[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: extract response controls after ldap_sasl_interactive_bind_s()

To: masarati@aero.polimi.it
Subject: Re: extract response controls after ldap_sasl_interactive_bind_s()
From: Michael Ströder <michael@stroeder.com>
Date: Sat, 03 Dec 2011 18:00:49 +0100
Cc: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Dkim-signature: v=1; a=rsa-sha1; c=relaxed/relaxed; t=1322931651; l=1567; s=domk; d=stroeder.de; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:References: Subject:CC:To:MIME-Version:From:Date:X-RZG-CLASS-ID:X-RZG-AUTH; bh=JaLsoMsHvQ//a8UE5lMugbD13u8=; b=HMRuKZEW67yUqhjuT6D2HD82RXxJvAQijfQ+4PBW1CSO73pwl0qlI7ENZ5IQFgjY4es 2PSONS8bD0JYcN0+pkSDOKRkepgpPzmf9rM/ZzZJNgOx6GtYIhpZlHOZub6LRFrIwxCXe HYyhH7yIcTA+8M/xDlmIDgOXFslowtkhXb0=
In-reply-to: <4ED9300A.5010909@stroeder.com>
References: <4ED91795.8030904@stroeder.com> <1e7af6003af9f6eaa51a5de1fb70bd97.squirrel@www.aero.polimi.it> <4ED9300A.5010909@stroeder.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:8.0.1) Gecko/20111121 Firefox/8.0.1 SeaMonkey/2.5

Michael Ströder wrote:
> masarati@aero.polimi.it wrote:
>>> Disclaimer: I'm not a C programmer.
>>>
>>> I'd like to evaluate response controls (e.g. ppolicy) also when doing a 
>>> SASL bind. I'm using python-ldap which in turn uses OpenLDAP C API's
>>> function ldap_sasl_interactive_bind_s().
>>
>> Not sure about that.  In clients/tools/common.c there is an example of
>> using ldap_sasl_interactive_bind() asynchronously that purposely allows to
>> extract controls information from the (last) response
> 
> I'm staring at line 1473 in clients/tools/common.c of RE24 but I simply don't
> get it: IMHO in opposite to later call of ldap_sasl_bind() (in a separate else
> clause starting at line 1490) a msgid is not returned by the API and therefore
> it seems to me that ldap_result() is not and cannot be called in the SASL part.

Is the ppolicy control supported by the command-line tools if SASL is used?
The code does not look like that and using ldapsearch also seems to lead to
different results when using SASL and simple bind:

$ ldapsearch -H ldap://server -Y DIGEST-MD5 -e ppolicy -U test -w test -LL
-b"" -s base
SASL/DIGEST-MD5 authentication started
SASL username: test
SASL SSF: 128
SASL data security layer installed.
version: 1

Server is unwilling to perform (53)

$  ldapsearch -x -H ldap://server -e ppolicy -D "uid=test,dc=example,dc=com"
-w test -LL -b"" -s base
ldap_bind: Success (0); Password must be changed (Password expires in 0 seconds)
version: 1

Server is unwilling to perform (53)

Ciao, michael.

Follow-Ups:
- Re: extract response controls after ldap_sasl_interactive_bind_s()
  - From: Michael Ströder <michael@stroeder.com>

References:
- extract response controls after ldap_sasl_interactive_bind_s()
  - From: Michael Ströder <michael@stroeder.com>
- Re: extract response controls after ldap_sasl_interactive_bind_s()
  - From: masarati@aero.polimi.it
- Re: extract response controls after ldap_sasl_interactive_bind_s()
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: OpenLDAP syncrepl woes
Next by Date: RWM
Index(es):
- Chronological
- Thread