[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Net::LDAP and GSSAPI authentication

Chris Schadl wrote:

Does anyone have any experience getting the Net::LDAP perl module working
with GSSAPI authentication?  So far I've tried to get it working by
installing Authen::SASL and Authen::SASL::Cyrus from CPAN, along with the
perl-cyrus-sasl package (which provides Authen::SASL::GSSAPI) from
http://www.sxw.org.uk/computing/software/.  However, when I try to bind to
the server as follows:

I really ought to update that page. My perl-cyrus-sasl package uses an older API than the current Net::LDAP and Authen::SASL. I haven't updated it as we made a decision to move over to the CPAN Authen::Cyrus::SASL package when we upgraded Net::LDAP here.

However, the CPAN Authen::Cyrus::SASL has a significant number of issues, especially in terms of handling the I/O requirements of encrypted sessions. I've got a fairly large patch set for this already, and we're still seeing strange behaviour over large data transfers. I'm beginning to suspect that there are issues with the GSSAPI SASL library itself, which OpenLDAP never sees, as its careful to always supply full blocks to it.

If anyone's interested in debugging this too, I'm happy to share the patch set - but I would caution against its use in production environments.

The perl-net-ldap list is probably a better location for these kind of questions ...