Problems with non-anonymous binding (and restrictive ACLs)

[greatfireball]

It seems, that the pull request #6 caused some problems on our installation. We must authenticate to our LDAP server to retrieve data and we have some restrictive ACLs in place. Therefore, due to dropping the connection I am unable to authenticate my users. This is issue can not be reproduced used the existing test set. I will try to provide a goot test set and my local fix asap.

[whosgonna]

I think I'm having the same issue here authenticating against Active Directory. It looks like D2PAE::Provider::LDAP is creating two network connections to the LDAP service (that is to say two separate ephemeral TCP ports from Dancer2). The bind action is done in one connection, which returns success. The searchRequest is done over the other connection which fails because there is no binding.

[greatfireball]

True... I still have no minimal example to illustrate the behavior, in a test case for the module. I will try to finish that this week and will open a pull request afterwards.

[racke]

@greatfireball That would be really great and helpful.

[greatfireball]

The patch in my fork already works, thus if one wants to test it, I am interested if this solves your problem.

[whosgonna]

@greatfireball, the branch anonymous_bind in your fork does solve the problem for me.

[greatfireball]

@whosgonna Thank you for the information :) I will generate a test and start a pull request.

[whosgonna]

Looking at the code, and it's maybe more worthwhile than is necessary, but would it be better to change ldap from a method to an attribute?

Also, I'm also not sure why all of the disconnection and re-binding. Is it just because authentication is considered an infrequent action? (Of course the patch from @greatfireball doesn't introduce the logic of unbind and disconnect, it just undefs ->{ldap} for full clean up). I'm probably over thinking things here, though.

[SysPete]

closed by #12