[Date Prev][Date Next] [Chronological] [Thread] [Top]

proxy auth and who am i



I am something of an LDAP newbie so hopefully I'm using the correct
terms.

My application needs to do modifies via proxy authentication.

I can do searches fine anonymously. And if I hard code my authzid
("dn:cn=Manager,dc=qa,dc=jabber,dc=com"), or hack one up from the
provided bind dn I can do modifies, but I would like to use the whoami
functionality (OID="1.3.6.1.4.1.4203.1.11.3") to dynamically get the
authzid in order to set the ldctl_value for the Proxy Auth LDAPControl.

I've read draft-zeilenga-ldap-authzid-xx.txt (Who am I?).

Question 1:
Section 2.1 The whoami Request mentions that the "request is an
ExtendedRequest with the requestName field containing the whoamiOID OID
and an absent requestValue field."
Does this refer to the LDAPControl? The ldctl_oid should be set, but not
the ldctl_value?  Wouldn't that need to be the dn of who I'm looking
for?  I haven't read through the ldap_extended_operation code, but know
the function ldap_whoami eventually calls that with the LDAPControl.

Question 2:
When I actually try and use the ldap_whoami_s function with this
snippet:
    printf("Searching for who i am?\n");
    char* who = "cn=Manager,dc=qa,dc=jabber,dc=com";

    whoami_ctrl = (LDAPControl*)malloc(sizeof(LDAPControl));
    memset((void*)whoami_ctrl, 0, sizeof(LDAPControl));
    whoami_ctrl->ldctl_oid = "1.3.6.1.4.1.4203.1.11.3";
    whoami_ctrl->ldctl_iscritical = 1;
    whoami_ctrl->ldctl_value.bv_val = who;
    whoami_ctrl->ldctl_value.bv_len = strlen(who);

    struct berval* authzid;

    whoami_request[0] = whoami_ctrl;
    whoami_request[1] = NULL;

    if ( (err = ldap_whoami_s( ld, &authzid, whoami_request, NULL ) ) )
    {
        printf("%d, %s\n", err, ldap_err2string(err));
    }
    else
    {
        printf("Request DN: %s\nAuthzID: %s\n", who,  
               authzid->bv_val);
    }

It returns 12, Critical extension is unavailable.  Where do I
install/enable the who am i functionality - the ldapwhoami command line
seems to work correctly?

Once again - thanks in advance for any help.

-- 
Matt Yacobucci <myacobucci@jabber.com>