I'm not sure if I understand, but I see where continuing to rely on
Net::LDAP to get it right might be a problem. I'd like to see a change
to Authen::SASL::Perl where I can override whatever value the host is
populated with. For my uses, something like a callback where I can stick
in a reference to Net::LDAP->Host(). Reason being is that I never know
what server I'm connecting to at the time of scripting. I rely on the
results of a DNS SRV lookup to construct my Net::LDAP object. I know
that an array of servers is returned, and whichever one I end up binding
to is the one I would then need in my SASL constructor so that the end
result is an SPN that AD will not choke on.
Graham Barr wrote:
On Mar 1, 2009, at 7:58 AM, Ismael Lezcano wrote:
I just looked and I think that I was beaten to the punch. What I'm
complaining about is documented in bug 35263 on CPAN. This behavior
was introduced in the sasl round robin patch as part of 0.37. I think
it has something to do with how new_client in the SASL modules is
called. So if the patch is not removed in the next release, I
basically will not be able to use Net::LDAP to connect to AD unless
an alternative is explored in possibly overriding the passed Host
parameter in Authen::SASL::Perl. Then again, I can stay below
Net::LDAP version 0.37 for the time being, but that won't hold
indefinitely.
I think Net::LDAP attempting to determine the host to pass to
client_new is ultimately a bad choice. I do not really want to go
through another round of doing that because we fix it for one person
and break it for others.
Currently the Authen::SASL object is passed to Net::LDAP. But all
Net::LDAP does with that object is call client_new. So my proposal is
that Net::LDAP also accept the result of client_new where it currently
accepts an Authen::SASL object. This will allow the caller to
determine the hostname to pass.
Graham.
