Bug #50334 for RTx-EmailCompletion: Support SASL LDAP binds and Start TLS

Attached is a patch to support SASL LDAP binds and Start TLS. Cheers, Dominic.

diff -urN RTx-EmailCompletion-0.06.orig/html/SelfService/Ajax/EmailCompletion RTx-EmailCompletion-0.06/html/SelfService/Ajax/EmailCompletion --- RTx-EmailCompletion-0.06.orig/html/SelfService/Ajax/EmailCompletion 2009-03-13 12:42:08.000000000 +0000 +++ RTx-EmailCompletion-0.06/html/SelfService/Ajax/EmailCompletion 2009-10-08 13:13:13.000000000 +0100 @@ -19,6 +19,7 @@ $RT::EmailCompletionLdapFilter ||= $RT::LdapFilter; $RT::EmailCompletionLdapAttrShow ||= "mail"; $RT::EmailCompletionLdapAttrSearch ||= [qw/mail/]; +$RT::EmailCompletionLdapSASLPlugin ||= 'Perl'; $RT::EmailCompletionLdapMinLength ||= 4; diff -urN RTx-EmailCompletion-0.06.orig/lib/RTx/EmailCompletion/Ldap.pm RTx-EmailCompletion-0.06/lib/RTx/EmailCompletion/Ldap.pm --- RTx-EmailCompletion-0.06.orig/lib/RTx/EmailCompletion/Ldap.pm 2007-11-12 22:32:41.000000000 +0000 +++ RTx-EmailCompletion-0.06/lib/RTx/EmailCompletion/Ldap.pm 2009-10-08 13:22:18.000000000 +0100 @@ -16,9 +16,27 @@ my $ldap = new Net::LDAP($RT::EmailCompletionLdapServer); - my $mesg = defined $RT::EmailCompletionLdapUser && $RT::EmailCompletionLdapUser ne '' ? - $ldap->bind($RT::EmailCompletionLdapUser, password => $RT::EmailCompletionLdapPass) - : $ldap->bind(); + if ( defined $RT::EmailCompletionLdapStartTLSArgs ) { + $ldap->start_tls( %{ $RT::EmailCompletionLdapStartTLSArgs } ); + } + + my $mesg; + if ( defined $RT::EmailCompletionLdapUser && $RT::EmailCompletionLdapUser ne '' && + defined $RT::EmailCompletionLdapPass && $RT::EmailCompletionLdapPass ne '' ) { + $mesg = $ldap->bind($RT::EmailCompletionLdapUser, password => $RT::EmailCompletionLdapPass); + } elsif ( defined $RT::EmailCompletionLdapSASLArgs ) { + eval { + use Authen::SASL ($RT::EmailCompletionLdapSASLPlugin); + }; + if ($@) { + $RT::Logger->crit("Unable to load Authen::SASL: ", $@, "\n"); + return; + } + my $sasl = Authen::SASL->new( %{ $RT::EmailCompletionLdapSASLArgs } ); + $mesg = $ldap->bind( sasl => $sasl ); + } else { + $mesg = $ldap->bind(); + } if ($mesg->code != LDAP_SUCCESS) { $RT::Logger->crit("Unable to bind to $RT::EmailCompletionLdapServer: ", ldap_error_name($mesg->code), "\n"); diff -urN RTx-EmailCompletion-0.06.orig/lib/RTx/EmailCompletion.pm RTx-EmailCompletion-0.06/lib/RTx/EmailCompletion.pm --- RTx-EmailCompletion-0.06.orig/lib/RTx/EmailCompletion.pm 2009-03-13 13:15:33.000000000 +0000 +++ RTx-EmailCompletion-0.06/lib/RTx/EmailCompletion.pm 2009-10-08 13:19:21.000000000 +0100 @@ -241,7 +241,8 @@ LDAP RT extensions). =item * -EmailCompletionLdapUser : the ldap user if you need authentication +EmailCompletionLdapUser : the ldap user if you need simple bind +authentication Set($EmailCompletionLdapUser, "myldapuser"); @@ -250,7 +251,8 @@ LDAP RT extensions). =item * -EmailCompletionLdapPass : the ldap password if you need authentication +EmailCompletionLdapPass : the ldap password if you need +simple bind authentication Set($EmailCompletionLdapPass, "mypassword"); @@ -259,6 +261,32 @@ LDAP RT extensions). =item * +EmailCompletionLdapSASLArgs : if set, use SASL for LDAP binds, passing +this hashref to the Authen::SASL constructor + + Set($EmailCompletionLdapSASLArgs, { + mechanism => 'GSSAPI' + }); + +=item * +EmailCompletionLdapSASLPlugin : if using SASL LDAP binds, +the Authen::SASL plugin to use + + Set($EmailCompletionLdapSASLPlugin, "Perl"); + +Default value is Perl + +=item * +EmailCompletionLdapStartTLSArgs : if set, use Start TLS with the LDAP +connection before binding, passing this hashref to the Net::LDAP +start_tls method + + Set($EmailCompletionLdapStartTLSArgs, { + verify => 'require', + capath => '/etc/ssl/certs' + }); + +=item * EmailCompletionLdapFilter : the ldap filter if needed Set($EmailCompletionLdapFilter, "(objectclass=person)");