Re: Authen::SASL::Cyrus, GSSAPI, and mod_perl

Thu, 24 Mar 2005 10:26:59 -0800



--On Thursday, March 24, 2005 6:50 AM -0800 Ben Poliakoff <[EMAIL PROTECTED]> wrote:

* Quanah Gibson-Mount <[EMAIL PROTECTED]> [20050323 20:10]: 

After testing, I have to say "works" is a loose term.  On linux at
least,  it segfaults on me when doing GSSAPI binds.  It doesn't segfault
when doing  the same things with an anonymous bind.


Segfaults?  That's interesting, I haven't had any trouble with it.  How
did you try to bind?  I've been using something like this:


# !/usr/bin/perl -w

use Net::LDAP;
use Authen::SASL;
use strict;

my $ldapserver = 'servername';
my $ldapport = '389';
my $ldapbase = "dc=foo,dc=bar";

my $sasl = Authen::SASL->new(
    mechanism => 'GSSAPI',
    callback => {
        'user' => sub {''} ,
        'password' => sub {''},
        },
);

my $ldap = Net::LDAP->new ($ldapserver, port => $ldapport, version => 3)
or die "LDAP error: [EMAIL PROTECTED]";

# initialize TLS or bail
my $result = $ldap->start_tls();
die $result->error() if $result->code();

my $msg = $ldap->bind( "", sasl => $sasl ,version => 3);
$msg->code && die "[",$msg->code(), "] ", $msg->error;

$msg = $ldap->search(
    base => "$ldapbase",
    scope => "sub",
    # exact match on uid or substring match on cn
    filter => "(|(uid=$ARGV[0])(cn=*$ARGV[0]*))"
    );

if ( $msg->count() > 0 ) {
    print $msg->count(), " entries returned.\n";

    foreach my $entry ( $msg->all_entries() ) {
            $entry->dump();
    }
}


Hm, mine is:

#!/usr/local/bin/perl -w
use Net::LDAP;
use MIME::Base64;
use Authen::SASL;
use Socket;

$server='ldap.stanford.edu';
my $name = gethostbyaddr(inet_aton($server), AF_INET);

my $ldap = Net::LDAP->new($name, version=>3) || die "$@";

my $slavesasl = Authen::SASL->new(mechanism=>'GSSAPI');
my $mesg = $ldap->bind("", sasl=>$slavesasl);

$mesg->code && die $mesg->error;

$mesg = $ldap->search(async=>1,filter=>"(uid=quanah)",base=>"dc=stanford,dc=edu");

@entries = $mesg->entries;

foreach $entry (@entries) {
    $entry->dump;
}


You shouldn't have to initialize the callbacks at all by default (just a note).

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin

Reply via email to