<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Hey,<div class=""><br class=""></div><div class="">now I found the error.</div><div class=""><br class=""></div><div class="">The module works fine, but in our ldap installation we don’t have displayName attribute for the entries.</div><div class="">I had to set the <i class=""><b class="">name_attribute: ‘cn’ </b></i>in the config.yml.</div><div class="">Now it works fine.</div><div class=""><br class=""></div><div class="">Thanks for the help</div><div class=""><br class=""></div><div class="">Best regards,</div><div class="">Attila<br class=""><div><br class=""><blockquote type="cite" class=""><div class="">On 2018. Oct 10., at 20:40, Attila Bárdi <<a href="mailto:attila.bardi@gmail.com" class="">attila.bardi@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">Hey Alex</span><div class="" style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;"><br class=""></div><div class="" style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;">well, my usecase is to allow user to login to the webapp, and after that they can change some attributes of theirs.</div><div class="" style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;">I don’t want to deal with groups (yet), maybe later.<br class=""><div class=""><br class=""><blockquote type="cite" class=""><div class="">On 2018. Oct 10., at 18:06, Alex Mestiashvili <<a href="mailto:mailatgoogl@gmail.com" class="">mailatgoogl@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class="" style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;"><div dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" class="">Hi,<span class="Apple-converted-space"> </span><br class=""><br class=""><div class="gmail_quote"><div dir="ltr" class="">On Wed, Oct 10, 2018 at 3:42 PM Attila Bárdi <<a href="mailto:attila.bardi@gmail.com" target="_blank" class="">attila.bardi@gmail.com</a>> wrote:<br class=""></div><blockquote class="gmail_quote" style="margin: 0px 0px 0px 0.8ex; border-left-width: 1px; border-left-style: solid; border-left-color: rgb(204, 204, 204); padding-left: 1ex;"><div dir="ltr" class=""><div dir="ltr" class="">Hey,<div class=""><br class=""></div><div class="">I used Ldap with Dancer and it works pretty fine. Now I want to develop a new microsite, I thought it would be better with Dancer2(0.206000). But I cannot make the Ldap (0.702) authentication to work.</div><div class=""><br class=""></div><div class="">I turned on the ldap logging. By the log It looks working, because it found the user, but the page says login failed. The second search for the groups has 0 match, the user doesn't member of any group. But I can log in with the user foo, and he is not a member of any group neither. The result is LOGIN FAILED.</div></div></div></blockquote><div class=""><br class=""></div><div class="">As far as I understand You'd like role-based access control for your app, where roles are actually ldap groups. I.e. uid belongs to a group <=> has a role.</div><div class="">Now you have to decide what exactly will contain the roles. In unix a user can have 1 primary group and multiple secondary groups.</div><div class="">IMHO it is more flexible to check for members of the secondary groups, which may have the following format in case of openldap:<br class=""></div><div class=""><br class=""></div><div class="">objectClass: posixGroup<br class="">displayName: powerusers<br class="">description: "members have role users"<br class="">gidNumber: 1001<br class="">cn: powerusers<br class="">memberUid: user1<br class="">memberUid: user2</div><div class="">memberUid: ...</div><div class=""><br class=""></div><div class="">If you'd like to check for the primary group then you'll probably will need to check for gidNumber..<span class="Apple-converted-space"> </span><br class=""></div><div class=""> </div><blockquote class="gmail_quote" style="margin: 0px 0px 0px 0.8ex; border-left-width: 1px; border-left-style: solid; border-left-color: rgb(204, 204, 204); padding-left: 1ex;"><div dir="ltr" class=""><div dir="ltr" class=""><div class=""><br class=""></div><div class="">In the Dancer2 log says:</div><div class=""><br class=""></div><div class=""><span class="" style="font-family: Helvetica; font-size: 12px;">Odd number of elements in anonymous hash at /usr/local/share/perl/5.24.1/Dancer2/Plugin/Auth/Extensible/Provider/LDAP.pm line 279.