Add simple SASL support. Patch from Michael Raitza <spacefrogg-devel@meterriblecrew.net>.

FossilOrigin-Name: a2230a3b35e535d212a0e1d60f38b36a5d965fa6ef002b5539c68ea27287f990

shelldap

@@ -419,6 +419,7 @@ use warnings;
 use Term::ReadKey;
 use Term::Shell;
 use Digest::MD5;
+use Authen::SASL;
 use Net::LDAP qw/
 	LDAP_SUCCESS
 	LDAP_SERVER_DOWN
@@ -561,17 +562,24 @@ You may try connecting insecurely, or install the module and try again.\n} if $@
 		}
 	}
 
+	my $sasl;
+	my $sasl_conn;
+	if ($conf->{'mech'}) {
+		my $serv = $conf->{'server'};
+		$serv =~ s!^ldap[si]?://!!;
+		$sasl = Authen::SASL->new(mechanism=>$conf->{'mech'});
+		$sasl_conn = $sasl->client_new('ldap', $serv);
+	}
+	
 	# bind as an authenicated dn
 	if ( $conf->{'binddn'} ) {
 		$rv = $ldap->bind(
 			$conf->{'binddn'},
-			password => $conf->{'bindpass'}
+			password => $conf->{'bindpass'},
-		);
+			sasl => $sasl_conn);
-	}
-
 	# bind anonymously
-	else {
+	} else {
-		$rv = $ldap->bind();
+		$rv = $ldap->bind(sasl => $sasl_conn);
 	}
 
 	my $err = $rv->error();
@@ -583,6 +591,7 @@ You may try connecting insecurely, or install the module and try again.\n} if $@
 
 	if ( $rv->code() ) {
 		$err .= " (try the --tls flag?)" if $err =~ /confidentiality required/i;
+		$err .= "\n" . $sasl->error() if $sasl;
 		die "LDAP bind error: $err\n";
 	}
 
@@ -2188,6 +2197,7 @@ Getopt::Long::GetOptions(
 	'cacheage=i',
 	'promptpass|W',
 	'timeout=i',
+        'mech|Y=s',
 	'tls_cacert=s',
 	'tls_cert=s',
 	'tls_key=s',