PeterKaagman has asked for the wisdom of the Perl Monks concerning the following question:

Hi there

I'm using Dancer2::Plugin::Auth::Extensible::Provider::LDAP to authenticate users agains an MS AD. I'm able to do the authentication part, but got stuck on authorisation: I cannot seem to be able to get the role part to work. I.e. getting the groups a user is a member of.

According to the docs there are 2 settings:

role_attribute: 'cn'
role_filter: '(objectClass=group)'

[download]

Using the DSA tool provided by MS I found (assumed) that the role_filter should be ok. What I'm not sure about is the role_attribute. Again according to DSA the group name is in a field named "cn", which also is the default for the role_attribute.

But with these setting I don't get any roles. I also tried "name" and "MemberOf" as role_attribute. But this does not woek either. I'm at a loss

Did any of you get this to work? And how?

Regard... Peter

Replies are listed 'Best First'.
Re: dancer2 auth ldap
by perlfan (Parson) on Nov 03, 2020 at 02:51 UTC
    I can only help insofar to suggest that I'd attempt to debug this myself by using Net::LDAP directly to work out this, since it states that ultimately this plugin, "Returns a connected Net::LDAP object".
[reply]

Back to Seekers of Perl Wisdom