Re: Net::LDAP and GSSAPI authentication

[Simon Wilkinson <simon@sxw.org.uk>]

Chris Schadl wrote:

> Does anyone have any experience getting the Net::LDAP perl module working
> with GSSAPI authentication?  So far I've tried to get it working by
> installing Authen::SASL and Authen::SASL::Cyrus from CPAN, along with the
> perl-cyrus-sasl package (which provides Authen::SASL::GSSAPI) from
> http://www.sxw.org.uk/computing/software/.  However, when I try to bind to
> the server as follows:

I really ought to update that page. My perl-cyrus-sasl package uses an 
older API than the current Net::LDAP and Authen::SASL. I haven't updated 
it as we made a decision to move over to the CPAN Authen::Cyrus::SASL 
package when we upgraded Net::LDAP here.

However, the CPAN Authen::Cyrus::SASL has a significant number of 
issues, especially in terms of handling the I/O requirements of 
encrypted sessions. I've got a fairly large patch set for this already, 
and we're still seeing strange behaviour over large data transfers. I'm 
beginning to suspect that there are issues with the GSSAPI SASL library 
itself, which OpenLDAP never sees, as its careful to always supply full 
blocks to it.

If anyone's interested in debugging this too, I'm happy to share the 
patch set - but I would caution against its use in production environments.

The perl-net-ldap list is probably a better location for these kind of 
questions ...

Cheers,

Simon.