</span><br class="" style="font-family: Helvetica; font-size: 12px;"></div><div class=""><br class=""></div><div class="">OpenLdap log:</div><div class=""><br class=""></div><div class=""><span class="" style="font-family: Helvetica; font-size: 12px;">Oct 10 14:35:13 openldap01 slapd[991]: conn=674413 fd=106 ACCEPT from IP=a.b.c.d:47724 (IP=<a href="http://0.0.0.0:389/" target="_blank" class="">0.0.0.0:389</a>)</span><br class="" style="font-family: Helvetica; font-size: 12px;"><span class="" style="font-family: Helvetica; font-size: 12px;">Oct 10 14:35:13 openldap01 slapd[991]: conn=674413 op=0 BIND dn="cn=Administrator,dc=gothamcity,dc=example,dc=com" method=128</span><br class="" style="font-family: Helvetica; font-size: 12px;"><span class="" style="font-family: Helvetica; font-size: 12px;">Oct 10 14:35:13 openldap01 slapd[991]: conn=674413 op=0 BIND dn="cn=Administrator,dc=gothamcity,dc=example,dc=com" mech=SIMPLE ssf=0</span><br class="" style="font-family: Helvetica; font-size: 12px;"><span class="" style="font-family: Helvetica; font-size: 12px;">Oct 10 14:35:13 openldap01 slapd[991]: conn=674413 op=0 RESULT tag=97 err=0 text=</span><br class="" style="font-family: Helvetica; font-size: 12px;"><span class="" style="font-family: Helvetica; font-size: 12px;">Oct 10 14:35:13 openldap01 slapd[991]: conn=674413 op=1 SRCH base="dc=example,dc=com" scope=2 deref=2 filter="(&(objectClass=inetOrgPerson)(uid=battila))"</span><br class="" style="font-family: Helvetica; font-size: 12px;"><span class="" style="font-family: Helvetica; font-size: 12px;">Oct 10 14:35:13 openldap01 slapd[991]: conn=674413 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=</span><br class="" style="font-family: Helvetica; font-size: 12px;"><span class="" style="font-family: Helvetica; font-size: 12px;">Oct 10 14:35:13 openldap01 slapd[991]: conn=674413 op=2 SRCH base="dc=example,dc=com" scope=2 deref=2 filter="(&(objectClass=groupOfNames)(member=uid=battila,ou=people,dc=gothamcity,dc=example,dc=com))"</span></div></div></div></blockquote><div class=""><br class=""></div><div class="">This seem to be the problem, this LDAP plugin as far as I see is intended to be used with WindowsAD.</div><div class="">The searchfilter above is simply not applicable for your case. In case of openldap</div><div class=""> rolefilter would be rather memberUID: $uid instead of member=uid=$uid,ou=blabla,dc=….<br class=""></div></div></div></div></div></div></div></blockquote><div class=""><br class=""></div><div class="">This second part is gone since I did add: <i class=""><b class="">disable_roles: 1</b><span class="Apple-converted-space"> </span></i><span class="">to my<span class="Apple-converted-space"> </span></span><span class="">config</span><span class="">.</span></div><br class=""><blockquote type="cite" class=""><div class=""><div dir="ltr" class="" style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;"><div dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" class=""><div class="gmail_quote"><div class="">It is also hardcoded into the plugin:</div><div class=""><a href="https://metacpan.org/source/SYSPETE/Dancer2-Plugin-Auth-Extensible-Provider-LDAP-0.702/lib/Dancer2/Plugin/Auth/Extensible/Provider/LDAP.pm" target="_blank" class="">https://metacpan.org/source/SYSPETE/Dancer2-Plugin-Auth-Extensible-Provider-LDAP-0.702/lib/Dancer2/Plugin/Auth/Extensible/Provider/LDAP.pm</a><br class=""></div><div class="">Lines 256-264:</div><div class=""><pre id="gmail-m_5886976781167629342gmail-source" class="gmail-m_5886976781167629342gmail-pod-hidden gmail-m_5886976781167629342gmail-line-numbers gmail-m_5886976781167629342gmail-pod-toggle"><div class="gmail-m_5886976781167629342gmail-line gmail-m_5886976781167629342gmail-index255 gmail-m_5886976781167629342gmail-alt1 gmail-m_5886976781167629342gmail-number256"><code