Fix anonymous binds when SASL is not used.
Reported by Landry Breuil <landry@rhaalovely.net>.
--- a/shelldap Tue Dec 08 00:55:48 2015 -0800
+++ b/shelldap Mon Jan 11 12:28:23 2016 -0800
@@ -581,32 +581,33 @@
}
}
- eval 'use Authen::SASL';
+ undef $@; eval 'use Authen::SASL';
my ( $sasl, $sasl_conn );
- my $has_sasl = ! defined( $@ );
-
- if ( $has_sasl && $conf->{'sasl'} ) {
+ my $has_sasl = ! $@;
+ my $use_sasl = $has_sasl && $conf->{'sasl'};
+
+ die "SASL requested, but library is not installed. Please install Authen::SASL and try again.\n" if $conf->{'sasl'} && ! $has_sasl;
+
+ if ( $use_sasl ) {
my $serv = $conf->{'server'};
$serv =~ s!^ldap[si]?://!!;
$sasl = Authen::SASL->new( mechanism => $conf->{'sasl'} );
- $sasl_conn = $sasl->client_new('ldap', $serv);
+ $sasl_conn = $sasl->client_new( 'ldap', $serv );
}
-
+
# bind with sasl
#
- if ( $has_sasl && $sasl_conn ) {
- $rv = $ldap->bind(
- $conf->{'binddn'},
+ if ( $sasl_conn ) {
+ $rv = $ldap->bind( $conf->{'binddn'},
password => $conf->{'bindpass'},
- sasl => $sasl_conn
+ sasl => $sasl_conn
);
}
# simple bind as an authenticated dn
#
elsif ( $conf->{'binddn'} ) {
- $rv = $ldap->bind(
- $conf->{'binddn'},
+ $rv = $ldap->bind( $conf->{'binddn'},
password => $conf->{'bindpass'}
);
}
@@ -614,19 +615,19 @@
# bind anonymously
#
else {
- $rv = $ldap->bind(sasl => $sasl_conn);
+ $rv = $sasl_conn ? $ldap->bind( sasl => $sasl_conn ) : $ldap->bind();
}
my $err = $rv->error();
$self->debug(
"Bind as " .
- ( $conf->{'binddn'} ? $conf->{'binddn'} : 'anonymous' ) .
- " to " . $conf->{'server'} . ": $err\n"
+ ( $conf->{'binddn'} ? $conf->{'binddn'} : 'anonymous' ) .
+ " to " . $conf->{'server'} . ": $err\n"
);
if ( $rv->code() ) {
$err .= " (try the --tls flag?)" if $err =~ /confidentiality required/i;
- $err .= "\n" . $sasl->error() if $sasl;
+ $err .= "\n" . $sasl->error if $sasl_conn && defined( $sasl->error );
die "LDAP bind error: $err\n";
}