The Authen::SASL::Perl::PLAIN mechanism (perl 5.8.0, Authen-SASL-2.06) seems
to be sending the authorization ID and the authentication ID in the wrong
order, which causes obvious bind problems.
$sasl = Authen::SASL->new(mechanism => 'PLAIN',
callback => {
pass => "top secret",
user => "[EMAIL PROTECTED]",
authname => "[EMAIL PROTECTED]"
});
$ldap->debug(12);
$ldap->bind(sasl => $sasl);
Which logs:
0000 61: SEQUENCE {
0002 1: INTEGER = 2
0005 56: [APPLICATION 0] {
0007 1: INTEGER = 3
000A 0: STRING = ''
000C 49: [CONTEXT 3] {
000E 5: STRING = 'PLAIN'
0015 40: STRING
0017 : 75 73 65 72 40 69 73 6F 64 65 2E 63 6F 6D 00 61
[EMAIL PROTECTED]
0027 : 75 74 68 40 69 73 6F 64 65 2E 63 6F 6D 00 74 6F
[EMAIL PROTECTED]
0037 : 70 20 73 65 63 72 65 74 __ __ __ __ __ __ __ __ p secret
003F : }
003F : }
003F : }
As far as I can tell from
<http://www.ietf.org/internet-drafts/draft-ietf-sasl-plain-03.txt> the
authname (ie authzid) should be sent first, not the user (ie authcid).
According to the draft's grammar:
message = [authzid] NUL authcid NUL passwd
Cheers,
Chris
