Re: LDAP_OPT_X_SASL_AUTHCID and LDAP_OPT_X_SASL_AUTHZID

Howard Chu wrote:

Michael Ströder wrote:

...

what is returned by

ldap_get_options(LDAP_OPT_X_SASL_AUTHCID,[..]) ldap_get_options(LDAP_OPT_X_SASL_AUTHZID,[..])

I'm getting results with python-ldap which look strange to me after doing a SASL bind. But I'm not sure what should be returned.

For AUTHCID, it is initialized to the first non-null environment variable of USER / USERNAME / LOGNAME. AUTHZID is empty.

Both of them can be overriden by .ldaprc or LDAP_SASL env variables.

So these are rather meant to be set by the client as defaults (instead of the call-back vars)?

I was hoping to find a SASL option to query the Kerberbos principal name actually used after a successful SASL/GSSAPI bind.

Ciao, Michael.