Re: Error with Dancer2::Plugin::Auth::ActiveDirectory

Hi, I have not used this plugin, but reading the source I see that a call to authenticate() wraps a call to Auth::ActiveDirectory::authenticate(), which does:

    my $message = $self->ldap->bind( $user, password => $password );
    if ( _v_is_error( $message, $user ) ) {
        $self->error_message( _parse_error_message($message) );
        return;
    }
[download]

... however the code in the Dancer2 plugin does:

    my $user = _connect_to_ad($dsl)->authenticate( $name, $pass );
    return $user if $user->{error};
[download]

Without digging further (e.g. by reading the source of the distro's test files, if any), I would suggest adding debugging by replacing line 138 with:

my $AD = _connect_to_ad($dsl) or die "No AD connection!";
my $user = $AD->authenticate( $name, $pass );
die $AD->error_message if $AD->error_message;
...
[download]

Hope this helps!

The way forward always starts with a minimal test.

Comment on Re: Error with Dancer2::Plugin::Auth::ActiveDirectory Select or Download Code

Replies are listed 'Best First'.
Re^2: Error with Dancer2::Plugin::Auth::ActiveDirectory by TieUpYourCamel (Scribe) on Jan 17, 2020 at 18:12 UTC
Thanks... That did help me establish that the connection to the domain controller is working fine, etc. Investigating further, I believe the problem is somewhere in Auth::ActiveDirectory, specifically here where it does the LDAP search to get the user's information: `my $result = $self->_search_users( qq/(&(objectClass=person)(userP +rincipalName=$user./ . $self->principal . '))' );` [download] The search fails, which the code ignores, then runs a foreach on the nonexistent results, and then returns undefined. I've tried modifying the search in several different ways, including hard-coding some of the search criteria, and I can't get anything other than "DIR ERROR" and "NO OBJECT" as error messages. I inserted some debug code to show the error messages: `my $search = qq/(&(objectClass=person)(userPrincipalName=$user./ . $se +lf->principal . '))'; my $result = $self->_search_users( $search ); die $search . " -- " . $result->{'errorMessage'} if $result->{'errorMe +ssage'};` [download] I've been reading about LDAP and it seems like I'm doing everything right, but I must not be. Here are some errors, with the search that generated them. (userPrincipalName=testuser@our.domain.com) -- 0000208D: NameErr: DSID +-0310020A, problem 2001 (NO_OBJECT), data 0, best match of: 'OU=USER, +OU=ACCOUNTS,OU=OUROU,DC=OUR,DC=DOMAIN,DC=com' at /home/camel/perl5/pe +rlbrew/perls/perl-5.30.1/lib/site_perl/5.30.1/Auth/ActiveDirectory.pm + line 133. (sAMAccountName=testuser) -- 0000208D: NameErr: DSID-0310020A, problem + 2001 (NO_OBJECT), data 0, best match of: 'OU=USER,OU=ACCOUNTS,OU=OUR +OU,DC=OUR,DC=DOMAIN,DC=com' at /home/camel/perl5/perlbrew/perls/perl- +5.30.1/lib/site_perl/5.30.1/Auth/ActiveDirectory.pm line 133. (sAMAccountName=*) -- 0000208D: NameErr: DSID-0310020A, problem 2001 ( +NO_OBJECT), data 0, best match of: 'OU=USER,OU=ACCOUNTS,OU=OUROU,DC=O +UR,DC=DOMAIN,DC=com' at /home/camel/perl5/perlbrew/perls/perl-5.30.1/ +lib/site_perl/5.30.1/Auth/ActiveDirectory.pm line 133. [download]	[reply] [d/l] [select]
Re^2: Error with Dancer2::Plugin::Auth::ActiveDirectory by TieUpYourCamel (Scribe) on Jan 20, 2020 at 19:08 UTC
More debugging... What's "wrong with the search" is the DN sent to Net::LDAP::search is wrong. I made two changes: Auth::ActiveDirectory Line 108: `$self->{base} = qq/$self->{principal}/ unless $self->{base};` [download] Auth::ActiveDirectory Line 129:: `my $result = $self->_search_users( "sAMAccountName=$username" );` [download] ... and now everything works quite well.	[reply] [d/l] [select]