Actually, it is the anonymous bind that is returning the data it seems, then when it tries to rebind with the credentials provided it errors out. I see it send and receive the following:
Net::LDAP=HASH(0x44d55e0) sending: 30 0C 02 01 01 60 07 02 01 03 04 00 80 00 __ __ 0....`........ Net::LDAP=HASH(0x44d55e0) received: 30 84 00 00 00 10 02 01 01 61 84 00 00 00 07 0A 0........a...... 01 00 04 00 04 00 __ __ __ __ __ __ __ __ __ __ ...... Net::LDAP=HASH(0x44d55e0) sending: 30 64 02 01 02 63 5F 04 16 6F 75 3D 62 6C 75 65 0d...c_..ou=blue 70 61 67 65 73 2C 6F 3D 69 62 6D 2E 63 6F 6D 0A pages,o=ibm.com. 01 02 0A 01 02 02 01 00 02 01 00 01 01 00 A0 34 ...............4 A3 15 04 0B 6F 62 6A 65 63 74 63 6C 61 73 73 04 ....objectclass. 06 70 65 72 73 6F 6E A3 1B 04 04 6D 61 69 6C 04 .person....mail. 13 6B 73 6D 63 6C 61 6E 65 40 75 73 2E 69 62 6D [email protected] 2E 63 6F 6D 30 00 __ __ __ __ __ __ __ __ __ __ .com0. Net::LDAP=HASH(0x44d55e0) received: <snip>This is a very long hash with ALL the ldap fields. Strangely it receives again without sending anything. Net::LDAP=HASH(0x44d55e0) received: 30 84 00 00 00 10 02 01 02 65 84 00 00 00 07 0A 0........e...... 01 00 04 00 04 00 __ __ __ __ __ __ __ __ __ __ ...... Net::LDAP=HASH(0x44d55e0) sending: 30 05 02 01 03 42 00 __ __ __ __ __ __ __ __ __ 0....B. Then it gives the "Unable to locate user matching user info provided in realm: ldap". I'm getting closer. I'm wondering if I need to find out what form they are encrypting the password in? It defaults to SHA-1, but I do not know if that is correct. Kenneth S Mclane/Dubuque/IBM@IBMUS wrote on 05/21/2012 03:34:48 PM: > From: > > Kenneth S Mclane/Dubuque/IBM@IBMUS > > To: > > The elegant MVC web framework <[email protected]> > > Date: > > 05/21/2012 03:36 PM > > Subject: > > Re: [Catalyst] LDAP question > > ok, making progress, I am getting all the data back in the return > hash, however, I get the error: "Unable to locate user matching user > info provided in realm: ldap" and get redirected back to the login > page. I built this using some examples from the tutorial and the > definitive guide, so I may have a wire crossed somewhere. Any ideas? > > Luis Muñoz <[email protected]> wrote on 05/21/2012 11:18:48 AM: > > > From: > > > > Luis Muñoz <[email protected]> > > > > To: > > > > The elegant MVC web framework <[email protected]> > > > > Date: > > > > 05/21/2012 11:20 AM > > > > Subject: > > > > Re: [Catalyst] LDAP question > > > > > > On May 21, 2012, at 12:02 PM, Kenneth S Mclane wrote: > > > > > I have no control over the LDAP server, How would I change things > > so the submitted username and password would be inserted as the > > credentials to be used as the initial bind? > > > > You use that from the client. > > > > Below is a snippet from a configuration file from a tool we use at > > $work for managing LDAP entries. It works in the way I described before. > > > > Pay attention to the binddn (the account to do the initial bind) and > > basedn (the place where you begin your search for a matching > > username, using the filter expression). Start simple and build up > > your expression to narrow down the tuples that it can retrieve. I'm > > pro very strict filters based on object types, but there are perhaps > > other opinions. > > > > Best regards > > > > -lem > > > > --8<---- > > > > # Configure the authentication subsystem. This is the component that > > # validates the current password for change requests. This service is > > # provided by Catalyst::Authentication::Store::LDAP. > > # > > # The ldap realm is mandatory, as this is used not only for > > # authentication but for access to the user's LDAP entry, both for > > # searching and for updating it. This means that we need to use a > > # binddn with enough privileges to read and write to the > > # directory. It's not enough to rely on the users' credentials for > > # rebinding, because in the case of a password recovery, we don't have > > # user credentials. > > > > authentication: > > default_realm: ldap > > realms: > > ldap: > > credential: > > class: Password > > password_field: password > > password_type: self_check > > store: > > class: LDAP > > ldap_server: localhost:3389 > > binddn: cn=your_initial_id,dc=domain,dc=com,dc=INVALID > > bindpw: Y0urS3cr3tB!ndP@$sw0rd > > user_basedn: > > ou=The,ou=Container,ou=Hierarchy,dc=domain,dc=com,dc=INVALID > > user_filter: (&(objectClass=inetOrgPerson)(|(uid=%s)(email=%s))) > > user_field: uid > > use_roles: 0 > > > > > > _______________________________________________ > > List: [email protected] > > Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst > > Searchable archive: http://www.mail-archive.com/[email protected]/ > > Dev site: http://dev.catalyst.perl.org/ > > _______________________________________________ > List: [email protected] > Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst > Searchable archive: http://www.mail-archive.com/[email protected]/ > Dev site: http://dev.catalyst.perl.org/
_______________________________________________ List: [email protected] Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[email protected]/ Dev site: http://dev.catalyst.perl.org/
