SOLVED!

'user_scope'needs to be 'sub' and not 'one'. And as a side note 'user_field' must be lowercase or a deep recursion search will be done.

I'm trying to authenticate with Catalyst::Authentication::Store::LDAP and in the Catalyst development server it keeps saying "debug: Unable to locate user matching user info provided".

Since it uses Net::LDAP as a backend I made a test script which works and is as seen below. It dumps out all the ActiveDirectory info for me. 

#!/usr/bin/perl
use Net::LDAP;
use Data::Dumper;

my $ldap = Net::LDAP->new( 'sub.ad.mydomain.org' );

# bind to a directory with dn and password
my $mesg = $ldap->bind(
    'myusername@ad.mydomain.com',
    password => 'mypassword'
);

$mesg = $ldap->search(
    base => "DC=sub,DC=ad,DC=mydomain,DC=org",
    filter => "(sAMAccountName=myusername)",
); 

die Dumper $mesg->entries;

[download]

Also running "ldapsearch" like below dumps all my ActiveDirectory info: 

ldapsearch -H ldap://sub.ad.mydomain.org \
-b dc=sub,dc=ad,dc=mydomain,dc=org \
-D myusername@ad.subdomain.org \
-w mypassword \
'(sAMAccountName=myusername)'

[download]

In the documentation for Catalyst::Authentication::Store::LDAP it says for Microsoft ActiveDirectory to change "user_field: samaccountname" to lowercase which I have and I also left it the proper case.

The development server debug info looks like this: 

[debug] Body Parameters are:
.-------------+-------------.
| Parameter   | Value       |
+-------------+-------------+
| password    | mypassword  |
| username    | myusername  |
'-------------+-------------'
[debug] Path is "login"
[debug] Unable to locate user matching user info provided

[download]
Here is what my myapp.conf file looks like for Catalyst: 

name MyApp

# Config for Store::LDAP
<authentication>
  default_realm ldap
  <realms>
    <ldap>
      <credential>
        class Password
        password_field password
        password_type  self_check
      </credential>
      <store>
        class LDAP
        ldap_server ldap://sub.ad.mydomain.org
        <ldap_server_options>
          timeout 30
          onerror warn
        </ldap_server_options>
        binddn myusername@ad.mydomain.org
        bindpw mypassword
        start_tls 0
        <start_tls_options>
          verify none
        </start_tls_options>
        user_basedn DC=sub,DC=ad,DC=mydomain,DC=org
        user_filter (sAMAccountName=%s)
        user_scope one
        user_field sAMAccountName  # also tried samaccountname
        <user_search_options>
          deref always
        </user_search_options>
        use_roles 0
      </store>
    </ldap>
  </realms>
</authentication>

[download]

And also here's my login method in Root.pm 

sub login : Global {
    my ( $self, $c ) = @_;
    
    # Get the username and password from form
    my $username = $c->request->params->{username};
    my $password = $c->request->params->{password};

    if ( $username and $password ) {
        if ($c->authenticate({username => $username, password => $pass
+word })) {
            $c->res->body("Welcome " . $c->user->username . "!");
        } else {
            $c->stash(error_msg => "Bad username or password.");
        }
    } else {
        # Set an error message
        $c->stash(error_msg => "Empty username or password.");
    }  
}

[download]
Any ideas on what I'm doing wrong? Is there something wrong with my Config file? Thanks in advance for any help!

In reply to Not Authenticating - Catalyst::Authentication::Store::LDAP by awohld

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.