class="gmail-m_5886976781167629342gmail-perl gmail-m_5886976781167629342gmail-spaces"> </code><code class="gmail-m_5886976781167629342gmail-comments gmail-m_5886976781167629342gmail-perl"># now get the roles</code></div><div class="gmail-m_5886976781167629342gmail-line gmail-m_5886976781167629342gmail-number257 gmail-m_5886976781167629342gmail-alt2 gmail-m_5886976781167629342gmail-index256"> </div><div class="gmail-m_5886976781167629342gmail-index257 gmail-m_5886976781167629342gmail-alt1 gmail-m_5886976781167629342gmail-number258 gmail-m_5886976781167629342gmail-line"><code class="gmail-m_5886976781167629342gmail-perl gmail-m_5886976781167629342gmail-spaces"> </code><code class="gmail-m_5886976781167629342gmail-variable gmail-m_5886976781167629342gmail-perl">$mesg</code> <code class="gmail-m_5886976781167629342gmail-perl gmail-m_5886976781167629342gmail-plain">= </code><code class="gmail-m_5886976781167629342gmail-variable gmail-m_5886976781167629342gmail-perl">$ldap</code><code class="gmail-m_5886976781167629342gmail-perl gmail-m_5886976781167629342gmail-plain">->search(</code></div><div class="gmail-m_5886976781167629342gmail-number259 gmail-m_5886976781167629342gmail-alt2 gmail-m_5886976781167629342gmail-index258 gmail-m_5886976781167629342gmail-line"><code class="gmail-m_5886976781167629342gmail-perl gmail-m_5886976781167629342gmail-spaces"> </code><code class="gmail-m_5886976781167629342gmail-perl gmail-m_5886976781167629342gmail-string">base</code> <code class="gmail-m_5886976781167629342gmail-perl gmail-m_5886976781167629342gmail-plain">=> </code><code class="gmail-m_5886976781167629342gmail-variable gmail-m_5886976781167629342gmail-perl">$self</code><code class="gmail-m_5886976781167629342gmail-perl gmail-m_5886976781167629342gmail-plain">->basedn,</code></div><div class="gmail-m_5886976781167629342gmail-number260 gmail-m_5886976781167629342gmail-alt1 gmail-m_5886976781167629342gmail-index259 gmail-m_5886976781167629342gmail-line"><code class="gmail-m_5886976781167629342gmail-perl gmail-m_5886976781167629342gmail-spaces"> </code><code class="gmail-m_5886976781167629342gmail-perl gmail-m_5886976781167629342gmail-string">filter</code> <code class="gmail-m_5886976781167629342gmail-perl gmail-m_5886976781167629342gmail-plain">=> </code><code class="gmail-m_5886976781167629342gmail-perl gmail-m_5886976781167629342gmail-string">'(&'</code></div><div class="gmail-m_5886976781167629342gmail-line gmail-m_5886976781167629342gmail-alt2 gmail-m_5886976781167629342gmail-index260 gmail-m_5886976781167629342gmail-number261"><code class="gmail-m_5886976781167629342gmail-perl gmail-m_5886976781167629342gmail-spaces"> </code><code class="gmail-m_5886976781167629342gmail-perl gmail-m_5886976781167629342gmail-plain">. </code><code class="gmail-m_5886976781167629342gmail-variable gmail-m_5886976781167629342gmail-perl">$self</code><code class="gmail-m_5886976781167629342gmail-perl gmail-m_5886976781167629342gmail-plain">->role_filter . </code><code class="gmail-m_5886976781167629342gmail-perl gmail-m_5886976781167629342gmail-string">'('</code></div><div class="gmail-m_5886976781167629342gmail-line gmail-m_5886976781167629342gmail-number262 gmail-m_5886976781167629342gmail-alt1 gmail-m_5886976781167629342gmail-index261"><code class="gmail-m_5886976781167629342gmail-perl gmail-m_5886976781167629342gmail-spaces"> </code><code class="gmail-m_5886976781167629342gmail-perl gmail-m_5886976781167629342gmail-plain">. </code><code class="gmail-m_5886976781167629342gmail-variable gmail-m_5886976781167629342gmail-perl">$self</code><code class="gmail-m_5886976781167629342gmail-perl gmail-m_5886976781167629342gmail-plain">->role_member_attribute . </code><code class="gmail-m_5886976781167629342gmail-perl gmail-m_5886976781167629342gmail-string">'='</code></div><div class="gmail-m_5886976781167629342gmail-index262 gmail-m_5886976781167629342gmail-alt2 gmail-m_5886976781167629342gmail-number263 gmail-m_5886976781167629342gmail-line"><code class="gmail-m_5886976781167629342gmail-perl gmail-m_5886976781167629342gmail-spaces"> </code><code class="gmail-m_5886976781167629342gmail-perl