Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
sasl problems
6 views
Skip to first unread message
Natxo Asenjo
Mar 22, 2013, 6:13:03 PM3/22/13
to perl...@perl.org
hi,
I am coding a perl dancer web app that will fetch/write info to an
ldap backend (freeipa.org). The ldap vendor is 389, the old netscape
ldap server.
This backend includes kerberos.
So without sasl, it works great. But i would like to avoid passwords
provided we already have a kerberos infrastructure. And I get this
error:
substr outside of string at
/opt/perl5/perls/perl-5.14.2/lib/site_perl/5.14.4/Authen/SASL/Perl.pm
line 333.
Dancer very helpfully displays that line for me:
my $x = $self->{conn}->encode(substr($_[1], $offset || 0, $bsz));
but this tells me very little.
This is a slightly modified script that binds to the ldap server. I
get an ldap/REALM ticket so I know that piece is working:
use strict;
use warnings;
use Net::LDAP;
use Authen::SASL;
my $ldapbase = "cn=users,cn=accounts,dc=ipa,dc=asenjo,dc=nx";
my ( $name ) = @ARGV ;
my $sasl = Authen::SASL->new(mechanism => 'GSSAPI' ) || die "$@";
my $ldap = Net::LDAP->new('kdc.ipa.asenjo.nx') || die "$@";
my $msg = $ldap->bind( sasl => $sasl );
ldap_search($name);
sub ldap_search {
my ( $search ) = @_;
$msg = $ldap->search(
base => $ldapbase,
scope => "sub",
filter => "(|(uid=*$search*)(cn=*$search*))",
attr => ["uid"],
);
my %ldap_users;
for my $entry ( $msg->entries) {
my $uid = $entry->get_value( 'uid' );
$ldap_users{$uid} = $uid;
}
return %ldap_users;
}
$ ./testkerb test
substr outside of string at
/opt/perl5/perls/perl-5.14.2/lib/site_perl/5.14.4/Authen/SASL/Perl.pm
line 333, <DATA> line 635.
Looking at the Authen::SASL cpan page I see questions related to this
module should be on this list too.
I have asked for debuggin info to sasl:
$ perl testkerb.pl adm
state(0): The routine must be called again to complete its
function;Unknown error; output token sz: 621
state(0): The routine completed successfully;Unknown error; output token sz:
state(1): layermask 7,rsz 2048,lsz 16777215,choice 4
substr outside of string at
/opt/perl5/perls/perl-5.14.2/lib/site_perl/5.14.4/Authen/SASL/Perl.pm
line 333, <DATA> line 635.
On the ldap server logs I see I logged in and that the query was
executed, but it keeps barfing.
Net::LDAP version is 0.53, Authen::SASL is 2.16 (both the latest, I think).
--
natxo
--
Groeten,
natxo
I am coding a perl dancer web app that will fetch/write info to an
ldap backend (freeipa.org). The ldap vendor is 389, the old netscape
ldap server.
This backend includes kerberos.
So without sasl, it works great. But i would like to avoid passwords
provided we already have a kerberos infrastructure. And I get this
error:
substr outside of string at
/opt/perl5/perls/perl-5.14.2/lib/site_perl/5.14.4/Authen/SASL/Perl.pm
line 333.
Dancer very helpfully displays that line for me:
my $x = $self->{conn}->encode(substr($_[1], $offset || 0, $bsz));
but this tells me very little.
This is a slightly modified script that binds to the ldap server. I
get an ldap/REALM ticket so I know that piece is working:
use strict;
use warnings;
use Net::LDAP;
use Authen::SASL;
my $ldapbase = "cn=users,cn=accounts,dc=ipa,dc=asenjo,dc=nx";
my ( $name ) = @ARGV ;
my $sasl = Authen::SASL->new(mechanism => 'GSSAPI' ) || die "$@";
my $ldap = Net::LDAP->new('kdc.ipa.asenjo.nx') || die "$@";
my $msg = $ldap->bind( sasl => $sasl );
ldap_search($name);
sub ldap_search {
my ( $search ) = @_;
$msg = $ldap->search(
base => $ldapbase,
scope => "sub",
filter => "(|(uid=*$search*)(cn=*$search*))",
attr => ["uid"],
);
my %ldap_users;
for my $entry ( $msg->entries) {
my $uid = $entry->get_value( 'uid' );
$ldap_users{$uid} = $uid;
}
return %ldap_users;
}
$ ./testkerb test
substr outside of string at
/opt/perl5/perls/perl-5.14.2/lib/site_perl/5.14.4/Authen/SASL/Perl.pm
line 333, <DATA> line 635.
