[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: FW: programming using ldap api calls

ldap can only talk to gssapi through sasl? isn't gssapi a lower level protocol. is it possible to directly use gssapi without having to implement sasl?

thanks for any input.




-----Original Message-----
From: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.org]
Sent: Thursday, April 08, 2004 3:07 PM
To: Ang, Melissa
Cc: Openldap Ldap Server (E-mail)
Subject: Re: FW: programming using ldap api calls


At 11:22 AM 4/8/2004, Ang, Melissa wrote:
>I loook at the code on the client/tools but it says that it needs sasl support. I want to be able to use keberos and openldap without other tools. is this possible?

Kerberos V authentication in LDAP is supported through GSSAPI
through SASL.  So, if you compile --without-cyrus-sasl, the
LDAP library will not provide support any SASL mechanisms,
including the GSSAPI (KERBEROS V) mechanism.

Now, your client could, in theory, implement the GSSAPI mechanism
itself (calling ldap_sasl_bind() and friends as needed), but then
you'd, at best, be reinventing the wheel.

Kurt




>-----Original Message-----
>From: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.org]
>Sent: Thursday, April 08, 2004 2:16 PM
>To: Ang, Melissa
>Cc: Openldap Ldap Server (E-mail)
>Subject: Re: programming using ldap api calls
>
>
>At 08:12 AM 4/8/2004, Ang, Melissa wrote:
>>I'd like to create a program using openldap's ldap api calls. This program is going to be using sasl and gssapi. but I noticed that openldap api's have ldap_kerberos_bind. Is this the same as the gssapi sasl binding?
>
>No.  Use ldap_sasl_interactive_bind_s().
>
>>can anyone point me to any documentation on openldap's api programming. I couldn;t seem to find it on <http://www.openldap.org>www.openldap.org 
>
>API documentation is incomplete (especially in this area).
>See client/tools for examples of how to use
>ldap_sasl_interactive_bind_s()
>
>Kurt