gmail-m_5886976781167629342gmail-plain">. </code><code class="gmail-m_5886976781167629342gmail-variable gmail-m_5886976781167629342gmail-perl">$entry</code><code class="gmail-m_5886976781167629342gmail-perl gmail-m_5886976781167629342gmail-plain">->dn . </code><code class="gmail-m_5886976781167629342gmail-perl gmail-m_5886976781167629342gmail-string">'))'</code><code class="gmail-m_5886976781167629342gmail-perl gmail-m_5886976781167629342gmail-plain">,</code></div><div class="gmail-m_5886976781167629342gmail-number264 gmail-m_5886976781167629342gmail-index263 gmail-m_5886976781167629342gmail-alt1 gmail-m_5886976781167629342gmail-line"><code class="gmail-m_5886976781167629342gmail-perl gmail-m_5886976781167629342gmail-spaces"> </code><code class="gmail-m_5886976781167629342gmail-perl gmail-m_5886976781167629342gmail-plain">);</code></div></pre></div><div class="">But the good thing is that you can simply change that :)<span class="Apple-converted-space"> </span><br class=""></div></div></div></div></div></div></div></blockquote><div class=""><br class=""></div><div class="">Yes, I saw that. But I will deal with roles much later.</div><br class=""><blockquote type="cite" class=""><div class=""><div dir="ltr" class="" style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;"><div dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" class=""><div class="gmail_quote"><div class=""><br class=""></div><blockquote class="gmail_quote" style="margin: 0px 0px 0px 0.8ex; border-left-width: 1px; border-left-style: solid; border-left-color: rgb(204, 204, 204); padding-left: 1ex;"><div dir="ltr" class=""><div dir="ltr" class=""><div class=""><br class="" style="font-family: Helvetica; font-size: 12px;"><span class="" style="font-family: Helvetica; font-size: 12px;">Oct 10 14:35:13 openldap01 slapd[991]: conn=674413 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text=</span><br class="" style="font-family: Helvetica; font-size: 12px;"><span class="" style="font-family: Helvetica; font-size: 12px;">Oct 10 14:35:13 openldap01 slapd[991]: conn=674413 op=3 UNBIND</span><br class="" style="font-family: Helvetica; font-size: 12px;"><span class="" style="font-family: Helvetica; font-size: 12px;">Oct 10 14:35:13 openldap01 slapd[991]: conn=674413 fd=106 closed</span><br class="" style="font-family: Helvetica; font-size: 12px;"><br class="">User entry in the openldap:</div><div class=""><br class=""></div><div class=""><span class="" style="font-family: Helvetica; font-size: 12px;">dn: uid=battila,ou=people,dc=gothamcity,dc=example,dc=com</span><br class="" style="font-family: Helvetica; font-size: 12px;"><span class="" style="font-family: Helvetica; font-size: 12px;">cn: Attila Bardi</span><br class="" style="font-family: Helvetica; font-size: 12px;"><span class="" style="font-family: Helvetica; font-size: 12px;">gidNumber: 1901</span><br class="" style="font-family: Helvetica; font-size: 12px;"><span class="" style="font-family: Helvetica; font-size: 12px;">givenName: Attila</span><br class="" style="font-family: Helvetica; font-size: 12px;"><span class="" style="font-family: Helvetica; font-size: 12px;">loginShell: /bin/bash</span><br class="" style="font-family: Helvetica; font-size: 12px;"><span class="" style="font-family: Helvetica; font-size: 12px;">description: example</span><br class="" style="font-family: Helvetica; font-size: 12px;"><span class="" style="font-family: Helvetica; font-size: 12px;">objectClass: top</span><br class="" style="font-family: Helvetica; font-size: 12px;"><span class="" style="font-family: Helvetica; font-size: 12px;">objectClass: posixAccount</span><br class="" style="font-family: Helvetica; font-size: 12px;"><span class="" style="font-family: Helvetica; font-size: 12px;">objectClass: shadowAccount</span><br class="" style="font-family: Helvetica; font-size: 12px;"><span class="" style="font-family: Helvetica; font-size: 12px;">objectClass: inetOrgPerson</span><br class="" style="font-family: Helvetica; font-size: 12px;"><span class="" style="font-family: Helvetica; font-size: 12px;">shadowInactive: -1</span><br