[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: switch from ldap_sasl_interactive_bind_s to ldap_sasl_bind fails

Unless you want to manage the SASL exchange yourself
(which for the GSSAPI mechanism is non-trivial), you
should not use ldap_sasl_bind(3) (or ldap_sasl_bind_s(3)).

If you do want to manage the SASL exchange yourself,
you'll need to do lots of self-education first.  I would
suggest you start by reading ldap_sasl_interactive_bind_s(3)
code (which makes use of ldap_sasl_bind(3) itself).


At 12:54 PM 6/1/2006, Jeremiah Martell wrote:
>I had code that used ldap_sasl_interactive_bind_s that I just switched
>to ldap_sasl_bind.
>I switched because I wanted async binding with sasl (GSSAPI), and
>ldap_sasl_bind seemed a lot simpler to use.
>Now, though, whenever I use my new ldap_sasl_bind code I always get
>back 49 (invalid credentials). Any idea what I could be doing wrong?
>int msgid = 0;
>struct berval cred;
>cred.bv_len = 8;
>cred.bv_val = "PASSWORD";
>if ( ldap_sasl_bind( myldap, NULL, "GSSAPI", &cred, NULL, NULL, &msgid
>) != 0 ) return -1;
>if ( msgid == -1 ) return -1;
>while ( 1 )
>  // do ldap_result and ldap_first_message and ldap_parse_result stuff
>  // i eventually get 49, invalid credentials. which ldap logging
>shows is the case
>  // log shows: "AcceptSecurityContext error", which ethereal verifies
>- Jeremiah