[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: proxy auth and who am i
Answered my own question - ldctl_iscritical does not need to be set.
whoami_ctrl->ldctl_iscritical should be 0.
MY
On Wed, 2005-06-29 at 18:02 -0600, Matt Yacobucci wrote:
> I am something of an LDAP newbie so hopefully I'm using the correct
> terms.
>
> My application needs to do modifies via proxy authentication.
>
> I can do searches fine anonymously. And if I hard code my authzid
> ("dn:cn=Manager,dc=qa,dc=jabber,dc=com"), or hack one up from the
> provided bind dn I can do modifies, but I would like to use the whoami
> functionality (OID="1.3.6.1.4.1.4203.1.11.3") to dynamically get the
> authzid in order to set the ldctl_value for the Proxy Auth LDAPControl.
>
> I've read draft-zeilenga-ldap-authzid-xx.txt (Who am I?).
>
> Question 1:
> Section 2.1 The whoami Request mentions that the "request is an
> ExtendedRequest with the requestName field containing the whoamiOID OID
> and an absent requestValue field."
> Does this refer to the LDAPControl? The ldctl_oid should be set, but not
> the ldctl_value? Wouldn't that need to be the dn of who I'm looking
> for? I haven't read through the ldap_extended_operation code, but know
> the function ldap_whoami eventually calls that with the LDAPControl.
>
> Question 2:
> When I actually try and use the ldap_whoami_s function with this
> snippet:
> printf("Searching for who i am?\n");
> char* who = "cn=Manager,dc=qa,dc=jabber,dc=com";
>
> whoami_ctrl = (LDAPControl*)malloc(sizeof(LDAPControl));
> memset((void*)whoami_ctrl, 0, sizeof(LDAPControl));
> whoami_ctrl->ldctl_oid = "1.3.6.1.4.1.4203.1.11.3";
> whoami_ctrl->ldctl_iscritical = 1;
> whoami_ctrl->ldctl_value.bv_val = who;
> whoami_ctrl->ldctl_value.bv_len = strlen(who);
>
> struct berval* authzid;
>
> whoami_request[0] = whoami_ctrl;
> whoami_request[1] = NULL;
>
> if ( (err = ldap_whoami_s( ld, &authzid, whoami_request, NULL ) ) )
> {
> printf("%d, %s\n", err, ldap_err2string(err));
> }
> else
> {
> printf("Request DN: %s\nAuthzID: %s\n", who,
> authzid->bv_val);
> }
>
> It returns 12, Critical extension is unavailable. Where do I
> install/enable the who am i functionality - the ldapwhoami command line
> seems to work correctly?
>
> Once again - thanks in advance for any help.
>
--
Matt Yacobucci <myacobucci@jabber.com>