Using SASL's EXTERNAL mechanism from Perl

I need to be able to use the SASL EXTERNAL mechanism to bind to my LDAP directory server from a number of Perl programs (I've already written a bit about this mechanism before).

After installing packages perl-Digest-HMAC, perl-Digest-SHA1 and perl-Net-SSLeay on Centos 4.3 with yum, I downloaded Authen-SASL from CPAN and ran the typical perl Makefile.PL; make; make test; make install, answering No to the question regarding auto-install of GSSAPI.

If you need to install the Perl modules manually, you'll need at least the Digest-SHA1, Digest-HMAC, Net_SSLeay, IO-Socket-SSL, and Authen-SASL modules installed.

The rest is quite easy:


#!/usr/bin/perl

use strict;
use Net::LDAPS;
use Authen::SASL qw(Perl);

# LDAP connection to server.
my $sasl = Authen::SASL->new('EXTERNAL');
my $ldap = Net::LDAPS->new('localhost',
    port => 636,
    onerror => 'die',
   debug => 0,
   clientcert => "dadmin.crt",
   clientkey => "dadmin.key",
   verify => 'require',
   cafile => "ca.pem")  or die $!;

my $dn = 'dc=example,dc=com';
my $msg = $ldap->bind( $dn,
       sasl => $sasl, version => 3 );

$msg->code && bail(2, "Can't bind to directory: " . $msg->error);

The client certificate and key are in the PEM formatted files crt and key respectively, and the root certificate is in ca.pem

Comments are closed

Entry posted on May 30th, 2006 at 12:38 PM in LDAP.

Related Posts

LDAP's EXTERNAL SASL Mechanism, Perl/Linux, Net-LDAPapi, You want small® LDAP server? and Boosting MailScanner with ClamAV on Busy Servers

Comments are closed.

« Fourty Four
FreeNAS »
Home