Re: ldap_sasl_bind_s() with DIGEST-MD5

[Kurt Zeilenga <Kurt@OpenLDAP.org>]

On Jul 24, 2010, at 8:48 AM, Shankar Anand R wrote:

> Can someone point me to a sample program which uses ldap_sasl_bind_s()
> with "DIGEST-MD5"?

Such a program would not be simple and hence is unavailable to the best of my knowledge.

ldap_sasl_bind_s() does not provide any SASL mechanism specific functionality.  It is a low-level facility for sending initial and subsequent LDAP SASL bind requests to the server and obtaining back LDAP SASL bind responses.   It is the callers responsibility to decode the SASL mechanism challenges and produce the SASL mechanism responses.

ldap_sasl_interactive_bind_s() is the high-level facility which does provide SASL mechanism specific functionality for a wide range of SASL mechanisms.  If you only want it to do DIGEST-MD5, tell it so.

Note that interactivity implied by the function name is not necessarily with the user, but between the caller and the function.   The function expects to be able to interact with the caller as might be required to perform the authentication.  Whether the caller translates such interactions into user interactions or responds based on information it otherwise has is up to the caller.

-- Kurt