[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Proxy Authorization and ldap_sasl_interactive_bind_s

To: pturgyan@umich.edu
Subject: Re: Proxy Authorization and ldap_sasl_interactive_bind_s
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Tue, 08 Jul 2003 09:28:57 -0700
Cc: OpenLDAP-software@OpenLDAP.org
In-reply-to: <376.1057678843@binford.rsug.itd.umich.edu>

At 08:40 AM 7/8/2003, pturgyan@umich.edu wrote:
>I've searched through the archives and also the Faq-O-Matic,
>but I can't find any answers to these questions.
>
>We're developing a ldap client that uses OpenLDAP 2.1 and proxy
>authorization.  The only way I've found to do proxy authorization is
>with ldap_sasl_interactive_bind_s.  In order to use
>ldap_sasl_interactive_bind_s I have to allocate a lutil_sasl_defaults
>structure, and I have to pass lutil_sasl_interact as a sasl interaction
>function. The lutil_sasl_defaults structure is defined in
>include/lutil_ldap.h and lutil_sasl_interact is in liblutil.a.
>
>Why isn't lutil_ldap.h and liblutil.a installed when the
>rest of openldap is installed?

-llutil is considered a private library of helper routines.
When lutil_sasl_interact was written, it was viewed as
specific to OpenLDAP shipped clients.

>Are there other ways to do proxy authorization that don't use
>ldap_sasl_interactive_bind_s?

For SASL proxy authorization, the only alternative to
ldap_sasl_interactive_bind_s is to call ldap_sasl_bind()
directly... but that requires you to implement the
mechanism yourself.

Alternatively to SASL proxy authorization, you can use the
LDAP proxy authorization control (on a per operation basis).

References:
- Proxy Authorization and ldap_sasl_interactive_bind_s
  - From: pturgyan@umich.edu

Prev by Date: RE: slapadd and initial loading of ldap
Next by Date: Re: slapadd and initial loading of ldap
Index(es):
- Chronological
- Thread