Re: ldap 0.4001 not working with sasl 2.15 (GSSAPI)

Wed, 06 Oct 2010 12:10:41 -0700 

Hi Dale,


I tried this and it fails

No SASL mechanism found
.../Authen/SASL.pm line 77

Markus
"Dale Moore" <dale.mo...@cs.cmu.edu> wrote in message news:25377.9927305461$1286384...@news.gmane.org... 
I think that another way to state what Graham is saying is
that you now need to connect via SASL/GSSAPI
with the following snippet.

my $ldap = new Net::LDAP($hosturl);
$ldap || die "Can't connect to LDAP server $hosturl";

my $sasl = new Authen::SASL(mechanism => 'GSSAPI', callback => { });
$sasl || die "Can't create sasl object";

my $mesg;
if ( $ldap->VERSION lt '0.37') {
   $mesg = $ldap->bind('', sasl => $sasl);
} else ( $ldap->VERSION gt '0.39') {
   $mesg = $ldap->bind('', sasl => $sasl->client_new('ldap',

$ldap->{net_ldap_host}));
}

I am a believer of examples over text.
Of course there is more than one way to do it.

Dale

-----Original Message-----
From: Graham Barr [mailto:gb...@pobox.com]
Sent: Wednesday, October 06, 2010 12:17 PM
To: Charlie Root
Cc: perl-ldap@perl.org
Subject: Re: ldap 0.4001 not working with sasl 2.15 (GSSAPI)


On Oct 5, 2010, at 15:22 , Charlie Root wrote:


Sorry, I only just joined the mailing list (to try to address this exact
issue) so I can't directly quote Markus' original message on this.

The use of GSSAPI with perl-ldap broke with version 0.37. A change was
made at that time to deal with some issue revolving around servers in a
round-robin cycle not having the same server name. That, apparently, was
causing some issue.


a change in what can be passed as sasl to bind was done to help this

sasl => SASLOBJ
Bind using a SASL mechanism. The argument given should be a sub-class of Authen::SASL or an Authen::SASL client connection by 
calling client_new on an Authen::SASL object.
If passed an Authen::SASL object then client_new will be called to create a client connection object. The hostname passed by Net::LDAP to client_new is the result of calling peerhost on the socket. If this is not correct for your environment, consider 
calling client_new and passing the client connection object.
so instead of passing the Authen::SASL object itself, which Net::LDAP then decides the peerhost, you can call client_new on that sasl object and pass the client connection object. this gives you full control over the per hostname used in the sasl connection. 

Graham.

Reply via email to