Looking at the Authen::SASL cpan page I see questions related to this
module should be on this list too.
I have asked for debuggin info to sasl:
$ perl testkerb.pl adm
state(0): The routine must be called again to complete its
function;Unknown error; output token sz: 621
state(0): The routine completed successfully;Unknown error; output token sz:
state(1): layermask 7,rsz 2048,lsz 16777215,choice 4
substr outside of string at
/opt/perl5/perls/perl-5.14.2/lib/site_perl/5.14.4/Authen/SASL/Perl.pm
line 333, <DATA> line 635.
On the ldap server logs I see I logged in and that the query was
executed, but it keeps barfing.
Net::LDAP version is 0.53, Authen::SASL is 2.16 (both the latest, I think).
--
natxo
--
Groeten,
natxo
Quanah Gibson-Mount
Mar 22, 2013, 6:20:49 PM3/22/13
to Natxo Asenjo, perl...@perl.org
--On Friday, March 22, 2013 11:13 PM +0100 Natxo Asenjo
based SASL API that linked to cyrus-sasl for Perl that worked great. But
the pure perl SASL implementation had too many issues for me in addition to
being slow as molasses.
--Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
<natxo....@gmail.com> wrote:
> hi,
>
> I am coding a perl dancer web app that will fetch/write info to an
> ldap backend (freeipa.org). The ldap vendor is 389, the old netscape
> ldap server.
>
> This backend includes kerberos.
>
> So without sasl, it works great. But i would like to avoid passwords
> provided we already have a kerberos infrastructure. And I get this
> error:
>
> substr outside of string at
> /opt/perl5/perls/perl-5.14.2/lib/site_perl/5.14.4/Authen/SASL/Perl.pm
> line 333.
>
> Dancer very helpfully displays that line for me:
>
> my $x = $self->{conn}->encode(substr($_[1], $offset || 0, $bsz));
>
> but this tells me very little.
>
> This is a slightly modified script that binds to the ldap server. I
> get an ldap/REALM ticket so I know that piece is working:
>
> use strict;
> use warnings;
>
> use Net::LDAP;
> use Authen::SASL;
Personally I never found Authen::SASL to work well... There used to be a C
> hi,
>
> I am coding a perl dancer web app that will fetch/write info to an
> ldap backend (freeipa.org). The ldap vendor is 389, the old netscape
> ldap server.
>
> This backend includes kerberos.
>
> So without sasl, it works great. But i would like to avoid passwords
> provided we already have a kerberos infrastructure. And I get this
> error:
>
> substr outside of string at
> /opt/perl5/perls/perl-5.14.2/lib/site_perl/5.14.4/Authen/SASL/Perl.pm
> line 333.
>
> Dancer very helpfully displays that line for me:
>
> my $x = $self->{conn}->encode(substr($_[1], $offset || 0, $bsz));
>
> but this tells me very little.
>
> This is a slightly modified script that binds to the ldap server. I
> get an ldap/REALM ticket so I know that piece is working:
>
> use strict;
> use warnings;
>
> use Net::LDAP;
> use Authen::SASL;
based SASL API that linked to cyrus-sasl for Perl that worked great. But
the pure perl SASL implementation had too many issues for me in addition to
being slow as molasses.
--Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
Natxo Asenjo
Mar 22, 2013, 6:53:18 PM3/22/13
to perl...@perl.org
On Fri, Mar 22, 2013 at 11:20 PM, Quanah Gibson-Mount <qua...@zimbra.com> wrote:
> Personally I never found Authen::SASL to work well... There used to be a C
> based SASL API that linked to cyrus-sasl for Perl that worked great. But
> the pure perl SASL implementation had too many issues for me in addition to
> being slow as molasses.
good tip! I compiled Authen::SASL::XS and it is now working.
> Personally I never found Authen::SASL to work well... There used to be a C
> based SASL API that linked to cyrus-sasl for Perl that worked great. But
> the pure perl SASL implementation had too many issues for me in addition to
> being slow as molasses.
Thanks!
--
natxo
0 new messages