[Date Prev][Date Next] [Chronological] [Thread] [Top]

ldap_sasl_bind doesn't fail with wrong credentials



Hello,

Shouldn't ldap_sals_bind fail if wrong credentials are given? Or am I checking the bind result in wrong way?
I pass wrong password or username and still can't get BIND ERROR.

#include <stdio.h>
#include <ldap.h>
#include <stdlib.h>

#define HOST "x.x.x.x"

int main (int argc, char **argv)
{

    char *UID = argv[1];
    char *PASSWD = argv[2];

    char BASEDN[80];
    strcpy(BASEDN, "eduPersonPrincipalName=");
    strcat(BASEDN, UID);
    strcat(BASEDN, "@ex.com,ou=People,ou=Users,dc=ex,dc=com");

    LDAP *ld;
    char *ldapuri = NULL;

    LDAPURLDesc url;
    memset( &url, 0, sizeof(url));
    url.lud_scheme = "ldap";
    url.lud_host = HOST;
    url.lud_port = LDAP_PORT;
    url.lud_scope = LDAP_SCOPE_DEFAULT;
    ldapuri = ldap_url_desc2str( &url );


    int rc, msgid, version = LDAP_VERSION3;

    struct berval passwd = {0, NULL};
    passwd.bv_val = PASSWD;
    passwd.bv_len = strlen(PASSWD);

    LDAPControl c;
    LDAPControl **sctrlsp = NULL;
    LDAPControl *sctrls[3];
    LDAPControl sctrl[3];
    int     nsctrls = 0;

    c.ldctl_oid = LDAP_CONTROL_PASSWORDPOLICYREQUEST;
    c.ldctl_value.bv_val = NULL;
    c.ldctl_value.bv_len = 0;
    c.ldctl_iscritical = 1;
    sctrl[nsctrls] = c;
    sctrls[nsctrls] = &sctrl[nsctrls];
    sctrls[++nsctrls] = NULL;
    sctrlsp = sctrls;

    if((rc = ldap_initialize(&ld, ldapuri)) != LDAP_SUCCESS)
    {
        printf("LDAP_INIT Error\n");
        return 1;
    }

    ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version);
    ldap_set_option(ld, LDAP_OPT_REFERRALS, 0);
    ldap_set_option(ld, LDAP_OPT_SERVER_CONTROLS, sctrlsp);

    if((rc = ldap_sasl_bind(ld, BASEDN, LDAP_SASL_SIMPLE, &passwd, NULL, NULL, &msgid)) != LDAP_SUCCESS)
    {
        printf("BIND ERROR\n");
        return 1;
    }

    return 0;

}


Regards,
Andrius