# HG changeset patch
# User Mahlon E. Smith <mahlon@laika.com>
# Date 1386095223 28800
# Node ID e3bd30b95695d760745dce030a3e5f724d1c70d6
# Parent  f90f7ff0b146561a10f69d0d20deccb8f4bfb3ce
Add simple SASL support.  Patch from Michael Raitza <spacefrogg-devel@meterriblecrew.net>.

diff -r f90f7ff0b146 -r e3bd30b95695 shelldap
--- a/shelldap	Tue Dec 03 10:13:24 2013 -0800
+++ b/shelldap	Tue Dec 03 10:27:03 2013 -0800
@@ -419,6 +419,7 @@
 use Term::ReadKey;
 use Term::Shell;
 use Digest::MD5;
+use Authen::SASL;
 use Net::LDAP qw/
 	LDAP_SUCCESS
 	LDAP_SERVER_DOWN
@@ -561,17 +562,24 @@
 		}
 	}
 
+	my $sasl;
+	my $sasl_conn;
+	if ($conf->{'mech'}) {
+		my $serv = $conf->{'server'};
+		$serv =~ s!^ldap[si]?://!!;
+		$sasl = Authen::SASL->new(mechanism=>$conf->{'mech'});
+		$sasl_conn = $sasl->client_new('ldap', $serv);
+	}
+	
 	# bind as an authenicated dn
 	if ( $conf->{'binddn'} ) {
 		$rv = $ldap->bind(
 			$conf->{'binddn'},
-			password => $conf->{'bindpass'}
-		);
-	}
-
+			password => $conf->{'bindpass'},
+			sasl => $sasl_conn);
 	# bind anonymously
-	else {
-		$rv = $ldap->bind();
+	} else {
+		$rv = $ldap->bind(sasl => $sasl_conn);
 	}
 
 	my $err = $rv->error();
@@ -583,6 +591,7 @@
 
 	if ( $rv->code() ) {
 		$err .= " (try the --tls flag?)" if $err =~ /confidentiality required/i;
+		$err .= "\n" . $sasl->error() if $sasl;
 		die "LDAP bind error: $err\n";
 	}
 
@@ -2188,6 +2197,7 @@
 	'cacheage=i',
 	'promptpass|W',
 	'timeout=i',
+        'mech|Y=s',
 	'tls_cacert=s',
 	'tls_cert=s',
 	'tls_key=s',