So this is doable with existing modules? If so, i've just tried your
suggestion, and got the following:
Can't locate object method "callback" via package "ldap" (perhaps you
forgot to load "ldap"?)
If that's not what you meant, then should I wait for a future rev of SASL?
Graham Barr wrote:
On Mar 2, 2009, at 1:53 PM, Ismael wrote:
I'm not sure if I understand, but I see where continuing to rely on
Net::LDAP to get it right might be a problem. I'd like to see a
change to Authen::SASL::Perl where I can override whatever value the
host is populated with. For my uses, something like a callback where
I can stick in a reference to Net::LDAP->Host(). Reason being is that
I never know what server I'm connecting to at the time of scripting.
I rely on the results of a DNS SRV lookup to construct my Net::LDAP
object. I know that an array of servers is returned, and whichever
one I end up binding to is the one I would then need in my SASL
constructor so that the end result is an SPN that AD will not choke on.
I think adding a callback to Authen::SASL is more than what is needed.
What I am suggesting is changing code that currently looks like
my $sasl = Authen::SASL->new(...);
$ldap->bind( sasl => $sasl );
to be
my $sasl = Authen::SASL->new(...);
$ldap->bind( sasl => $sasl->client_new("ldap", $host) );
ie, you call client_new with the host that you want and then pass the
client connection to bind.
Graham.
Graham Barr wrote:
On Mar 1, 2009, at 7:58 AM, Ismael Lezcano wrote:
I just looked and I think that I was beaten to the punch. What I'm
complaining about is documented in bug 35263 on CPAN. This behavior
was introduced in the sasl round robin patch as part of 0.37. I
think it has something to do with how new_client in the SASL
modules is called. So if the patch is not removed in the next
release, I basically will not be able to use Net::LDAP to connect
to AD unless an alternative is explored in possibly overriding the
passed Host parameter in Authen::SASL::Perl. Then again, I can stay
below Net::LDAP version 0.37 for the time being, but that won't
hold indefinitely.
I think Net::LDAP attempting to determine the host to pass to
client_new is ultimately a bad choice. I do not really want to go
through another round of doing that because we fix it for one person
and break it for others.
Currently the Authen::SASL object is passed to Net::LDAP. But all
Net::LDAP does with that object is call client_new. So my proposal
is that Net::LDAP also accept the result of client_new where it
currently accepts an Authen::SASL object. This will allow the caller
to determine the hostname to pass.
Graham.
