Hi,
I've scanned the archives and the examples on the web but try as I might I
can't seem to get perl-ldap to bind using SASL for the rootdn. In the
example below when I run the search I'm rejected because the server shows me
as an anonymous bind. BUT, when I monitor the connection I get no debug
information to suggest why the ldap server is rejecting the connection.
Here is my short script:-
#!/usr/bin/perl -W
use Net::LDAP;
use Data::Dumper;
use Authen::SASL;
print "Creating LDAP Connection\n";
my $ldap = Net::LDAP->new("mailgate.phyworks-ic.com",debug=>12) or die "$@";
print "Creating SASL Object\n";
my $saslobj = Authen::SASL->new( mechanism => 'DIGEST-MD5', callback=>
{user=>"admin", pass=>"pass",});
print "Trying to bind\n";
my $mesg = $ldap->bind ( "uid=admin,cn=digest-md5,cn=auth",
sasl=>$saslobj,
version => 3 );
print Dumper($mesg);
my $result = $ldap->search ( base=>"ou=People,dc=phyworks-ic,dc=com",
scope=>"sub", filter=>"objectClass=*" );
Running just the bind stage, keeping the server running in full debug mode
gives the following output from slapd:-
daemon: activity on 1 descriptors
daemon: new connection on 12
conn=80 fd=12 ACCEPT from IP=192.168.184.200:42022 (IP=0.0.0.0:389)
daemon: added 12r
daemon: activity on:
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: select: listen=8 active_threads=0 tvp=NULL
daemon: select: listen=9 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 12r
daemon: read activity on 12
connection_get(12)
connection_get(12): got connid=80
connection_read(12): checking for input on id=80
ber_get_next
ldap_read: want=8, got=0
ber_get_next on fd 12 failed errno=0 (Success)
connection_read(12): input error=-2 id=80, closing.
connection_closing: readying conn=80 sd=12 for close
connection_close: conn=80 sd=12
daemon: removing 12
conn=80 fd=12 closed
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: select: listen=8 active_threads=0 tvp=NULL
daemon: select: listen=9 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: select: listen=8 active_threads=0 tvp=NULL
daemon: select: listen=9 active_threads=0 tvp=NULL
The line ldap_read: want=9, got=0 suggests that the problem is that slapd is
waiting for some further response which it never gets. I can authenticate
fine using ldapsearch -U admin etc..., so I'm guessing that the problem is
in the way I'm defining the SASL object!?
Regards,
Bernard McAuley
[EMAIL PROTECTED]
