sasl_bind discards OPT_REFERRALS

[hadmut]

Hi,

I just ran into several problems when using ruby-ldap to query users from a Microsoft Active Directory server, using Kerberos authentication.

A major problem was that Active Directory always responds with three referrals to the Active Directory with different host names and different ldap paths. The ldap lib tries to follow them, fails because of the missing bind, and aborts with an error message.

The solution is to use these two settings:

conn.set_option(LDAP::LDAP_OPT_PROTOCOL_VERSION,3) conn.set_option(LDAP::LDAP_OPT_REFERRALS,0)

With these options, the queries work.

Unfortunately, the sasl_bind() does reset the OPT_REFERRALS, which means that this option needs to be set after every sasl_bind (in contrast to simple bind, which keeps the previous value). Since there are additional libraries to be used on top of ruby-ldap (e.g. active ldap), it is not easy to achieve to have this option set after every sasl_bind.

Would be nice if sasl_bind could preserve the general value, like simple_bind.

regards