[Date Prev][Date Next]
Re: proxy auth and who am i
At 05:02 PM 6/29/2005, Matt Yacobucci wrote:
>I am something of an LDAP newbie so hopefully I'm using the correct
>My application needs to do modifies via proxy authentication.
>I can do searches fine anonymously. And if I hard code my authzid
>("dn:cn=Manager,dc=qa,dc=jabber,dc=com"), or hack one up from the
>provided bind dn I can do modifies, but I would like to use the whoami
>functionality (OID="22.214.171.124.4.1.4126.96.36.199") to dynamically get the
>authzid in order to set the ldctl_value for the Proxy Auth LDAPControl.
The above doesn't make all that much sense to me. Anyways,
I suggest you experiment with command line tools (singularly
and in combination) to gain a basic understanding
of how these capabilities work, including general syntaxes
and semantics and OpenLDAP-specific implementation details,
both singularly and in combination. You should do this before you
attempt to write any code. Otherwise you'll be just bouncing off
walls of misunderstandings.
>I've read draft-zeilenga-ldap-authzid-xx.txt (Who am I?).
>Section 2.1 The whoami Request mentions that the "request is an
>ExtendedRequest with the requestName field containing the whoamiOID OID
>and an absent requestValue field."
>Does this refer to the LDAPControl?
No. draft-zeilenga-ldap-authzid-xx.txt is referring to components
of an LDAP extended operation request, as can be constructed using
ldap_extended_operation(3). The remainder of your post is nonsense
due your false assumption that it was.