class="" style="font-family: Helvetica; font-size: 12px;"><span class="" style="font-family: Helvetica; font-size: 12px;">shadowLastChange: 14284</span><br class="" style="font-family: Helvetica; font-size: 12px;"><span class="" style="font-family: Helvetica; font-size: 12px;">shadowMax: 99999</span><br class="" style="font-family: Helvetica; font-size: 12px;"><span class="" style="font-family: Helvetica; font-size: 12px;">shadowMin: 0</span><br class="" style="font-family: Helvetica; font-size: 12px;"><span class="" style="font-family: Helvetica; font-size: 12px;">shadowWarning: 7</span><br class="" style="font-family: Helvetica; font-size: 12px;"><span class="" style="font-family: Helvetica; font-size: 12px;">sn: Bardi</span><br class="" style="font-family: Helvetica; font-size: 12px;"><span class="" style="font-family: Helvetica; font-size: 12px;">uid: battila</span><br class="" style="font-family: Helvetica; font-size: 12px;"><span class="" style="font-family: Helvetica; font-size: 12px;">uidNumber: 43821</span><br class="" style="font-family: Helvetica; font-size: 12px;"><span class="" style="font-family: Helvetica; font-size: 12px;">homeDirectory: /home/battila</span><br class="" style="font-family: Helvetica; font-size: 12px;"><span class="" style="font-family: Helvetica; font-size: 12px;">mail:<span class="gmail-m_5886976781167629342gmail-m_-4693494529859491126gmail-Apple-converted-space"> </span></span><a href="mailto:battila@example.com" target="_blank" class="" style="font-family: Helvetica; font-size: 12px;">battila@example.com</a><br class="" style="font-family: Helvetica; font-size: 12px;"><span class="" style="font-family: Helvetica; font-size: 12px;">structuralObjectClass: inetOrgPerson</span><br class="" style="font-family: Helvetica; font-size: 12px;"><span class="" style="font-family: Helvetica; font-size: 12px;">entryUUID: d3a89750-5a5e-1038-9b9a-dbf2c7148bb9</span><br class="" style="font-family: Helvetica; font-size: 12px;"><span class="" style="font-family: Helvetica; font-size: 12px;">creatorsName: cn=Administrator,dc=gothamcity,dc=example,dc=com</span><br class="" style="font-family: Helvetica; font-size: 12px;"><span class="" style="font-family: Helvetica; font-size: 12px;">createTimestamp: 20181002071629Z</span><br class="" style="font-family: Helvetica; font-size: 12px;"><span class="" style="font-family: Helvetica; font-size: 12px;">userPassword:: e1e1ee1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e</span><br class="" style="font-family: Helvetica; font-size: 12px;"><span class="" style="font-family: Helvetica; font-size: 12px;">entryCSN: 20181002075005.324787Z#000000#000#000000</span><br class="" style="font-family: Helvetica; font-size: 12px;"><span class="" style="font-family: Helvetica; font-size: 12px;">modifiersName: uid=battila,ou=people,dc=gothamcity,dc=example,dc=com</span><br class="" style="font-family: Helvetica; font-size: 12px;"><span class="" style="font-family: Helvetica; font-size: 12px;">modifyTimestamp: 20181002075005Z</span><br class=""><br class=""><br class="" style="font-family: Helvetica; font-size: 12px;">Dancer2 config.yml<br class="" style="font-family: Helvetica; font-size: 12px;"><span class="" style="font-family: Helvetica; font-size: 12px;">plugins:</span><br class="" style="font-family: Helvetica; font-size: 12px;"><span class="" style="font-family: Helvetica; font-size: 12px;"> Auth::Extensible:</span></div><div class=""><span class="" style="font-family: Helvetica; font-size: 12px;"> realms:</span><br class="" style="font-family: Helvetica; font-size: 12px;"><span class="" style="font-family: Helvetica; font-size: 12px;"> config:</span><br class="" style="font-family: Helvetica; font-size: 12px;"><span class="" style="font-family: Helvetica; font-size: 12px;"> provider: Config</span><br class="" style="font-family: Helvetica; font-size: 12px;"><span class="" style="font-family: Helvetica; font-size: 12px;"> users:</span><br class="" style="font-family: Helvetica; font-size: 12px;"><span class="" style="font-family: Helvetica; font-size: 12px;"> - user: 'foo'</span><br