Hi,
I'm an openldap beginner and I've been experimenting with some simple openldap examples. Essentially, I had some sample code that tried to initiate an asynchronous bind to a slapd. My program made calls to the library using the following functions in this order.
ldap_initialize(...); ldap_sasl_bind(..., LDAP_SASL_SIMPLE, ...); ldap_result(...); // check ldap_result return code == -1 and result pointer != NULL ldap_parse_sasl_bind_result(...); // check ldap_parse_sasl_bind_result return code ldap_unbind_ext(...);
The code appears to work with a correct DN and password. But strangely enough I didn't get any errors either when I supplied an incorrect password. When I inspect the packet traffic between the client and the slapd, the slapd responds as expected to the two binds (invalid credentials -> incorrect password) and (success -> correct password).
I spent hours debugging to no avail and then finally decided to try out ldapwhoami which catches the invalid credentials... Looking at the source code for ldapwhoami revealed that ldapwhoami uses ldap_parse_result when binding with ldap_sasl_bind(LDAP_SASL_SIMPLE). This practice wasn't immediately obvious to me.
My questions:
1. Does ldap_parse_sasl_bind_result work for processing responses to ldap_sasl_bind(LDAP_SASL_SIMPLE)? 2. If the answer to (1.) is in fact no, wouldn't it be more intuitive to get ldap_parse_sasl_bind_result to also handle the LDAP_SASL_SIMPLE case? 3. Is there a simple way to determine whether or not a response received in ldap_result is a bind response to LDAP_SASL_SIMPLE or do I have to store my bind request type and correlate this using the message id when the response returns?
Thanks, Lawrence
_________________________________________________________________ Reinvent how you stay in touch with the new Windows Live Messenger. http://go.microsoft.com/?linkid=9650731
openldap-software@openldap.org