[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: proxy auth and who am i



At 05:02 PM 6/29/2005, Matt Yacobucci wrote:
>I am something of an LDAP newbie so hopefully I'm using the correct
>terms.
>
>My application needs to do modifies via proxy authentication.
>
>I can do searches fine anonymously. And if I hard code my authzid
>("dn:cn=Manager,dc=qa,dc=jabber,dc=com"), or hack one up from the
>provided bind dn I can do modifies, but I would like to use the whoami
>functionality (OID="1.3.6.1.4.1.4203.1.11.3") to dynamically get the
>authzid in order to set the ldctl_value for the Proxy Auth LDAPControl.

The above doesn't make all that much sense to me.  Anyways,
I suggest you experiment with command line tools (singularly
and in combination) to gain a basic understanding
of how these capabilities work, including general syntaxes
and semantics and OpenLDAP-specific implementation details,
both singularly and in combination.  You should do this before you
attempt to write any code.  Otherwise you'll be just bouncing off
walls of misunderstandings.

>I've read draft-zeilenga-ldap-authzid-xx.txt (Who am I?).
>
>Question 1:
>Section 2.1 The whoami Request mentions that the "request is an
>ExtendedRequest with the requestName field containing the whoamiOID OID
>and an absent requestValue field."
>Does this refer to the LDAPControl?

No.  draft-zeilenga-ldap-authzid-xx.txt is referring to components
of an LDAP extended operation request, as can be constructed using
ldap_extended_operation(3).  The remainder of your post is nonsense
due your false assumption that it was.

Kurt