1 files changed, 22 insertions, 4 deletions

diff --git a/LDAPShell.pm b/LDAPShell.pm
index 87e087f..8857c12 100755
--- a/LDAPShell.pm
+++ b/LDAPShell.pm
@@ -195,7 +195,7 @@ sub reconnect
       }
     else
       {
-	$self->{_ldap} = Net::LDAP->new($self->{_server},version=>3,port=>$self->{_port}||389);
+	$self->{_ldap} = $self->{_uri} ? Net::LDAP->new($self->{_uri}) : Net::LDAP->new($self->{_server},version=>3,port=>$self->{_port}||389);
 	my $starttls = $self->getenv('STARTTLS');
 	if ($starttls)
 	  {
@@ -305,11 +305,19 @@ sub authenticate
       }
     elsif ($self->getenv('AUTH') =~ /sasl/is)
       {
-	use Authen::SASL;
-	my $sasl = Authen::SASL->new(mechanism=>$self->getenv('SASL_MECH') || 'GSSAPI');
+        my $mech = $self->getenv('SASL_MECH') || 'GSSAPI';
+        my $sasl;
+        if ($mech eq 'EXTERNAL') {
+           use Authen::SASL qw(Perl); 
+           $sasl = Authen::SASL->new(mechanism => 'EXTERNAL')->client_new('ldap','localhost');
+           $dn = undef;
+        } else {
+           use Authen::SASL;
+           $sasl = Authen::SASL->new(mechanism => $mech);
+        }
 	my $res = $self->{_ldap}->bind($dn,sasl=>$sasl,version=>3);
 	$res->code && die $res->error;
-	$self->{_authenticated} = $dn;
+	$self->{_authenticated} = $dn ? $dn : 'EXTERNAL';
       }
     else
       {
@@ -343,6 +351,15 @@ sub getDN
 	  }
 	push(@paths,$path);
       }
+    elsif ($ustr =~ /^ldapi:/)
+      {
+         $self->{_uri} = $ustr; 
+         my $uri = URI->new($ustr);
+         $path = $uri->path;
+         $path =~ s/^\///o;
+         push(@paths,$path);
+         $self->reconnect();
+      }
     elsif ($ustr =~ /^~(.+)/)
       {
         my $e = $self->getUser($1);
@@ -426,6 +443,7 @@ sub url
   {
     my $self = shift;
 
+    return sprintf "%s%s",$self->{_uri},$self->{_base} if $self->{_uri};
     return "not connected" unless $self->{_server};
 
     if (!$self->{_port} || $self->{_port} == 389)