[Date Prev][Date Next]
Re: proxy auth and who am i
Answered my own question - ldctl_iscritical does not need to be set.
whoami_ctrl->ldctl_iscritical should be 0.
On Wed, 2005-06-29 at 18:02 -0600, Matt Yacobucci wrote:
> I am something of an LDAP newbie so hopefully I'm using the correct
> My application needs to do modifies via proxy authentication.
> I can do searches fine anonymously. And if I hard code my authzid
> ("dn:cn=Manager,dc=qa,dc=jabber,dc=com"), or hack one up from the
> provided bind dn I can do modifies, but I would like to use the whoami
> functionality (OID="188.8.131.52.4.1.4184.108.40.206") to dynamically get the
> authzid in order to set the ldctl_value for the Proxy Auth LDAPControl.
> I've read draft-zeilenga-ldap-authzid-xx.txt (Who am I?).
> Question 1:
> Section 2.1 The whoami Request mentions that the "request is an
> ExtendedRequest with the requestName field containing the whoamiOID OID
> and an absent requestValue field."
> Does this refer to the LDAPControl? The ldctl_oid should be set, but not
> the ldctl_value? Wouldn't that need to be the dn of who I'm looking
> for? I haven't read through the ldap_extended_operation code, but know
> the function ldap_whoami eventually calls that with the LDAPControl.
> Question 2:
> When I actually try and use the ldap_whoami_s function with this
> printf("Searching for who i am?\n");
> char* who = "cn=Manager,dc=qa,dc=jabber,dc=com";
> whoami_ctrl = (LDAPControl*)malloc(sizeof(LDAPControl));
> memset((void*)whoami_ctrl, 0, sizeof(LDAPControl));
> whoami_ctrl->ldctl_oid = "220.127.116.11.4.1.418.104.22.168";
> whoami_ctrl->ldctl_iscritical = 1;
> whoami_ctrl->ldctl_value.bv_val = who;
> whoami_ctrl->ldctl_value.bv_len = strlen(who);
> struct berval* authzid;
> whoami_request = whoami_ctrl;
> whoami_request = NULL;
> if ( (err = ldap_whoami_s( ld, &authzid, whoami_request, NULL ) ) )
> printf("%d, %s\n", err, ldap_err2string(err));
> printf("Request DN: %s\nAuthzID: %s\n", who,
> It returns 12, Critical extension is unavailable. Where do I
> install/enable the who am i functionality - the ldapwhoami command line
> seems to work correctly?
> Once again - thanks in advance for any help.
Matt Yacobucci <firstname.lastname@example.org>