On Jan 24, 2007, at 7:50 AM, Kenneth Rogers wrote:
Thanks,
I guess I wasn't clear enough, I'm working on the client and need to get the DN from the server after performing a GSSAPI bind.
ldap_whoami_s(...) looks like it should work, although right now I'm getting an LDAP_DECODING_ERROR (-4) from it, and I don't know why.
This error means the library was unable to decode the response PDU.
Any ideas what causes that error.
Most likely a malformed response PDU.
The client is using openldap 2.3.24 on a linux system, and the server is Windows 2000 Active Directory.
You should verify the server in question supports the LDAP Whoami? operation (RFC 4532). If the server doesn't support this, you might see if the server supports authorization identity controls (RFC 3829). Otherwise, you might see if the server supports some other means for obtaining the desired information. A forum about AD would be an appropriate place to ask such questions.
-- Kurt
KR
On 1/24/07, Dieter Klünter dieter@dkluenter.de wrote:
Am Dienstag, 23. Januar 2007 22:33 schrieb Kenneth Rogers:
Hi,
After a successful GSSAPI binding, is there an easy way to get
the DN
for that user from the server?
sasl returns an authentication string something like uid=<user>,cn=<realm>,cn=<mechanism>,cn=auth this string can be mapped to an entry, see the authz-regexp directive in slapd.conf(5).
-Dieter
-- Dieter Klünter | Systemberatung http://www.dkluenter.de GPG Key ID:8EF7B6C6
-- "Linux doesn't exist." -- Kieren O'Shaghnessy (Director of SCO Australia)