[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: FW: programming using ldap api calls



I have a new idea! :D is it possible then not to use gssapi and then use kerberos api calls with the ldap api calls (without sasl) no offense to sasl of course. I just don't want to build any extra source if we can get away without it. any samples on how to do kerberos api and ldap api calls is much appreciated. 

thanks all!

-----Original Message-----
From: owner-openldap-software@OpenLDAP.org
[mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Ang, Melissa
Sent: Friday, April 09, 2004 9:59 AM
To: Kurt D. Zeilenga
Cc: Openldap Ldap Server (E-mail)
Subject: RE: FW: programming using ldap api calls


hello again folks! 

so there is no work around to programming with openldap api calls without the sasl library? It is possible to do so by implementing the lower level calls right? Which lower level API calls is this? is this the gss API calls? since SASL sits on top of this layer?

example: 

gss_init_sec_context(....)
...
..
ldap_bind (.., cred,..)
where cred is the credential created by gss api calls?

is this feasible?

thanks again for the help. :)



-----Original Message-----
From: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.org]
Sent: Thursday, April 08, 2004 4:33 PM
To: Ang, Melissa
Cc: Openldap Ldap Server (E-mail)
Subject: RE: FW: programming using ldap api calls


At 01:19 PM 4/8/2004, Ang, Melissa wrote:
>ldap can only talk to gssapi through sasl? isn't gssapi a lower level protocol. is it possible to directly use gssapi without having to implement sasl?

In the LDAP (and SASL) context, the term "GSSAPI" refers to a
particular SASL mechanism, which is a Kerberos V GSSAPI mechanism,
identified by the token "GSSAPI".  SASL supports a number of other
GSSAPI mechanisms, they are identified by other tokens.

It certainly possible to design a LDAP bind method (or a SASL
mechanism) which supported multiple GSSAPI mechanisms, but that
just isn't how its done today.

Kurt