[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap_sasl_bind_s() with DIGEST-MD5

To: openldap-technical@openldap.org
Subject: Re: ldap_sasl_bind_s() with DIGEST-MD5
From: Shankar Anand R <shankaranand@gmail.com>
Date: Sat, 24 Jul 2010 21:18:15 +0530
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=2bdEiWwmMdSxH0Uu9V+itBbCQ6z1JLVmAAd/bjayqXs=; b=TklUEhYZ4wLZQHrn6GytjjWM8tquyv/WT4ua00c3dSzkP+CJweg0brwNdT7U4XX5j8 tk5qtmvwxu0ckHuNqW2PydvorMJ9aQ6NlcGMqXfxcZlVepnV/SZeHPXOnx9hJADAWZyy SuH9XbU9oCRecfE0o05MkB38Lu2Bav738poFI=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=t/uqD1aD6pdC6sO7zxPadbHZdk5YuHQlCYPw5z0IHdMsDdNuorjc7MvEZ/cVbrGyyX 6ZU8i47KMhIafnhvRK27VQND838m5KqG+J2bhF8m1ZuS7x7Y4JqBh7rT1BeKCGB/r3ta 0NQ8GusfkazpQfyiWO5WOXv0w6CJkHOgmA7k0=
In-reply-to: <AANLkTilVe9byhloxv9Ci7-ZelokGM32tL-w1g54vx591@mail.gmail.com>
References: <AANLkTinJoP1RAw0enP3aU2hdEYIs4qAmck1DEqDzP-Eo@mail.gmail.com> <20100722184044.GD2714@dan.olp.net> <AANLkTilVe9byhloxv9Ci7-ZelokGM32tL-w1g54vx591@mail.gmail.com>

On Fri, Jul 23, 2010 at 9:43 AM, Shankar Anand R <shankaranand@gmail.com> wrote:
>
>
> On Fri, Jul 23, 2010 at 12:10 AM, Dan White <dwhite@olp.net> wrote:
>>
>> On 22/07/10 18:10 +0530, Shankar Anand R wrote:
>>>
>>> Hi,
>>>
>>> The problem explained below must be fairly straightforward or even look
>>> silly for folks on this mailing list. Sorry for the trouble but I hope
>>> one
>>> of you might be willing to help a newbie.
>>>
>>> I am implementing an simple application that finds out a user's
>>> attributes
>>> using OpenLDAP.
>>>
>>> This a snippet of my code.
>>> ...
>>> BerValue cred;
>>> cred.bv_len = 10;
>>> cred.bv_val = strdup("mypassword");
>>> ldap_sasl_bind_s(ld, "myuser", LDAP_SASL_SIMPLE /*NULL*/, &cred, NULL,
>>> NULL,
>>> NULL);
>>>
>>> This succeeds and I am able to proceed with my ldap_search_st() call.
>>>
>>> But since I don't want to send "mypassword" as plain text over the wire I
>>> opted for "DIGEST-MD5"
>>>
>>> ...
>>> BerValue cred;
>>> cred.bv_len = 10;
>>> cred.bv_val = strdup("mypassword");
>>> ldap_sasl_bind_s(ld, "myuser", "DIGEST-MD5", &cred, NULL, NULL, NULL);
>>>
>>> This fails with the error 49
>>> ldap_sasl_bind_s: Invalid credentials (49)
>>>       additional info: 80090326: LdapErr: DSID-0C0904D1, comment:
>>> AcceptSecurityContext error, data 57, v1772
>>>
>>>
>>> Note: I am using Active Directory. And I believe that my cyrus-sasl
>>> installation is good.
>>>
>>>
>>> I searched a lot but couldn't find the proper documentation for this. Do
>>> I
>>> have to fill up cred.bv_val differently while using DIGEST-MD5? Is there
>>> an
>>> OpenLDAP API to do that?
>>> Can someone explain or point me to the right documentation?
>>
>> See the man page for ldap_sasl_interactive_bind_s(), in which you provide
>> a
>> callback function for providing the sasl realm, authc identity, password,
>> and authz identity.
>>
>> Also see doc/programming.html in the cyrus sasl source for discussion of
>> interactions, and plugins/ldapdb.c for a working example.
>
> Thanks for your help. I will read the doc and the example.
>
> Meanwhile I want to check if I can avoid ldap_sasl_interactive_bind_s().
> Wouldn't ldap_sasl_bind_s() work for "DIGEST-MD5"? If it works, I would like
> to go with it. Can you point out a way to do that?

Can someone point me to a sample program which uses ldap_sasl_bind_s()
with "DIGEST-MD5"?

Thanks,
Shankar

Follow-Ups:
- Re: ldap_sasl_bind_s() with DIGEST-MD5
  - From: Dan White <dwhite@olp.net>
- Re: ldap_sasl_bind_s() with DIGEST-MD5
  - From: Kurt Zeilenga <Kurt@OpenLDAP.org>

References:
- ldap_sasl_bind_s() with DIGEST-MD5
  - From: Shankar Anand R <shankaranand@gmail.com>
- Re: ldap_sasl_bind_s() with DIGEST-MD5
  - From: Dan White <dwhite@olp.net>
- Re: ldap_sasl_bind_s() with DIGEST-MD5
  - From: Shankar Anand R <shankaranand@gmail.com>

Prev by Date: How to let users change their passwords?
Next by Date: Re: How to let users change their passwords?
Index(es):
- Chronological
- Thread