On Mar 2, 2009, at 1:53 PM, Ismael wrote:
I'm not sure if I understand, but I see where continuing to rely on
Net::LDAP to get it right might be a problem. I'd like to see a
change to Authen::SASL::Perl where I can override whatever value the
host is populated with. For my uses, something like a callback where
I can stick in a reference to Net::LDAP->Host(). Reason being is
that I never know what server I'm connecting to at the time of
scripting. I rely on the results of a DNS SRV lookup to construct my
Net::LDAP object. I know that an array of servers is returned, and
whichever one I end up binding to is the one I would then need in my
SASL constructor so that the end result is an SPN that AD will not
choke on.
I think adding a callback to Authen::SASL is more than what is needed.
What I am suggesting is changing code that currently looks like
my $sasl = Authen::SASL->new(...);
$ldap->bind( sasl => $sasl );
to be
my $sasl = Authen::SASL->new(...);
$ldap->bind( sasl => $sasl->client_new("ldap", $host) );
ie, you call client_new with the host that you want and then pass the
client connection to bind.
Graham.
Graham Barr wrote:
On Mar 1, 2009, at 7:58 AM, Ismael Lezcano wrote:
I just looked and I think that I was beaten to the punch. What I'm
complaining about is documented in bug 35263 on CPAN. This
behavior was introduced in the sasl round robin patch as part of
0.37. I think it has something to do with how new_client in the
SASL modules is called. So if the patch is not removed in the next
release, I basically will not be able to use Net::LDAP to connect
to AD unless an alternative is explored in possibly overriding the
passed Host parameter in Authen::SASL::Perl. Then again, I can
stay below Net::LDAP version 0.37 for the time being, but that
won't hold indefinitely.
I think Net::LDAP attempting to determine the host to pass to
client_new is ultimately a bad choice. I do not really want to go
through another round of doing that because we fix it for one
person and break it for others.
Currently the Authen::SASL object is passed to Net::LDAP. But all
Net::LDAP does with that object is call client_new. So my proposal
is that Net::LDAP also accept the result of client_new where it
currently accepts an Authen::SASL object. This will allow the
caller to determine the hostname to pass.
Graham.
