[Date Prev][Date Next]
Re: Net::LDAP and GSSAPI authentication
Chris Schadl wrote:
Does anyone have any experience getting the Net::LDAP perl module working
with GSSAPI authentication? So far I've tried to get it working by
installing Authen::SASL and Authen::SASL::Cyrus from CPAN, along with the
perl-cyrus-sasl package (which provides Authen::SASL::GSSAPI) from
http://www.sxw.org.uk/computing/software/. However, when I try to bind to
the server as follows:
I really ought to update that page. My perl-cyrus-sasl package uses an
older API than the current Net::LDAP and Authen::SASL. I haven't updated
it as we made a decision to move over to the CPAN Authen::Cyrus::SASL
package when we upgraded Net::LDAP here.
However, the CPAN Authen::Cyrus::SASL has a significant number of
issues, especially in terms of handling the I/O requirements of
encrypted sessions. I've got a fairly large patch set for this already,
and we're still seeing strange behaviour over large data transfers. I'm
beginning to suspect that there are issues with the GSSAPI SASL library
itself, which OpenLDAP never sees, as its careful to always supply full
blocks to it.
If anyone's interested in debugging this too, I'm happy to share the
patch set - but I would caution against its use in production environments.
The perl-net-ldap list is probably a better location for these kind of