[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Query on ldap sasl bind
- To: Nishanth Nagendra <nishanth.amogh@gmail.com>, openldap-technical@openldap.org
- Subject: Re: Query on ldap sasl bind
- From: Quanah Gibson-Mount <quanah@symas.com>
- Date: Mon, 10 Jul 2017 10:53:56 -0700
- Content-disposition: inline
- In-reply-to: <WM!2cffceda7bd6504cbd8a15ba84e896788017a917258f681576332a624bf0e043b63310ef2c84c92d7a330e384d843307!@mailstronghold-3.zmailcloud.com>
- References: <CANrXpCZPRoUPKr=kkkz=me028n+coUTYQFbMad4We=9TNjH+dw@mail.gmail.com> <WM!2cffceda7bd6504cbd8a15ba84e896788017a917258f681576332a624bf0e043b63310ef 2c84c92d7a330e384d843307!@mailstronghold-3.zmailcloud.com>
--On Monday, July 10, 2017 9:02 PM +0530 Nishanth Nagendra
<nishanth.amogh@gmail.com> wrote:
From the openldap source code, I notice that sasl.c file has a constant
LDAP_SASL_SIMPLE as a constant for mechanism which is a NULL value. I
tried to pass a non NULL value in my function call to ldap_sasl_bind in
the third parameter expecting it to hit the other code path to initiate
SASL bind with credentials but the library does not seem to allow it and
returns error from sasl bind.
As clearly noted in the source code comments, the third argument is the
MECHANISM to use:
/*
* ldap_sasl_bind - bind to the ldap server (and X.500).
* The dn (usually NULL), mechanism, and credentials are provided.
* The message id of the request initiated is provided upon successful
* (LDAP_SUCCESS) return.
*
* Example:
* ldap_sasl_bind( ld, NULL, "mechanism",
* cred, NULL, NULL, &msgid )
*/
I.e., you would pass in "GSSAPI" for a SASl/GSSAPI bind, etc.
It is also generally better form to use ldap_sasl_interactive_bind_s, as
noted in the man page. In that case, as noted by the manual page:
The mechs parameter should contain
a space-separated list of candidate mechanisms to use. If
this
parameter is NULL or empty the library will query
the
supportedSASLMechanisms attribute from the server's rootDSE for
the
list of SASL mechanisms the server supports.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>