[Date Prev][Date Next]
Re: FW: programming using ldap api calls
At 11:22 AM 4/8/2004, Ang, Melissa wrote:
>I loook at the code on the client/tools but it says that it needs sasl support. I want to be able to use keberos and openldap without other tools. is this possible?
Kerberos V authentication in LDAP is supported through GSSAPI
through SASL. So, if you compile --without-cyrus-sasl, the
LDAP library will not provide support any SASL mechanisms,
including the GSSAPI (KERBEROS V) mechanism.
Now, your client could, in theory, implement the GSSAPI mechanism
itself (calling ldap_sasl_bind() and friends as needed), but then
you'd, at best, be reinventing the wheel.
>From: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.org]
>Sent: Thursday, April 08, 2004 2:16 PM
>To: Ang, Melissa
>Cc: Openldap Ldap Server (E-mail)
>Subject: Re: programming using ldap api calls
>At 08:12 AM 4/8/2004, Ang, Melissa wrote:
>>I'd like to create a program using openldap's ldap api calls. This program is going to be using sasl and gssapi. but I noticed that openldap api's have ldap_kerberos_bind. Is this the same as the gssapi sasl binding?
>No. Use ldap_sasl_interactive_bind_s().
>>can anyone point me to any documentation on openldap's api programming. I couldn;t seem to find it on <http://www.openldap.org>www.openldap.org
>API documentation is incomplete (especially in this area).
>See client/tools for examples of how to use