Subject: | Support SASL LDAP binds and Start TLS |
Attached is a patch to support SASL LDAP binds and Start TLS.
Cheers,
Dominic.
Subject: | sasl-bind-tls.patch |
diff -urN RTx-EmailCompletion-0.06.orig/html/SelfService/Ajax/EmailCompletion RTx-EmailCompletion-0.06/html/SelfService/Ajax/EmailCompletion
--- RTx-EmailCompletion-0.06.orig/html/SelfService/Ajax/EmailCompletion 2009-03-13 12:42:08.000000000 +0000
+++ RTx-EmailCompletion-0.06/html/SelfService/Ajax/EmailCompletion 2009-10-08 13:13:13.000000000 +0100
@@ -19,6 +19,7 @@
$RT::EmailCompletionLdapFilter ||= $RT::LdapFilter;
$RT::EmailCompletionLdapAttrShow ||= "mail";
$RT::EmailCompletionLdapAttrSearch ||= [qw/mail/];
+$RT::EmailCompletionLdapSASLPlugin ||= 'Perl';
$RT::EmailCompletionLdapMinLength ||= 4;
diff -urN RTx-EmailCompletion-0.06.orig/lib/RTx/EmailCompletion/Ldap.pm RTx-EmailCompletion-0.06/lib/RTx/EmailCompletion/Ldap.pm
--- RTx-EmailCompletion-0.06.orig/lib/RTx/EmailCompletion/Ldap.pm 2007-11-12 22:32:41.000000000 +0000
+++ RTx-EmailCompletion-0.06/lib/RTx/EmailCompletion/Ldap.pm 2009-10-08 13:22:18.000000000 +0100
@@ -16,9 +16,27 @@
my $ldap = new Net::LDAP($RT::EmailCompletionLdapServer);
- my $mesg = defined $RT::EmailCompletionLdapUser && $RT::EmailCompletionLdapUser ne '' ?
- $ldap->bind($RT::EmailCompletionLdapUser, password => $RT::EmailCompletionLdapPass)
- : $ldap->bind();
+ if ( defined $RT::EmailCompletionLdapStartTLSArgs ) {
+ $ldap->start_tls( %{ $RT::EmailCompletionLdapStartTLSArgs } );
+ }
+
+ my $mesg;
+ if ( defined $RT::EmailCompletionLdapUser && $RT::EmailCompletionLdapUser ne '' &&
+ defined $RT::EmailCompletionLdapPass && $RT::EmailCompletionLdapPass ne '' ) {
+ $mesg = $ldap->bind($RT::EmailCompletionLdapUser, password => $RT::EmailCompletionLdapPass);
+ } elsif ( defined $RT::EmailCompletionLdapSASLArgs ) {
+ eval {
+ use Authen::SASL ($RT::EmailCompletionLdapSASLPlugin);
+ };
+ if ($@) {
+ $RT::Logger->crit("Unable to load Authen::SASL: ", $@, "\n");
+ return;
+ }
+ my $sasl = Authen::SASL->new( %{ $RT::EmailCompletionLdapSASLArgs } );
+ $mesg = $ldap->bind( sasl => $sasl );
+ } else {
+ $mesg = $ldap->bind();
+ }
if ($mesg->code != LDAP_SUCCESS) {
$RT::Logger->crit("Unable to bind to $RT::EmailCompletionLdapServer: ", ldap_error_name($mesg->code), "\n");
diff -urN RTx-EmailCompletion-0.06.orig/lib/RTx/EmailCompletion.pm RTx-EmailCompletion-0.06/lib/RTx/EmailCompletion.pm
--- RTx-EmailCompletion-0.06.orig/lib/RTx/EmailCompletion.pm 2009-03-13 13:15:33.000000000 +0000
+++ RTx-EmailCompletion-0.06/lib/RTx/EmailCompletion.pm 2009-10-08 13:19:21.000000000 +0100
@@ -241,7 +241,8 @@
LDAP RT extensions).
=item *
-EmailCompletionLdapUser : the ldap user if you need authentication
+EmailCompletionLdapUser : the ldap user if you need simple bind
+authentication
Set($EmailCompletionLdapUser, "myldapuser");
@@ -250,7 +251,8 @@
LDAP RT extensions).
=item *
-EmailCompletionLdapPass : the ldap password if you need authentication
+EmailCompletionLdapPass : the ldap password if you need
+simple bind authentication
Set($EmailCompletionLdapPass, "mypassword");
@@ -259,6 +261,32 @@
LDAP RT extensions).
=item *
+EmailCompletionLdapSASLArgs : if set, use SASL for LDAP binds, passing
+this hashref to the Authen::SASL constructor
+
+ Set($EmailCompletionLdapSASLArgs, {
+ mechanism => 'GSSAPI'
+ });
+
+=item *
+EmailCompletionLdapSASLPlugin : if using SASL LDAP binds,
+the Authen::SASL plugin to use
+
+ Set($EmailCompletionLdapSASLPlugin, "Perl");
+
+Default value is Perl
+
+=item *
+EmailCompletionLdapStartTLSArgs : if set, use Start TLS with the LDAP
+connection before binding, passing this hashref to the Net::LDAP
+start_tls method
+
+ Set($EmailCompletionLdapStartTLSArgs, {
+ verify => 'require',
+ capath => '/etc/ssl/certs'
+ });
+
+=item *
EmailCompletionLdapFilter : the ldap filter if needed
Set($EmailCompletionLdapFilter, "(objectclass=person)");