[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: proxy auth and who am i

To: openldap-software@OpenLDAP.org
Subject: Re: proxy auth and who am i
From: Matt Yacobucci <myacobucci@jabber.com>
Date: Wed, 29 Jun 2005 18:20:21 -0600
In-reply-to: <1120089737.605.98.camel@perihelion.corp.jabber.com>
References: <1120089737.605.98.camel@perihelion.corp.jabber.com>

Answered my own question - ldctl_iscritical does not need to be set.

whoami_ctrl->ldctl_iscritical should be 0.

MY

On Wed, 2005-06-29 at 18:02 -0600, Matt Yacobucci wrote:
> I am something of an LDAP newbie so hopefully I'm using the correct
> terms.
> 
> My application needs to do modifies via proxy authentication.
> 
> I can do searches fine anonymously. And if I hard code my authzid
> ("dn:cn=Manager,dc=qa,dc=jabber,dc=com"), or hack one up from the
> provided bind dn I can do modifies, but I would like to use the whoami
> functionality (OID="1.3.6.1.4.1.4203.1.11.3") to dynamically get the
> authzid in order to set the ldctl_value for the Proxy Auth LDAPControl.
> 
> I've read draft-zeilenga-ldap-authzid-xx.txt (Who am I?).
> 
> Question 1:
> Section 2.1 The whoami Request mentions that the "request is an
> ExtendedRequest with the requestName field containing the whoamiOID OID
> and an absent requestValue field."
> Does this refer to the LDAPControl? The ldctl_oid should be set, but not
> the ldctl_value?  Wouldn't that need to be the dn of who I'm looking
> for?  I haven't read through the ldap_extended_operation code, but know
> the function ldap_whoami eventually calls that with the LDAPControl.
> 
> Question 2:
> When I actually try and use the ldap_whoami_s function with this
> snippet:
>     printf("Searching for who i am?\n");
>     char* who = "cn=Manager,dc=qa,dc=jabber,dc=com";
> 
>     whoami_ctrl = (LDAPControl*)malloc(sizeof(LDAPControl));
>     memset((void*)whoami_ctrl, 0, sizeof(LDAPControl));
>     whoami_ctrl->ldctl_oid = "1.3.6.1.4.1.4203.1.11.3";
>     whoami_ctrl->ldctl_iscritical = 1;
>     whoami_ctrl->ldctl_value.bv_val = who;
>     whoami_ctrl->ldctl_value.bv_len = strlen(who);
> 
>     struct berval* authzid;
> 
>     whoami_request[0] = whoami_ctrl;
>     whoami_request[1] = NULL;
> 
>     if ( (err = ldap_whoami_s( ld, &authzid, whoami_request, NULL ) ) )
>     {
>         printf("%d, %s\n", err, ldap_err2string(err));
>     }
>     else
>     {
>         printf("Request DN: %s\nAuthzID: %s\n", who,  
>                authzid->bv_val);
>     }
> 
> It returns 12, Critical extension is unavailable.  Where do I
> install/enable the who am i functionality - the ldapwhoami command line
> seems to work correctly?
> 
> Once again - thanks in advance for any help.
> 
-- 
Matt Yacobucci <myacobucci@jabber.com>

Follow-Ups:
- Re: proxy auth and who am i
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- proxy auth and who am i
  - From: Matt Yacobucci <myacobucci@jabber.com>

Prev by Date: proxy auth and who am i
Next by Date: Re: proxy auth and who am i
Index(es):
- Chronological
- Thread