Re: ldap_sasl_interactive_bind_s() and the seventh param (interac?)

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

The 2.0 slapd doesn't support proxy authorization.  Don't
specify an authzId.  An authzId (and from this, an authzDN)
will be derived from your authentication identity.  The
form of the generated value is dependent configuration.
Current advise is to get GSSAPI bind working, then determine
which form your authzDNs are getting generated in by
examining the logs.

As far as using ldap_sasl_interactive_bind_s(), I suggest
you examine tools source for ldapdelete(1)...

ldap_starttls_s() returns LDAP_NOT_SUPPORTED when built
without OpenSSL.

At 12:50 AM 2001-10-18, Turbo Fredriksson wrote:
>I'm trying to add SSL, TLS and SASL to QmailLDAP/Controls, and have got
>the framework in order. SSL works fine, but not TLS and SASL. I get
>'Not supported' from the functions ldap_sasl_interactive_bind_s() and
>ldap_start_tls_s()...
>
>I have checked (and 'copied' :) much of what's happening in 'ldapsearch'.
>
>What I'm wondering about is the seventh param to ldap_sasl_interactive_bind_s().
>I'm calling this func with NULL there, but maybe that's why it don't work.
>The command ldapsearch is using 'lutil_sasl_interact', but that's not availible
>in the libs. What is this option for?
>
>And does the second param (binddn) really matters, or could I just have NULL
>there?
>
>
>Also, any idea why ldap_start_tls_s() is saying 'Not supported'? I get this
>error in both cases by calling 'ldap_err2string(rc)'...
>
>-- 
> Turbo     __ _     Debian GNU     Unix _IS_ user friendly - it's just 
> ^^^^^    / /(_)_ __  _   ___  __  selective about who its friends are 
>         / / | | '_ \| | | \ \/ /   Debian Certified Linux Developer  
>  _ /// / /__| | | | | |_| |>  <  Turbo Fredriksson   turbo@tripnet.se
>  \\\/  \____/_|_| |_|\__,_/_/\_\ Stockholm/Sweden