class="" style="font-family: Helvetica; font-size: 12px;"><span class="" style="font-family: Helvetica; font-size: 12px;"> pass: 'secret'</span><br class="" style="font-family: Helvetica; font-size: 12px;"><span class="" style="font-family: Helvetica; font-size: 12px;"> users:</span><br class="" style="font-family: Helvetica; font-size: 12px;"><span class="" style="font-family: Helvetica; font-size: 12px;"> provider: LDAP</span><br class="" style="font-family: Helvetica; font-size: 12px;"><span class="" style="font-family: Helvetica; font-size: 12px;"> host: 'openldap01'</span><br class="" style="font-family: Helvetica; font-size: 12px;"><span class="" style="font-family: Helvetica; font-size: 12px;"> binddn: 'cn=Administrator,dc=gothamcity,dc=example,dc=com'</span><br class="" style="font-family: Helvetica; font-size: 12px;"><span class="" style="font-family: Helvetica; font-size: 12px;"> bindpw: 'secret'</span><br class="" style="font-family: Helvetica; font-size: 12px;"><span class="" style="font-family: Helvetica; font-size: 12px;"> basedn: 'dc=example,dc=com'</span><br class="" style="font-family: Helvetica; font-size: 12px;"><span class="" style="font-family: Helvetica; font-size: 12px;"> user_filter: '(objectClass=inetOrgPerson)'</span><br class="" style="font-family: Helvetica; font-size: 12px;"><span class="" style="font-family: Helvetica; font-size: 12px;"> username_attribute: "uid"</span><br class="" style="font-family: Helvetica; font-size: 12px;"></div><div class=""><span class="" style="font-family: Helvetica; font-size: 12px;"><br class=""></span></div><div class=""><span class="" style="font-family: Helvetica; font-size: 12px;">I tried </span><span class="" style="font-family: Helvetica; font-size: 12px;"><i class="">disable_roles: 1<span class="Apple-converted-space"> </span></i>after this but the result is still LOGIN FAILED.</span></div><br class=""></div></div></blockquote><div class=""><br class=""></div><div class="">Another thing which in my opinion is plain wrong is that you need to provide admin binddn and bindpw.</div><div class="">In openldap world normally a user can bind itself and get all the necessary attributes.</div><div class="">Also in many setups it is just not secure to give admin access to ldap tree to a web app.</div><div class=""><br class=""></div><div class="">Here is the plugin for Dancer1 which works with openldap without admin access:<br class=""></div><div class=""><a href="https://pastebin.com/vy9ea9P8" class="">https://pastebin.com/vy9ea9P8</a></div></div></div></div></div></div></div></blockquote><div class=""><br class=""></div><div class="">The ldap plugin I used for Dancer1 required the admin bind too. But for me it is ok, because this way I could add a functionality to add/disable/enable users from the web interface based on roles.</div><div class="">It is the Authen::Simple::LDAP, and it has way much better documentation the this Dancer2::Plugin::Auth::Extensible::Provider::LDAP.</div><br class=""><blockquote type="cite" class=""><div class=""><div dir="ltr" class="" style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;"><div dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" class=""><div class="gmail_quote"><div class="">May be it will give you some hints, though it is easier to fix the original Dancer2 plugin.</div></div></div></div></div></div></div></blockquote><div class=""><br class=""></div>Yep, it seems to I have to dig deep into Daner2 plugin system to understand, then I can fix that LDAP modul.</div><div class=""><br class=""></div><div class=""><br class=""><blockquote type="cite" class=""><div class=""><div dir="ltr" class="" style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;"><div dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" class=""><div class="gmail_quote">Best,<span class="Apple-converted-space"> </span><br class=""></div><div class="gmail_quote">Alex<br class=""></div></div></div></div></div></div></blockquote><br class=""></div><div class="">Best regards,</div><div class="">Attila</div></div></div></blockquote></div><br class=""></div></body></html>