Qian Li wrote: > Recently, I tried to write a ldap client to do ldap search asynchronously, > but failed to perform search operation after a successful async sasl > (digest-md5) bind. What's your use-case for having async bind operation? Note that the bind operation is somewhat special because it establishs a security context/association. > I compared the captured sync and async packets: > > In sync bind, the search packets were encrypted. > > In async bind, after sasl (digest-md5) binding to ldap server > asynchronously (by calling ldap_sasl_interactive_bind() twice), > ldap_search_ext() was called. But the search packet was in plain text. Then > the ldap server reset the connection or just didn’t response (in the case > of MSAD). Note that SASL bind with DIGEST-MD5 does *not* give you any encryption of the transport channel. Working with MS AD are you looking for SASL/GSSAPI? Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature