[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap_sasl_interactive_bind_s

To: inlovewithgod@gmail.com
Subject: Re: ldap_sasl_interactive_bind_s
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Fri, 16 Sep 2005 09:44:00 -0700
Cc: Dieter Kluenter <dieter@dkluenter.de>, OpenLDAP Software List <OpenLDAP-software@OpenLDAP.org>
In-reply-to: <233eb300509160539403e2cae@mail.gmail.com>
References: <233eb3005091513231cd2cbe9@mail.gmail.com> <87psr9bg75.fsf@rubin.l4b.de> <233eb300509160539403e2cae@mail.gmail.com>

At 05:39 AM 9/16/2005, Jeremiah Martell wrote:
>Thanks for the reply. However, my system is setup correctly for cross-realm 
>authentication. I have another application that does it perfectly fine, so 
>it's not how my system are setup.

You should get Cyrus SASL test programs working, then get
ldapwhoami(1) working with SASL, then worry about your own
programs.   Discussions of the Cyrus SASL test programs should
be taken to the Cyrus SASL mailing list.

>Anybody have any experience on how to correctly use 
>ldap_sasl_interactive_bind_s?

Yes.  See ldapwhoami code in clients/tools.

>I know my "interact function" get's asked for 
>some values, and currently I return nothing. I've tried to return a valid 
>realm but it doesn't seem to get used (verified with ethereal). Any ideas?

Because in Cyrus SASL the Kerberos realm in the Kerberos
ticket is always used in the case of the GSSAPI mechanism.

As Dieter hinted, getting cross-realm authentication to work
is not really specific to OpenLDAP Software.  If you get the
Cyrus SASL test programs working, one should be able to
get every program (such as those in OpenLDAP Software) using
Cyrus SASL should without significant hassle.

Kurt

>Thanks,
>
>- Jeremiah
>inlovewithGod@gmail.com
>
>On 9/16/05, Dieter Kluenter <dieter@dkluenter.de> wrote:
>> 
>> Jeremiah Martell <inlovewithgod@gmail.com> writes:
>> 
>> > Hello,
>> >
>> > Is there any documentation on this function? I'm able to get openldap to
>> > successfully use this function to authenticate to a ldap directory with
>> > SASL/GSSAPI when my kerberos credentials and the ldap directory are in 
>> the
>> > same realm. But when my credentials and the ldap directory are in 
>> different
>> > realms, it's failing. I'm not sure what to pass this function to make
>> > multi-realm logins work. Any ideas?
>> 
>> This is a kerberos related question. Set up your system to cross realm
>> authentication and two way trust relation.
>> 
>> -Dieter
>> 
>> --
>> Dieter Klünter | Systemberatung
>> http://www.dkluenter.de
>> GPG Key ID:8EF7B6C6
>> 
>>

Follow-Ups:
- Re: ldap_sasl_interactive_bind_s
  - From: Jeremiah Martell <inlovewithgod@gmail.com>

References:
- ldap_sasl_interactive_bind_s
  - From: Jeremiah Martell <inlovewithgod@gmail.com>
- Re: ldap_sasl_interactive_bind_s
  - From: "Dieter Kluenter" <dieter@dkluenter.de>
- Re: ldap_sasl_interactive_bind_s
  - From: Jeremiah Martell <inlovewithgod@gmail.com>

Prev by Date: Re: ldap_sasl_interactive_bind_s
Next by Date: 2.3.7 build problems (libtool?)
Index(es):
- Chronological
- Thread