sasl problems

Natxo Asenjo Fri, 22 Mar 2013 15:13:20 -0700

hi,

I am coding a perl dancer web app that will fetch/write info to an
ldap backend (freeipa.org). The ldap vendor is 389, the old netscape
ldap server.


This backend includes kerberos.

So without sasl, it works great. But i would like to avoid passwords
provided we already have a kerberos infrastructure. And I get this
error:

substr outside of string at
/opt/perl5/perls/perl-5.14.2/lib/site_perl/5.14.4/Authen/SASL/Perl.pm
line 333.

Dancer very helpfully displays that line for me:

my $x = $self->{conn}->encode(substr($_[1], $offset || 0, $bsz));

but this tells me very little.

This is a slightly modified script that binds to the ldap server. I
get an ldap/REALM ticket so I know that piece is working:

use strict;
use warnings;

use Net::LDAP;
use Authen::SASL;

my $ldapbase = "cn=users,cn=accounts,dc=ipa,dc=asenjo,dc=nx";

my ( $name ) = @ARGV ;

my $sasl = Authen::SASL->new(mechanism => 'GSSAPI' ) || die "$@";

my $ldap = Net::LDAP->new('kdc.ipa.asenjo.nx') || die "$@";

my $msg = $ldap->bind( sasl => $sasl );

ldap_search($name);

sub ldap_search {
    my ( $search ) = @_;
    $msg = $ldap->search(
                    base    => $ldapbase,
                    scope   => "sub",
                    filter  => "(|(uid=*$search*)(cn=*$search*))",
                    attr    => ["uid"],
                    );

   my %ldap_users;
   for my $entry ( $msg->entries) {
        my $uid = $entry->get_value( 'uid' );
        $ldap_users{$uid} = $uid;
   }
   return %ldap_users;
}

$ ./testkerb test
substr outside of string at
/opt/perl5/perls/perl-5.14.2/lib/site_perl/5.14.4/Authen/SASL/Perl.pm
line 333, <DATA> line 635.


Looking at the Authen::SASL cpan page I see questions related to this
module should be on this list too.

I have asked for debuggin info to sasl:

$ perl testkerb.pl adm
state(0): The routine must be called again to complete its
function;Unknown error; output token sz: 621
state(0): The routine completed successfully;Unknown error; output token sz:
state(1): layermask 7,rsz 2048,lsz 16777215,choice 4
substr outside of string at
/opt/perl5/perls/perl-5.14.2/lib/site_perl/5.14.4/Authen/SASL/Perl.pm
line 333, <DATA> line 635.

On the ldap server logs I see I logged in and that the query was
executed, but it keeps barfing.

Net::LDAP version is 0.53, Authen::SASL is 2.16 (both the latest, I think).
-- 
natxo
--
Groeten,
natxo

sasl problems

Reply via email to