[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: sasl/gssapi bind using libldap
Unless you really really want to implement the full client side of
GSSAPI yourself, do not use ldap_sasl_bind(). What you did was define
your own handler for GSSAPI, but did none of the work required like
getting and passing the tokens.
Either grab "sasl.c" from liblutil (in the /libraries/liblutil of the
openldap source) or link against liblutil to borrow the
lutil_sasl_defaults() function.
If your application is not command-line driven, you will likely want to
modify lutil_sasl_interact() and interaction() from sasl.c to not
prompt.
---------CODE FRAG------------
void *defaults;
unsigned sasl_flags = LDAP_SASL_QUIET;
char *sasl_mech = NULL;
char *sasl_realm = NULL;
char *sasl_authc_id = NULL;
char *sasl_authz_id = NULL;
struct berval passwd = {0, NULL};
defaults = lutil_sasl_defaults(ld,
sasl_mech,
sasl_realm,
sasl_authc_id,
passwd.bv_val,
sasl_authz_id);
rc = ldap_sasl_interactive_bind_s(ld,
binddn, /* character string, not really required */
sasl_mech,
NULL, /* servercontrols */
NULL, /* clientcontrols */
sasl_flags,
lutil_sasl_interact,
defaults);
-------END-----
cheers,
--chris
cmaxwell@themanor.net
On Mon, 2003-04-28 at 11:19, Francois Beretti wrote:
> hello all
>
> I am trying to make a program that will do a SASL/GSSAPI bind to my
> slapd
>
> everything works with my system (kinit ok) and with my ldap client tools
> (ldapwhoami -Y GSSAPI ok)
>
> but I have some problem to understand how to use the multiple
> ldap_sasl[_interactive]_bind[_s]() functions
>
> which one should be used ? what are the differences ?
> I made the following piece of code. Why do I have this error my slapd
> log ?
>
> <--------------------------- the code ---------------------------->
> #include <stdio.h>
> #include <ldap.h>
>
> int
> main( int argc, char *argv[] )
> {
> int rc;
> char *ldaphost = "linux-integ.enatel.local";
> int ldapport = 389;
> LDAP *ld = NULL;
> int authmethod = LDAP_AUTH_SASL;
> int protocol = LDAP_VERSION3;
>
> char *sasl_mech = ber_strdup("GSSAPI");
> char *sasl_realm = ber_strdup("ENATEL.LOCAL");
> // where do I have to use the realm ??
> int msgid;
>
> ld = ldap_init( ldaphost, ldapport );
> ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &protocol );
> rc = ldap_sasl_bind( ld, NULL, sasl_mech, NULL, NULL, NULL, &msgid );
> ldap_unbind (ld);
> }
> <--------------------------------------------------------------------->
>
>
> <----------------------- the slapd error log ------------------------->
> do_sasl_bind: dn () mech GSSAPI
> ==> sasl_bind: dn="" mech=GSSAPI datalen=0
> send_ldap_sasl: err=14 len=0
> send_ldap_response: msgid=1 tag=97 err=14
> <== slap_sasl_bind: rc=14
> connection_resched: attempting closing conn=0 sd=9
> connection_close: conn=0 sd=9
> daemon: removing 9
> <--------------------------------------------------------------------->
>
>
> If anyone can help me / show me a doc / show me a little sample (I have
> read all the source code of ldapwhoami.c and all its includes :) )
>
> thank you very much
>