I note that when using SASL, Net::LDAP's bind method automatically sets the
user field to something:
my $sasl = $passwd;
# Tell the SASL object our user identifier
$sasl->callback( user => "dn: $stash{name}")
unless $sasl->callback('user');
We're using SASL EXTERNAL. With this mechanism the authentication id comes
from the client's cert, and the optional sasl->credentials field contains
the authorization id. I'm not sure where all this is defined :-)
Because Net::LDAP's setting the authz id to something ("dn: "), this causes
a bind failure. (The user isn't allowed to authorize as someone else.)
Setting the sasl->credentials seems wrong to me in this case. What do other
people think who are using EXTERNAL? Is the best place to fix this (if it is
a bug) in EXTERNAL.pm?
Cheers,
Chris
