[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap_sasl_bind vs. ldap_sasl_interactive_bind_s

To: "Thilko Richter" <thilko.richter@googlemail.com>
Subject: Re: ldap_sasl_bind vs. ldap_sasl_interactive_bind_s
From: masarati@aero.polimi.it
Date: Fri, 19 Mar 2010 20:14:52 +0100 (CET)
Cc: openldap-technical@openldap.org
Importance: Normal
In-reply-to: <c93dcaf11003191203rbbe7da5r45840f4b4dec724b@mail.gmail.com>
References: <c93dcaf11003182303iabcac56w278aa25598b47309@mail.gmail.com> <8e99a918b9f8eeb307eac698ada62eb9.squirrel@www.aero.polimi.it> <c93dcaf11003191203rbbe7da5r45840f4b4dec724b@mail.gmail.com>
User-agent: SquirrelMail/1.4.15

> On Fri, Mar 19, 2010 at 1:27 PM,  <masarati@aero.polimi.it> wrote:
>>> Hi,
>>>
>>> I am still trying to make an sasl bind. Now I use ldap_sasl_bind_s
>>> with 'CRAM-MD5'. The server sends a 'LDAP_SASL_BIND_IN_PROGRESS' back,
>>> but as far as I can see the server cred are empty. How do I make the
>>> next call with ldap_sasl_bind_s?
>>>
>>> In the documentation I have seen that the use of ldap_sasl_bind is not
>>> recommended as client use, instead the ldap_sasl_interactive_bind_s
>>> should be preferred. Has anyone a working example of how to use this
>>> method, or some api doc? I have no clue how to set 'flags' the
>>> LDAP_SASL_INTERACT_PROC, an the 'defaults' params..
>>
>> You first say that you're using ldap_sasl_bind_s(), and then you note
>> that
>> ldap_sasl_bind() is not recommended.  Do you realize that despite some
>> similarities in the name, the two functions are profoundly different?
>>  By
>> no means ldap_sasl_bind_s() can return LDAP_SASL_BIND_IN_PROGRESS.
>
> Yes, I know that those methods behave differently - as I have read in
> the docs, I just search for the simplest alternative as possible for
> ldap_simple_bind, since I have seen that the ldap_simple_bind methods
> are deprecated.
>
> Nevertheless ldap_sasl_bind_s returns LDAP_SASL_BIND_IN_PROGRESS which
> I understand as a challenge which should be returned back to the
> server. This one seems to had a similiar issue: http://bit.ly/awT4D4
>
> But I think I have to look at the examples for better understanding -
> thx for the tip!

ldap_sasl_bind_s() can be used, passing LDAP_SASL_SIMPLE, in lieu of
ldap_simple_bind_s().  ldap_sasl_interactive_bind_s(), only need to be
used for those methods that require multiple steps;
LDAP_SASL_BIND_IN_PROGRESS indicates that a further step is expected,
which never happens when performing a simple bind.  See the code snippet
in slap_client_connect(), in servers/slapd/config.c for a complete example
of how both functions can be used in the most complete form.

p.

Follow-Ups:
- Re: ldap_sasl_bind vs. ldap_sasl_interactive_bind_s
  - From: Thilko Richter <thilko.richter@googlemail.com>

References:
- ldap_sasl_bind vs. ldap_sasl_interactive_bind_s
  - From: Thilko Richter <thilko.richter@googlemail.com>
- Re: ldap_sasl_bind vs. ldap_sasl_interactive_bind_s
  - From: masarati@aero.polimi.it

Prev by Date: Re: ldap_sasl_bind vs. ldap_sasl_interactive_bind_s
Next by Date: Re: ldap_sasl_bind vs. ldap_sasl_interactive_bind_s
Index(es):
- Chronological
- Thread