[Date Prev][Date Next]
RE: FW: programming using ldap api calls
- To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Subject: RE: FW: programming using ldap api calls
- From: "Ang, Melissa" <MAng@axsone.com>
- Date: Thu, 8 Apr 2004 16:19:23 -0400
- Cc: "Openldap Ldap Server (E-mail)" <openldap-software@OpenLDAP.org>
- Content-class: urn:content-classes:message
- Thread-index: AcQdnZtQ2U5DP9twR/eMKbKNdNzo4gACQbjg
- Thread-topic: FW: programming using ldap api calls
ldap can only talk to gssapi through sasl? isn't gssapi a lower level protocol. is it possible to directly use gssapi without having to implement sasl?
thanks for any input.
From: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.org]
Sent: Thursday, April 08, 2004 3:07 PM
To: Ang, Melissa
Cc: Openldap Ldap Server (E-mail)
Subject: Re: FW: programming using ldap api calls
At 11:22 AM 4/8/2004, Ang, Melissa wrote:
>I loook at the code on the client/tools but it says that it needs sasl support. I want to be able to use keberos and openldap without other tools. is this possible?
Kerberos V authentication in LDAP is supported through GSSAPI
through SASL. So, if you compile --without-cyrus-sasl, the
LDAP library will not provide support any SASL mechanisms,
including the GSSAPI (KERBEROS V) mechanism.
Now, your client could, in theory, implement the GSSAPI mechanism
itself (calling ldap_sasl_bind() and friends as needed), but then
you'd, at best, be reinventing the wheel.
>From: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.org]
>Sent: Thursday, April 08, 2004 2:16 PM
>To: Ang, Melissa
>Cc: Openldap Ldap Server (E-mail)
>Subject: Re: programming using ldap api calls
>At 08:12 AM 4/8/2004, Ang, Melissa wrote:
>>I'd like to create a program using openldap's ldap api calls. This program is going to be using sasl and gssapi. but I noticed that openldap api's have ldap_kerberos_bind. Is this the same as the gssapi sasl binding?
>No. Use ldap_sasl_interactive_bind_s().
>>can anyone point me to any documentation on openldap's api programming. I couldn;t seem to find it on <http://www.openldap.org>www.openldap.org
>API documentation is incomplete (especially in this area).
>See client/tools for examples of how to use