Add simple SASL support. Patch from Michael Raitza <spacefrogg-devel@meterriblecrew.net>.
--- a/shelldap Tue Dec 03 10:13:24 2013 -0800
+++ b/shelldap Tue Dec 03 10:27:03 2013 -0800
@@ -419,6 +419,7 @@
use Term::ReadKey;
use Term::Shell;
use Digest::MD5;
+use Authen::SASL;
use Net::LDAP qw/
LDAP_SUCCESS
LDAP_SERVER_DOWN
@@ -561,17 +562,24 @@
}
}
+ my $sasl;
+ my $sasl_conn;
+ if ($conf->{'mech'}) {
+ my $serv = $conf->{'server'};
+ $serv =~ s!^ldap[si]?://!!;
+ $sasl = Authen::SASL->new(mechanism=>$conf->{'mech'});
+ $sasl_conn = $sasl->client_new('ldap', $serv);
+ }
+
# bind as an authenicated dn
if ( $conf->{'binddn'} ) {
$rv = $ldap->bind(
$conf->{'binddn'},
- password => $conf->{'bindpass'}
- );
- }
-
+ password => $conf->{'bindpass'},
+ sasl => $sasl_conn);
# bind anonymously
- else {
- $rv = $ldap->bind();
+ } else {
+ $rv = $ldap->bind(sasl => $sasl_conn);
}
my $err = $rv->error();
@@ -583,6 +591,7 @@
if ( $rv->code() ) {
$err .= " (try the --tls flag?)" if $err =~ /confidentiality required/i;
+ $err .= "\n" . $sasl->error() if $sasl;
die "LDAP bind error: $err\n";
}
@@ -2188,6 +2197,7 @@
'cacheage=i',
'promptpass|W',
'timeout=i',
+ 'mech|Y=s',
'tls_cacert=s',
'tls_cert=s',
'tls_key=s',