[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: FW: programming using ldap api calls

To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Subject: RE: FW: programming using ldap api calls
From: "Ang, Melissa" <MAng@axsone.com>
Date: Fri, 9 Apr 2004 09:59:24 -0400
Cc: "Openldap Ldap Server (E-mail)" <openldap-software@OpenLDAP.org>
Content-class: urn:content-classes:message
Thread-index: AcQdqTjzeDfvGVPPRHeiJKPqBfpPxwAkOMFg
Thread-topic: FW: programming using ldap api calls

hello again folks! 

so there is no work around to programming with openldap api calls without the sasl library? It is possible to do so by implementing the lower level calls right? Which lower level API calls is this? is this the gss API calls? since SASL sits on top of this layer?

example: 

gss_init_sec_context(....)
...
..
ldap_bind (.., cred,..)
where cred is the credential created by gss api calls?

is this feasible?

thanks again for the help. :)



-----Original Message-----
From: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.org]
Sent: Thursday, April 08, 2004 4:33 PM
To: Ang, Melissa
Cc: Openldap Ldap Server (E-mail)
Subject: RE: FW: programming using ldap api calls


At 01:19 PM 4/8/2004, Ang, Melissa wrote:
>ldap can only talk to gssapi through sasl? isn't gssapi a lower level protocol. is it possible to directly use gssapi without having to implement sasl?

In the LDAP (and SASL) context, the term "GSSAPI" refers to a
particular SASL mechanism, which is a Kerberos V GSSAPI mechanism,
identified by the token "GSSAPI".  SASL supports a number of other
GSSAPI mechanisms, they are identified by other tokens.

It certainly possible to design a LDAP bind method (or a SASL
mechanism) which supported multiple GSSAPI mechanisms, but that
just isn't how its done today.

Kurt

Prev by Date: Re: slapd and permissions
Next by Date: Compiling Openldap 2.1.22 - linking to BerkeleyDB libraries problems
Index(es):
- Chronological
- Thread