Re: LDAP_OPT_X_SASL_AUTHCID and LDAP_OPT_X_SASL_AUTHZID

On Sat, 15 Aug 2009, Michael Ströder wrote: ...

I was hoping to find a SASL option to query the Kerberbos principal name actually used after a successful SASL/GSSAPI bind.

Are you trying to ask a purely local question or is the server's opinion of what authorization ID you actually ended up with relevant?

For the latter, try ldap_whoami() or ldap_whoami_s().

For the former, I suspect you'll have to add a new LDAP option to get the underlying sasl context handle and then peel it out of there yourself. Does cyrus-sasl even provide a means to get the authentication ID used?

Philip Guenther