[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Proxy Authorization and ldap_sasl_interactive_bind_s



At 08:40 AM 7/8/2003, pturgyan@umich.edu wrote:
>I've searched through the archives and also the Faq-O-Matic,
>but I can't find any answers to these questions.
>
>We're developing a ldap client that uses OpenLDAP 2.1 and proxy
>authorization.  The only way I've found to do proxy authorization is
>with ldap_sasl_interactive_bind_s.  In order to use
>ldap_sasl_interactive_bind_s I have to allocate a lutil_sasl_defaults
>structure, and I have to pass lutil_sasl_interact as a sasl interaction
>function. The lutil_sasl_defaults structure is defined in
>include/lutil_ldap.h and lutil_sasl_interact is in liblutil.a.
>
>Why isn't lutil_ldap.h and liblutil.a installed when the
>rest of openldap is installed?

-llutil is considered a private library of helper routines.
When lutil_sasl_interact was written, it was viewed as
specific to OpenLDAP shipped clients.

>Are there other ways to do proxy authorization that don't use
>ldap_sasl_interactive_bind_s?

For SASL proxy authorization, the only alternative to
ldap_sasl_interactive_bind_s is to call ldap_sasl_bind()
directly... but that requires you to implement the
mechanism yourself.

Alternatively to SASL proxy authorization, you can use the
LDAP proxy authorization control (on a per operation basis).