diff options
Diffstat (limited to 'lib/Fripost/Schema.pm')
| -rw-r--r-- | lib/Fripost/Schema.pm | 31 |
1 files changed, 23 insertions, 8 deletions
diff --git a/lib/Fripost/Schema.pm b/lib/Fripost/Schema.pm index 9d6f4cb..236b407 100644 --- a/lib/Fripost/Schema.pm +++ b/lib/Fripost/Schema.pm @@ -50,16 +50,31 @@ sub SASLauth { my $self = bless {}, $class; $self->suffix( join ',', @{$cfg{ldap_suffix}} ); $self->whoami( "fvu=$l,fvd=$d,".$self->suffix ); - $self->ldap( Net::LDAP::->new( $cfg{ldap_uri}, async => 1 ) ); + return $self unless defined $cfg{ldap_SASL_mechanism}; - my $sasl = Authen::SASL::->new( - mechanism => 'GSSAPI', - callback => { user => 'dn:'.$self->whoami } - ); - my $conn = $sasl->client_new('ldap', $cfg{krb5_service_instance} ); + $self->ldap( Net::LDAP::->new( $cfg{ldap_uri}, async => 0 )); + + my $callback; + if ($cfg{ldap_SASL_mechanism} eq 'DIGEST-MD5') { + $callback = { user => $cfg{ldap_authcID} + , pass => $cfg{ldap_authcPW} + , authname => 'dn:'.$self->whoami + }; + } + elsif ($cfg{ldap_SASL_mechanism} eq 'GSSAPI') { + $callback = { user => 'dn:'.$self->whoami }; + } + else { + die "Unknown SASL mechanism: ".$cfg{ldap_SASL_mechanism}; + } + + my $sasl = Authen::SASL::->new( mechanism => $cfg{ldap_SASL_mechanism} + , callback => $callback ); + my $host = $cfg{krb5_service_instance} // 'localhost'; + my $conn = $sasl->client_new( 'ldap', $host ); die $conn->error if $conn->code; - my $mesg = $self->ldap->bind( '', sasl => $conn ); + my $mesg = $self->ldap->bind( undef, sasl => $conn ); # This is not supposed to happen. die $mesg->error if $mesg->code; @@ -91,7 +106,7 @@ sub auth { $self->whoami( "fvu=$l,fvd=$d,".$self->suffix ); } - $self->ldap( Net::LDAP::->new( $cfg{ldap_uri}, async => 1 ) ); + $self->ldap( Net::LDAP::->new( $cfg{ldap_uri}, async => 0 ) ); my $mesg = $self->ldap->bind( $self->whoami, password => $pw ); if ($mesg->code) { |