| Subject: | auth should not be case-sensitive |
As I understand it, LDAP authentication is/should be case insensitive.
Backend.pm does an "eq" test on the value looked up and the value returned.
This fails if you authenticate with "sAMAccountName=UserName" but the
server returns "username" in the user data.
I've attached a failing test (for 0.1002) and a patch to make the sanity
check in Backend.pm a case-insensitive match.
| Subject: | 50.auth.case.sensitivity.t |
#!/usr/bin/env perl
# vim: ts=8 sts=4 et sw=4 sr sta
use strict;
use warnings;
use Catalyst::Exception;
use Test::More tests => 4;
use lib 't/lib';
use LDAPTest;
my $server = LDAPTest::spawn_server();
use_ok("Catalyst::Authentication::Store::LDAP::Backend");
my $back = Catalyst::Authentication::Store::LDAP::Backend->new(
{ 'ldap_server' => LDAPTest::server_host(),
# can test the timeout SKIP with this
'ldap_server_options' =>
{ timeout => -1, debug => $ENV{PERL_DEBUG} || 0 },
'binddn' => 'anonymous',
'bindpw' => 'dontcarehow',
'start_tls' => 0,
'user_basedn' => 'ou=foobar',
'user_filter' => '(&(objectClass=person)(uid=%s))',
'user_scope' => 'one',
'user_field' => 'uid',
'use_roles' => 0,
}
);
isa_ok( $back, "Catalyst::Authentication::Store::LDAP::Backend" );
ok( my $user_mixed = $back->find_user( { username => 'SOmeBOdy' } ), "find_user (mixed case)" );
isa_ok( $user_mixed, "Catalyst::Authentication::Store::LDAP::User" );
| Subject: | ldap_auth_case.patch |
--- lib/Catalyst/Authentication/Store/LDAP/Backend.pm.original 2008-09-09 09:51:18.000000000 +0100
+++ lib/Catalyst/Authentication/Store/LDAP/Backend.pm 2008-09-09 09:53:51.000000000 +0100
@@ -315,7 +315,8 @@
# a little extra sanity check with the 'eq' since LDAP already
# says it matches.
if ( defined($entry) ) {
- unless ( $entry->get_value($user_field) eq $id ) {
+ unless ( $entry->get_value($user_field) =~ m{\A$id\z}ixms ) {
+ warn $entry->get_value($user_field);
Catalyst::Exception->throw(
"LDAP claims '$user_field' equals '$id' but results entry does not match."
);