I am continuing on my journey to duplicate a web app for administering a
db. I have all my pages up and running, as well as search functionality. I
decided to attack authentication next. I am using a php pages from a
different web app to get the settings for our LDAP server.
//Connect to ldap server
$ds=ldap_connect("xxx.xxx.xxx.xxx");
if ($ds) {
//Get ID for intranet user
$sr=ldap_search($ds, "ou=ldap.server, o=domain.com",
"mail=$username");
$info = ldap_get_entries($ds, $sr);
for ($i=0; $i<$info["count"]; $i++) {
$uid=$info[$i]["dn"];
}
if (strpos($uid,'uid') !== false)
{
//Bind to ldap server with $uid and $password to verify
$bind_results=ldap_bind($ds, "$uid", "$password") or
die("Could not log you in please check your UserName and Password and try
again.");
if ( $bind_results == "1" )
$sr=ldap_search($ds, "ou=bluepages, o=ibm.com",
"mail=$username");
$info = ldap_get_entries($ds, $sr);
for ($i=0; $i<$info["count"]; $i++) {
$fullname=$info[$i]["cn"][0];
}
It then goes on to create session stuff, but I want to use the built-in
LDAP authentication. I have this in my Login.pm:
sub index :Path :Args(0) {
my ( $self, $c ) = @_;
# Get the username and password from form
my $username = $c->request->params->{username};
my $password = $c->request->params->{password};
# If the username and password values were found in form
if ($username && $password) {
# Attempt to log the user in
if ($c->authenticate({ username => $username,
password => $password } )) {
# If successful, then let them use the application
$c->response->redirect($c->uri_for(
$c->controller('Search')->action_for('search')));
return;
} else {
# Set an error message
$c->stash(error_msg => "Bad username or password.");
}
} else {
# Set an error message
$c->stash(error_msg => "Empty username or password.")
unless ($c->user_exists);
}
# If either of above don't work out, send to the login page
$c->stash(template => 'login.tt2');
}
and this code in my Root.pm:
sub auto :Private {
my ($self, $c) = @_;
# Allow unauthenticated users to reach the login page. This
# allows unauthenticated users to reach any action in the Login
# controller. To lock it down to a single action, we could use:
# if ($c->action eq $c->controller('Login')->action_for('index'))
# to only allow unauthenticated access to the 'index' action we
# added above.
if ($c->controller eq $c->controller('Login')) {
return 1;
}
# If a user doesn't exist, force login
if (!$c->user_exists) {
# Dump a log message to the development server debug output
$c->log->debug('***Root::auto User not found, forwarding to
/login');
# Redirect the user to the login page
$c->response->redirect($c->uri_for('/login'));
# Return 0 to cancel 'post-auto' processing and prevent use of
application
return 0;
}
# User found, so return 1 to continue with processing after this
'auto'
return 1;
}
And in MyApp.pm:
__PACKAGE__->config(
'authentication' => {
default_realm => 'ldap',
realms => {
ldap => {
credential => {
class => 'Password',
password_field => 'password',
password_type => 'self_check',
},
store => {
binddn => "username",
bindpw => "password",
class => 'LDAP',
ldap_server => '9.17.186.253',
ldap_server_options => { timeout
=> 30 },
user_basedn => 'o=domain, o=com',
user_field => 'mail',
user_filter =>
'(&(mail=%s)(objectclass=person))',
user_scope => 'sub',
},
},
},
},
);
They are apparently doing the initial bind with the credentials submitted
by the user, I am getting invalid credentials the way I have it above, if
I change it to anonymous I get a "LDAP Error while searching for user: No
such object". I could use some suggestions.
_______________________________________________
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/
