[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP_OPT_X_SASL_AUTHCID and LDAP_OPT_X_SASL_AUTHZID



Howard Chu wrote:
> Michael Ströder wrote:
>>
>> what is returned by
>>
>> ldap_get_options(LDAP_OPT_X_SASL_AUTHCID,[..])
>> ldap_get_options(LDAP_OPT_X_SASL_AUTHZID,[..])
>>
>> I'm getting results with python-ldap which look strange to me after
>> doing a
>> SASL bind. But I'm not sure what should be returned.
> 
> For AUTHCID, it is initialized to the first non-null environment
> variable of USER / USERNAME / LOGNAME. AUTHZID is empty.
> 
> Both of them can be overriden by .ldaprc or LDAP_SASL env variables.

So these are rather meant to be set by the client as defaults (instead of the
call-back vars)?

I was hoping to find a SASL option to query the Kerberbos principal name
actually used after a successful SASL/GSSAPI bind.

Ciao, Michael.