Thanks for the reply Howard, if i can further clarify what you mean is that given the ldap_sasl_bind fucntion prototype below :
ldap_sasl_bind( LDAP *ld, LDAP_CONST char *dn, LDAP_CONST char *mechanism, struct berval *cred, LDAPControl **sctrls, LDAPControl **cctrls, int *msgidp )
i first call the Kerberos authentication functions to get the service ticket to the ldap server. Next i can simply use the above fuction specifying mechanism as "GSSAPI" and pointing cred to the Kerberos service ticket i just got ?
If this is right the ldap server will just verify the service ticket and send back the response for the fucntion to return success.
Is there anything else i need to take care of ?
On 11/26/07, Howard Chu hyc@symas.com wrote:
Austin Cherian wrote:
Hi, Im quite new to Openldap and am searching for answers to some questions on a particular case i have, i'd be glad if some one could help me out on this particular topic.
I have a situation where i have to perform an LDAP bind to a given LDAP server with only being provided a service ticket to that particular LDAP server and nothing else, i have already explored the possibility of using SASL authentication method with GSSAPI as the mechanism, however i guess the GSSAPI mechanism takes user credentials as input and moves through the Kerberos protocol to finally provide the LDAP server with the service ticket.
Wrong. The GSSAPI mechanism does exactly what you're looking for.
-- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/