I'm porting some code from our old system to a new one, and I
encountered this bug with Authen::SASL 2.13 which was resolved by
downgrading to 2.12.
I'm afraid I don't know that much about SASL (or LDAP), but I did cut
this down to as close to a "hello world" version as I could.
Here's my code (with some names changed to protect the innocent):
use strict;
use Net::LDAP;
use Authen::SASL;
my $ldap = Net::LDAP->new(
'ldaps://my.ldap.server',
version => 3,
verify => 'require',
clientcert => '/path/to/my/client/cert',
clientkey => '/path/to/my/client/key',
cafile => '/path/to/my/cafile',
timeout => 10,
);
die "no Net::LDAP: $!\n" unless $ldap;
my $sasl = Authen::SASL->new(
mechanism => 'EXTERNAL',
callback => { user => '' },
debug => 13,
);
alarm(10); # for Devel::SimpleTrace
my $result = $ldap->bind( "sn=msiScripts,dc=DTC", sasl => $sasl );
if ( $result->code ) {
die "bind with sasl failed: " . $result->error;
}
print "success!\n";
__END__
Using Authen::SASL 2.13, running this code with -wMDevel::SimpleTrace
gives the following stack trace when the alarm times out:
Deep recursion on subroutine "Net::LDAP::_sendmesg"
at
Net::LDAP::_sendmesg(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP/Bind.pm
line 64, <DATA>:275)
at
Net::LDAP::Bind::decode(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP/Bind.pm:64)
at
Net::LDAP::process(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP.pm:865)
at
Net::LDAP::sync(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP.pm:760)
at
Net::LDAP::_sendmesg(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP.pm:813)
at
Net::LDAP::Bind::decode(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP/Bind.pm:64)
at
Net::LDAP::process(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP.pm:865)
at
Net::LDAP::sync(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP.pm:760)
at
Net::LDAP::_sendmesg(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP.pm:813)
[ ... many, many, many, many, many iterations of the same loop omitted ... ]
at
Net::LDAP::Bind::decode(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP/Bind.pm:64)
at
Net::LDAP::process(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP.pm:865)
at
Net::LDAP::sync(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP.pm:760)
at
Net::LDAP::_sendmesg(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP.pm:813)
at
Net::LDAP::bind(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP.pm:422)
at main::(ldaptest.pl:25)
When I downgraded to Authen::SASL 2.12, I got a "success!" message
(yay!) but I also got an interesting stack trace from
Devel::Simpletrace:
Use of uninitialized value in numeric gt (>)
at
Authen::SASL::Perl::securesocket(/usr/local/lib/perl5/site_perl/5.10.1/Authen/SASL/Perl.pm
line 130, <DATA>:275)
at
Net::LDAP::Bind::decode(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP/Bind.pm:39)
at
Net::LDAP::process(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP.pm:865)
at
Net::LDAP::sync(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP.pm:760)
at
Net::LDAP::_sendmesg(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP.pm:813)
at
Net::LDAP::Bind::decode(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP/Bind.pm:64)
at
Net::LDAP::process(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP.pm:865)
at
Net::LDAP::sync(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP.pm:760)
at
Net::LDAP::_sendmesg(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP.pm:813)
at
Net::LDAP::bind(/usr/local/lib/perl5/site_perl/5.10.1/Net/LDAP.pm:422)
at main::(ldaptest.pl:25)
success!
Perhaps the changes in 2.13 included a bad fix for the nonfatal error
shown for 2.12 here?
Forrest Cahoon
