[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
[ldapext] Proxy Authentication
I am having significant problems with proxy auth. Please help.
Openldap version: 2.2.17
My slapd.conf has the sasl-authz-policy set to both
I have a user uid=matt1
dn: cn=matt1,dc=qa,dc=jabber,dc=com
saslAuthzTo: ldap:///dc=qa,dc=jabber,dc=com??sub?(objectclass=*)
When I run my sample program it fails and I get the below output in my
logs:
=> get_ctrls: oid="2.16.840.1.113730.3.4.18" (critical)
parseProxyAuthz: conn 1 authzid="cn=matt2,dc=qa,dc=jabber,dc=com"
slap_sasl_getdn: id=cn=matt2,dc=qa,dc=jabber,dc=com [len=31]
<= get_ctrls: n=1 rc=47 err="authzId mapping failed"
send_ldap_result: conn=1 op=0 p=3
send_ldap_result: err=47 matched="" text="authzId mapping failed"
SAMPLE CODE:
#include <ldap.h>
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <sys/time.h>
#include <memory.h>
int main()
{
int version;
LDAP* ld;
LDAPControl* requestctrls[2];
LDAPControl* pactrl = NULL;
int port = 7389;
char* host = "sqaldap1.qa.jabber.com";
char* baseDN = "dc=qa,dc=jabber,dc=com";
char* proxyDN = "cn=matt2,dc=qa,dc=jabber,dc=com";
char* bindDN = "cn=matt1,dc=qa,dc=jabber,dc=com";
char* bindPW = "test";
if ((ld = ldap_init(host, port)) == NULL)
{
printf("ldap_init did not return a conn handle.\n");
return (-1);
}
version = LDAP_VERSION3;
ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version);
if (ldap_simple_bind_s(ld, bindDN, bindPW) != LDAP_SUCCESS)
{
printf("ldap_simple_bind_s failed");
return (-1);
}
pactrl = (LDAPControl*)malloc(sizeof(LDAPControl));
memset((void*)pactrl, 0, sizeof(LDAPControl));
pactrl->ldctl_oid = LDAP_CONTROL_PROXY_AUTHZ;
pactrl->ldctl_iscritical = 1;
pactrl->ldctl_value.bv_val = proxyDN;
pactrl->ldctl_value.bv_len = strlen(proxyDN);
requestctrls[0] = pactrl;
requestctrls[1] = NULL;
/* Perform the search using the control */
LDAPMessage* results;
printf("Searching for %s with the proxy auth control.\n", proxyDN);
int err;
if ( (err = ldap_search_ext_s( ld, proxyDN, LDAP_SCOPE_SUBTREE,
"(objectclass=*)",
NULL, 0, requestctrls, NULL, NULL,
LDAP_NO_LIMIT,
&results )) != LDAP_SUCCESS ) {
printf("%d, %s\n", err, ldap_err2string(err));
printf("ldap_search_ext failed.\n");
printf("Something is wrong with proxied auth.\n");
} else {
printf("ldap_search_ext didn't fail.\n");
}
return 0;
}
Thanks,
--
Matt Yacobucci <myacobucci@jabber.com>
_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext