This solution works good for me. I don't even have the backward compatiblity
issue to worry about ... I can insist on an appropriate version of perl-ldap.
I really like the elegance of putting the responsibility back into the hands
of the script rather than the module. The module shouldn't really be making
that kind of decision for the user. Thus, I would even go so far as to
deprecate the $sasl capability a few releases from now and ultimately
remove it so that future scripts don't trip over this issue again. Just a
thought.
Documenting this would definitely be useful.
Thanks for all the responses to this, by the way. They were really helpful.
On Wed, Oct 06, 2010 at 01:00:36PM -0500, Graham Barr wrote:
> Yes,
>
> I guess we should add an accessor method ->host to obtain net_ldap_host, and
> probably port too.
>
> calling client_new is the preferred way, so perhaps we should document that
> with the example
> and only note that $sasl can be passed for backwards compatibility
>
> Graham.
>
> On Oct 6, 2010, at 12:06 , Dale Moore wrote:
>
> > I think that another way to state what Graham is saying is
> > that you now need to connect via SASL/GSSAPI
> > with the following snippet.
> >
> > my $ldap = new Net::LDAP($hosturl);
> > $ldap || die "Can't connect to LDAP server $hosturl";
> >
> > my $sasl = new Authen::SASL(mechanism => 'GSSAPI', callback => { });
> > $sasl || die "Can't create sasl object";
> >
> > my $mesg;
> > if ( $ldap->VERSION lt '0.37') {
> > $mesg = $ldap->bind('', sasl => $sasl);
> > } else ( $ldap->VERSION gt '0.39') {
> > $mesg = $ldap->bind('', sasl => $sasl->client_new('ldap',
> >
> > $ldap->{net_ldap_host}));
> > }
> >
> > I am a believer of examples over text.
> > Of course there is more than one way to do it.
> >
> > Dale
> >
> > -----Original Message-----
> > From: Graham Barr [mailto:gb...@pobox.com]
> > Sent: Wednesday, October 06, 2010 12:17 PM
> > To: Charlie Root
> > Cc: perl-ldap@perl.org
> > Subject: Re: ldap 0.4001 not working with sasl 2.15 (GSSAPI)
> >
> >
> > On Oct 5, 2010, at 15:22 , Charlie Root wrote:
> >
> >> Sorry, I only just joined the mailing list (to try to address this exact
> >> issue) so I can't directly quote Markus' original message on this.
> >>
> >> The use of GSSAPI with perl-ldap broke with version 0.37. A change was
> >> made at that time to deal with some issue revolving around servers in a
> >> round-robin cycle not having the same server name. That, apparently, was
> >> causing some issue.
> >
> > a change in what can be passed as sasl to bind was done to help this
> >
> > sasl => SASLOBJ
> > Bind using a SASL mechanism. The argument given should be a sub-class of
> > Authen::SASL or an Authen::SASL client connection by
> > calling client_new on an Authen::SASL object.
> >
> > If passed an Authen::SASL object then client_new will be called to create
> > a client connection object. The hostname passed by
> > Net::LDAP to client_new is the result of calling peerhost on the socket. If
> > this is not correct for your environment, consider
> > calling client_new and passing the client connection object.
> >
> > so instead of passing the Authen::SASL object itself, which Net::LDAP then
> > decides the peerhost, you can call client_new on that
> > sasl object and pass the client connection object. this gives you full
> > control over the per hostname used in the sasl connection.
> >
> > Graham.
> >
> >
> >
>
--
------------------------------------------------------------------------
Antoine Verheijen Email: antoine.verhei...@ualberta.ca
AICT (formerly CNS) Phone: (780) 492-9312
University of Alberta Fax: (780) 492-1729
