[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: switch from ldap_sasl_interactive_bind_s to ldap_sasl_bind fails



Is there any plan on adding an async ldap sasl gssapi bind to openldap in
the future?

- Jeremiah

On 6/1/06, Kurt D. Zeilenga <Kurt@openldap.org> wrote:

Unless you want to manage the SASL exchange yourself (which for the GSSAPI mechanism is non-trivial), you should not use ldap_sasl_bind(3) (or ldap_sasl_bind_s(3)).

If you do want to manage the SASL exchange yourself,
you'll need to do lots of self-education first.  I would
suggest you start by reading ldap_sasl_interactive_bind_s(3)
code (which makes use of ldap_sasl_bind(3) itself).

Kurt

At 12:54 PM 6/1/2006, Jeremiah Martell wrote:
>I had code that used ldap_sasl_interactive_bind_s that I just switched
>to ldap_sasl_bind.
>
>I switched because I wanted async binding with sasl (GSSAPI), and
>ldap_sasl_bind seemed a lot simpler to use.
>
>Now, though, whenever I use my new ldap_sasl_bind code I always get
>back 49 (invalid credentials). Any idea what I could be doing wrong?
>
>int msgid = 0;
>struct berval cred;
>cred.bv_len = 8;
>cred.bv_val = "PASSWORD";
>
>if ( ldap_sasl_bind( myldap, NULL, "GSSAPI", &cred, NULL, NULL, &msgid
>) != 0 ) return -1;
>if ( msgid == -1 ) return -1;
>
>while ( 1 )
>{
>  // do ldap_result and ldap_first_message and ldap_parse_result stuff
>  // i eventually get 49, invalid credentials. which ldap logging
>shows is the case
>  // log shows: "AcceptSecurityContext error", which ethereal verifies
>}
>
>
>Thanks,
>- Jeremiah
>inlovewithGod@gmail.com




--
- Jeremiah
inlovewithGod@gmail.com