Bug #83823 for Test-Net-LDAP: Authen::Simple::LDAP authentication always positive if user correct

Thu Mar 07 23:53:20 2013 xenoterracide [...] gmail.com - Ticket created

Subject:	Authen::Simple::LDAP authentication always positive if user correct
Date:	Thu, 7 Mar 2013 22:53:04 -0600
To:	bugs-test-net-ldap [...] rt.cpan.org
From:	Caleb Cushing <xenoterracide [...] gmail.com>

http://stackoverflow.com/questions/15286329/mock-ldap-password (text of my question below) maybe it's a bug... metacpan.org/source/CHANSEN/Authen-Simple-LDAP-0.3/lib/Authen/… looks like password is authenticated with bind but T::N::LDAP says bind always returns true ... I've managed to get Test::Net::LDAP working so far as authentication passes, and DBD::LDAP is able to query and return the user. $ldap->add('uid=myuser,ou=People,dc=foo,dc=bar,dc=com', attrs => [ cn => 'My User', displayname => 'My User', mail => 'myuser@example.com', userpassword => '{CLEARTEXT}testuserpass28', objectClass => 'inetOrgPerson', ] ); However the Authentication passing appears to be a fraud, if I change the password authentication does not fail. $t->post_ok('/api/v2/auth' => json => { user => 'myuser', pass => 'testuserpass' }) [Thu Mar 7 21:31:11 2013] [debug] Successfully authenticated user 'myuser' with dn 'uid=myuser,ou=People,dc=foo,dc=bar,dc=com'. here's what's basically the authentication code. ## validate_user my $ldap = load_class('Authen::Simple::LDAP')->new( basedn => $config->{RBAC}->{basedn}, host => $config->{RBAC}->{host}, log => $s->param('log'), ); my $auth = load_class('Authen::Simple') ->new( $ldap ) ->authenticate( $username, $password ); return $username if $auth; ... $self->plugin( 'authentication' => { session_key => $self->config('session_cookie_key'), stash_key => $self->config('stash_key'), lazy_mode => 'on', load_user => \&Authentication::load_user, validate_user => \&Authentication::validate_user } ); I'm pretty sure it partially works because there were times it wasn't even finding the user, I think it's just not finding the password to compare, and probably because the password field is wrong or in the wrong place. How can I define it correctly? -- Caleb Cushing http://xenoterracide.com

Mon Mar 11 11:09:59 2013 MAHIRO [...] cpan.org - Correspondence added

If you are using Test::Net::LDAP::Mock (or "ldap_mockify {...}" call), authentication is unfortunately not supported in the latest version. The bind() method does literally nothing other than always returning a success message, as documented. So far, the module has been designed primarily to test searching, but has not yet been to test authentication.

Mon Mar 11 11:10:00 2013 The RT System itself - Status changed from 'new' to 'open'

Mon Mar 11 22:13:19 2013 xenoterracide [...] gmail.com - Correspondence added

Subject:	Re: [rt.cpan.org #83823] Authen::Simple::LDAP authentication always positive if user correct
Date:	Mon, 11 Mar 2013 21:13:07 -0500
To:	bug-Test-Net-LDAP [...] rt.cpan.org
From:	Caleb Cushing <xenoterracide [...] gmail.com>

I got that... that's why I filed a bug On Mon, Mar 11, 2013 at 10:09 AM, Mahiro Ando via RT <bug-Test-Net-LDAP@rt.cpan.org> wrote: Show quoted text

> <URL: https://rt.cpan.org/Ticket/Display.html?id=83823 > > > If you are using Test::Net::LDAP::Mock (or "ldap_mockify {...}" call), authentication is > unfortunately not supported in the latest version. > > The bind() method does literally nothing other than always returning a success message, as > documented. So far, the module has been designed primarily to test searching, but has not yet > been to test authentication. >

-- Caleb Cushing http://xenoterracide.com

Sun Mar 17 09:53:02 2013 MAHIRO [...] cpan.org - Correspondence added

Closing the ticket for now, as it's out of the current scope of the module. On the other hand, since your usage is interesting, the authentication matter may be considered in a future version.

Sun Mar 17 09:53:05 2013 MAHIRO [...] cpan.org - Status changed from 'open' to 'resolved'