I need to be able to use the SASL EXTERNAL mechanism to bind to my LDAP
directory server from a number of Perl programs (I’ve already written a
bit about this mechanism before). After installing packages perl-Digest-
HMAC, perl-Digest-SHA1 and perl-Net-SSLeay on Centos 4.3 with yum, I
downloaded Authen-SASL from CPAN and ran the typical perl
Makefile.PL; make; make test; make install, answering _N_o to the question
regarding auto-install of GSSAPI. If you need to install the Perl modules
manually, you’ll need at least the Digest-SHA1, Digest-HMAC,
Net_SSLeay, IO-Socket-SSL, and Authen-SASL modules installed.
The rest is quite easy:
#!/usr/bin/perl
use strict;
use Net::LDAPS;
use Authen::SASL qw(Perl);
# LDAP connection to server.
my $sasl = Authen::SASL->new('EXTERNAL');
my $ldap = Net::LDAPS->new('localhost',
port => 636,
onerror => 'die',
debug => 0,
clientcert => "dadmin.crt",
clientkey => "dadmin.key",
verify => 'require',
cafile => "ca.pem") or die $!;
my $dn = 'dc=example,dc=com';
my $msg = $ldap->bind( $dn,
sasl => $sasl, version => 3 );
$msg->code && bail(2, "Can't bind to directory: " . $msg->error); The client certificate and key are in the PEM formatted files crt and key
respectively, and the root certificate is in ca.pem