[Date Prev][Date Next] [Chronological] [Thread] [Top]

ldap_sasl_bind_s() with DIGEST-MD5

Hi,

The problem explained below must be fairly straightforward or even look silly for folks on this mailing list. Sorry for the trouble but I hope one of you might be willing to help a newbie.

I am implementing an simple application that finds out a user's attributes using OpenLDAP.

This a snippet of my code.
...
BerValue cred;
cred.bv_len = 10;
cred.bv_val = strdup("mypassword");
ldap_sasl_bind_s(ld, "myuser", LDAP_SASL_SIMPLE /*NULL*/, &cred, NULL, NULL, NULL);

This succeeds and I am able to proceed with my ldap_search_st() call.

But since I don't want to send "mypassword" as plain text over the wire I opted for "DIGEST-MD5"

...
BerValue cred;
cred.bv_len = 10;
cred.bv_val = strdup("mypassword");
ldap_sasl_bind_s(ld, "myuser", "DIGEST-MD5", &cred, NULL, NULL, NULL);

This fails with the error 49
ldap_sasl_bind_s: Invalid credentials (49)
        additional info: 80090326: LdapErr: DSID-0C0904D1, comment: AcceptSecurityContext error, data 57, v1772


Note: I am using Active Directory. And I believe that my cyrus-sasl installation is good.


I searched a lot but couldn't find the proper documentation for this. Do I have to fill up cred.bv_val differently while using DIGEST-MD5? Is there an OpenLDAP API to do that?
Can someone explain or point me to the right documentation?


Thanks and Regards,
Shankar