Thanks for the reply Howard, if i can further clarify what you mean is that given the ldap_sasl_bind fucntion prototype below :
ldap_sasl_bind(
LDAP *ld,
LDAP_CONST char *dn,
LDAP_CONST char *mechanism,
struct berval *cred,
LDAPControl **sctrls,
LDAPControl **cctrls,
int *msgidp )
i first call the Kerberos authentication functions to get the service ticket to the ldap server. Next i can simply use the above fuction specifying mechanism as "GSSAPI" and pointing cred to the Kerberos service ticket i just got ?
If this is right the ldap server will just verify the service ticket and send back the response for the fucntion to return success.
Is there anything else i need to take care of ?
On 11/26/07, Howard Chu <hyc@symas.com> wrote:
Austin Cherian wrote:
> Hi,
> Im quite new to Openldap and am searching for answers to some
> questions on a particular case i have, i'd be glad if some one could
> help me out on this particular topic.
>
> I have a situation where i have to perform an LDAP bind to a given
> LDAP server with only being provided a service ticket to that
> particular LDAP server and nothing else, i have already explored the
> possibility of using SASL authentication method with GSSAPI as the
> mechanism, however i guess the GSSAPI mechanism takes user credentials
> as input and moves through the Kerberos protocol to finally provide
> the LDAP server with the service ticket.
Wrong. The GSSAPI mechanism does exactly what you're looking for.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP
http://www.openldap.org/project/