Yes,
I guess we should add an accessor method ->host to obtain net_ldap_host, and
probably port too.
calling client_new is the preferred way, so perhaps we should document that
with the example
and only note that $sasl can be passed for backwards compatibility
Graham.
On Oct 6, 2010, at 12:06 , Dale Moore wrote:
> I think that another way to state what Graham is saying is
> that you now need to connect via SASL/GSSAPI
> with the following snippet.
>
> my $ldap = new Net::LDAP($hosturl);
> $ldap || die "Can't connect to LDAP server $hosturl";
>
> my $sasl = new Authen::SASL(mechanism => 'GSSAPI', callback => { });
> $sasl || die "Can't create sasl object";
>
> my $mesg;
> if ( $ldap->VERSION lt '0.37') {
> $mesg = $ldap->bind('', sasl => $sasl);
> } else ( $ldap->VERSION gt '0.39') {
> $mesg = $ldap->bind('', sasl => $sasl->client_new('ldap',
> $ldap->{net_ldap_host}));
> }
>
> I am a believer of examples over text.
> Of course there is more than one way to do it.
>
> Dale
>
> -----Original Message-----
> From: Graham Barr [mailto:gb...@pobox.com]
> Sent: Wednesday, October 06, 2010 12:17 PM
> To: Charlie Root
> Cc: perl-ldap@perl.org
> Subject: Re: ldap 0.4001 not working with sasl 2.15 (GSSAPI)
>
>
> On Oct 5, 2010, at 15:22 , Charlie Root wrote:
>
>> Sorry, I only just joined the mailing list (to try to address this exact
>> issue) so I can't directly quote Markus' original message on this.
>>
>> The use of GSSAPI with perl-ldap broke with version 0.37. A change was
>> made at that time to deal with some issue revolving around servers in a
>> round-robin cycle not having the same server name. That, apparently, was
>> causing some issue.
>
> a change in what can be passed as sasl to bind was done to help this
>
> sasl => SASLOBJ
> Bind using a SASL mechanism. The argument given should be a sub-class of
> Authen::SASL or an Authen::SASL client connection by
> calling client_new on an Authen::SASL object.
>
> If passed an Authen::SASL object then client_new will be called to create a
> client connection object. The hostname passed by
> Net::LDAP to client_new is the result of calling peerhost on the socket. If
> this is not correct for your environment, consider
> calling client_new and passing the client connection object.
>
> so instead of passing the Authen::SASL object itself, which Net::LDAP then
> decides the peerhost, you can call client_new on that
> sasl object and pass the client connection object. this gives you full
> control over the per hostname used in the sasl connection.
>
> Graham.
>
>
>
