[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: sasl/gssapi bind using libldap



Unless you really really want to implement the full client side of
GSSAPI yourself, do not use ldap_sasl_bind().  What you did was define
your own handler for GSSAPI, but did none of the work required like
getting and passing the tokens.

Either grab "sasl.c" from liblutil (in the /libraries/liblutil of the
openldap source) or link against liblutil to borrow the
lutil_sasl_defaults() function.

If your application is not command-line driven, you will likely want to
modify lutil_sasl_interact() and interaction() from sasl.c to not
prompt.

---------CODE FRAG------------
void *defaults;
unsigned sasl_flags = LDAP_SASL_QUIET;
char *sasl_mech = NULL;
char *sasl_realm = NULL;
char *sasl_authc_id = NULL;
char *sasl_authz_id = NULL;
struct berval passwd = {0, NULL};

defaults = lutil_sasl_defaults(ld,
	sasl_mech,
	sasl_realm,
	sasl_authc_id,
	passwd.bv_val,
	sasl_authz_id);

rc = ldap_sasl_interactive_bind_s(ld,
	binddn,	/* character string, not really required */
	sasl_mech,
	NULL,	/* servercontrols */
	NULL,	/* clientcontrols */
	sasl_flags,
	lutil_sasl_interact,
	defaults);
-------END-----

cheers,


--chris
cmaxwell@themanor.net


On Mon, 2003-04-28 at 11:19, Francois Beretti wrote:
> hello all
> 
> I am trying to make a program that will do a SASL/GSSAPI bind to my
> slapd
> 
> everything works with my system (kinit ok) and with my ldap client tools
> (ldapwhoami -Y GSSAPI ok)
> 
> but I have some problem to understand how to use the multiple
> ldap_sasl[_interactive]_bind[_s]() functions
> 
> which one should be used ? what are the differences ?
> I made the following piece of code. Why do I have this error my slapd
> log ?
> 
> <--------------------------- the code ---------------------------->
> #include <stdio.h>
> #include <ldap.h>
> 
> int
> main( int argc, char *argv[] )
> {
> 	int		rc;
> 	char	*ldaphost		= "linux-integ.enatel.local";
> 	int		ldapport		= 389;
> 	LDAP	*ld				= NULL;
> 	int		authmethod		= LDAP_AUTH_SASL;	
> 	int		protocol		= LDAP_VERSION3;
> 
> 	char	*sasl_mech		= ber_strdup("GSSAPI");
> 	char	*sasl_realm		= ber_strdup("ENATEL.LOCAL");
> 	// where do I have to use the realm ??
> 	int		msgid;
> 
> 	ld = ldap_init( ldaphost, ldapport );
> 	ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &protocol );
> 	rc = ldap_sasl_bind( ld, NULL, sasl_mech, NULL, NULL, NULL, &msgid );
> 	ldap_unbind (ld);
> }
> <--------------------------------------------------------------------->
> 
> 
> <----------------------- the slapd error log ------------------------->
> do_sasl_bind: dn () mech GSSAPI
> ==> sasl_bind: dn="" mech=GSSAPI datalen=0
> send_ldap_sasl: err=14 len=0
> send_ldap_response: msgid=1 tag=97 err=14
> <== slap_sasl_bind: rc=14
> connection_resched: attempting closing conn=0 sd=9
> connection_close: conn=0 sd=9
> daemon: removing 9
> <--------------------------------------------------------------------->
> 
> 
> If anyone can help me / show me a doc / show me a little sample (I have
> read all the source code of ldapwhoami.c and all its includes :) )
> 
> thank you very much
>