[Date Prev][Date Next]
RE: FW: programming using ldap api calls
- To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Subject: RE: FW: programming using ldap api calls
- From: "Ang, Melissa" <MAng@axsone.com>
- Date: Fri, 9 Apr 2004 09:59:24 -0400
- Cc: "Openldap Ldap Server (E-mail)" <openldap-software@OpenLDAP.org>
- Content-class: urn:content-classes:message
- Thread-index: AcQdqTjzeDfvGVPPRHeiJKPqBfpPxwAkOMFg
- Thread-topic: FW: programming using ldap api calls
hello again folks!
so there is no work around to programming with openldap api calls without the sasl library? It is possible to do so by implementing the lower level calls right? Which lower level API calls is this? is this the gss API calls? since SASL sits on top of this layer?
ldap_bind (.., cred,..)
where cred is the credential created by gss api calls?
is this feasible?
thanks again for the help. :)
From: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.org]
Sent: Thursday, April 08, 2004 4:33 PM
To: Ang, Melissa
Cc: Openldap Ldap Server (E-mail)
Subject: RE: FW: programming using ldap api calls
At 01:19 PM 4/8/2004, Ang, Melissa wrote:
>ldap can only talk to gssapi through sasl? isn't gssapi a lower level protocol. is it possible to directly use gssapi without having to implement sasl?
In the LDAP (and SASL) context, the term "GSSAPI" refers to a
particular SASL mechanism, which is a Kerberos V GSSAPI mechanism,
identified by the token "GSSAPI". SASL supports a number of other
GSSAPI mechanisms, they are identified by other tokens.
It certainly possible to design a LDAP bind method (or a SASL
mechanism) which supported multiple GSSAPI mechanisms, but that
just isn't how its done today.