=46 Win=0 Len=0 [download]	[reply] [d/l]