On Nov 16, 2009, at 3:04 PM, Markus Moeller wrote:
> I have an OpenSolaris system which has perl 5.8.4 installed as part of the
> OpenSolaris install on which I installed Net::LDAP, GSSAPI, Authen::Krb5,
> Net::DNS with all dependencies.
>
> When I run my perl script I get an error
>
> ./LDAP-AD-query.pl
> GSSAPI Error (init): Unspecified GSS failure. Minor code may provide more
> information
> Server not found in Kerberos database
>
> Looking at the Kerberos traffic I see that a TGS for ldap/<ip-address> is
> requested instead of ldap/<fqdn>. When I change LDAP.pm as below it works.
>
> # If we're talking to a round-robin, the canonical name of
> # the host we are talking to might not match the name we
> # requested
> my $connected_name = $ldap->{net_ldap_socket}->peerhost;
> # $connected_name ||= $ldap->{net_ldap_host};
> $connected_name = $ldap->{net_ldap_host};
>
> Running the same script on OpenSuse with perl 5.10.0 works fine without the
> change. Which underlying perl module do I have to update ?
this is one of those things that needs to be different ways depending on the
system. as a result the next release of Net::LDAP will allow the caller to call
$sasl->client_new("ldap", $connected_name) and pass the result as the sasl
option.
the code to do that is currently on the "next" branch in the repository if you
want to test before we release it.
http://github.com/gbarr/perl-ldap/tree/next/
Graham.
