Re: ldap 0.4001 not working with sasl 2.15 (GSSAPI)

Wed, 06 Oct 2010 11:01:06 -0700 

Yes,

I guess we should add an accessor method ->host to obtain net_ldap_host, and 
probably port too.

calling client_new is the preferred way, so perhaps we should document that 
with the example
and only note that $sasl can be passed for backwards compatibility

Graham.

On Oct 6, 2010, at 12:06 , Dale Moore wrote:

> I think that another way to state what Graham is saying is
> that you now need to connect via SASL/GSSAPI
> with the following snippet.
> 
> my $ldap = new Net::LDAP($hosturl);
> $ldap || die "Can't connect to LDAP server $hosturl";
> 
> my $sasl = new Authen::SASL(mechanism => 'GSSAPI', callback => { });
> $sasl || die "Can't create sasl object";
> 
> my $mesg;
> if ( $ldap->VERSION lt '0.37') {
>    $mesg = $ldap->bind('', sasl => $sasl);
> } else ( $ldap->VERSION gt '0.39') {
>    $mesg = $ldap->bind('', sasl => $sasl->client_new('ldap',
>                                                      $ldap->{net_ldap_host}));
> } 
> 
> I am a believer of examples over text.
> Of course there is more than one way to do it.
> 
> Dale
> 
> -----Original Message-----
> From: Graham Barr [mailto:[email protected]] 
> Sent: Wednesday, October 06, 2010 12:17 PM
> To: Charlie Root
> Cc: [email protected]
> Subject: Re: ldap 0.4001 not working with sasl 2.15 (GSSAPI)
> 
> 
> On Oct 5, 2010, at 15:22 , Charlie Root wrote:
> 
>> Sorry, I only just joined the mailing list (to try to address this exact
>> issue) so I can't directly quote Markus' original message on this.
>> 
>> The use of GSSAPI with perl-ldap broke with version 0.37. A change was
>> made at that time to deal with some issue revolving around servers in a
>> round-robin cycle not having the same server name. That, apparently, was
>> causing some issue.
> 
> a change in what can be passed as sasl to bind was done to help this
> 
> sasl => SASLOBJ
>  Bind using a SASL mechanism. The argument given should be a sub-class of 
> Authen::SASL or an Authen::SASL client connection by
> calling client_new on an Authen::SASL object.
> 
>  If passed an Authen::SASL object then client_new will be called to create a 
> client connection object. The hostname passed by
> Net::LDAP to client_new is the result of calling peerhost on the socket. If 
> this is not correct for your environment, consider
> calling client_new and passing the client connection object.
> 
> so instead of passing the Authen::SASL object itself, which Net::LDAP then 
> decides the peerhost, you can call client_new on that
> sasl object and pass the client connection object. this gives you full 
> control over the per hostname used in the sasl connection.
> 
> Graham.
> 
> 
>

Reply via email to