I am continuing on my journey to duplicate a web app for administering a db. I have all my pages up and running, as well as search functionality. I decided to attack authentication next. I am using a php pages from a different web app to get the settings for our LDAP server.
//Connect to ldap server $ds=ldap_connect("xxx.xxx.xxx.xxx"); if ($ds) { //Get ID for intranet user $sr=ldap_search($ds, "ou=ldap.server, o=domain.com", "mail=$username"); $info = ldap_get_entries($ds, $sr); for ($i=0; $i<$info["count"]; $i++) { $uid=$info[$i]["dn"]; } if (strpos($uid,'uid') !== false) { //Bind to ldap server with $uid and $password to verify $bind_results=ldap_bind($ds, "$uid", "$password") or die("Could not log you in please check your UserName and Password and try again."); if ( $bind_results == "1" ) $sr=ldap_search($ds, "ou=bluepages, o=ibm.com", "mail=$username"); $info = ldap_get_entries($ds, $sr); for ($i=0; $i<$info["count"]; $i++) { $fullname=$info[$i]["cn"][0]; } It then goes on to create session stuff, but I want to use the built-in LDAP authentication. I have this in my Login.pm: sub index :Path :Args(0) { my ( $self, $c ) = @_; # Get the username and password from form my $username = $c->request->params->{username}; my $password = $c->request->params->{password}; # If the username and password values were found in form if ($username && $password) { # Attempt to log the user in if ($c->authenticate({ username => $username, password => $password } )) { # If successful, then let them use the application $c->response->redirect($c->uri_for( $c->controller('Search')->action_for('search'))); return; } else { # Set an error message $c->stash(error_msg => "Bad username or password."); } } else { # Set an error message $c->stash(error_msg => "Empty username or password.") unless ($c->user_exists); } # If either of above don't work out, send to the login page $c->stash(template => 'login.tt2'); } and this code in my Root.pm: sub auto :Private { my ($self, $c) = @_; # Allow unauthenticated users to reach the login page. This # allows unauthenticated users to reach any action in the Login # controller. To lock it down to a single action, we could use: # if ($c->action eq $c->controller('Login')->action_for('index')) # to only allow unauthenticated access to the 'index' action we # added above. if ($c->controller eq $c->controller('Login')) { return 1; } # If a user doesn't exist, force login if (!$c->user_exists) { # Dump a log message to the development server debug output $c->log->debug('***Root::auto User not found, forwarding to /login'); # Redirect the user to the login page $c->response->redirect($c->uri_for('/login')); # Return 0 to cancel 'post-auto' processing and prevent use of application return 0; } # User found, so return 1 to continue with processing after this 'auto' return 1; } And in MyApp.pm: __PACKAGE__->config( 'authentication' => { default_realm => 'ldap', realms => { ldap => { credential => { class => 'Password', password_field => 'password', password_type => 'self_check', }, store => { binddn => "username", bindpw => "password", class => 'LDAP', ldap_server => '9.17.186.253', ldap_server_options => { timeout => 30 }, user_basedn => 'o=domain, o=com', user_field => 'mail', user_filter => '(&(mail=%s)(objectclass=person))', user_scope => 'sub', }, }, }, }, ); They are apparently doing the initial bind with the credentials submitted by the user, I am getting invalid credentials the way I have it above, if I change it to anonymous I get a "LDAP Error while searching for user: No such object". I could use some suggestions.
_______________________________________________ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/