On 24/07/10 21:18 +0530, Shankar Anand R wrote:
On Fri, Jul 23, 2010 at 9:43 AM, Shankar Anand R shankaranand@gmail.com wrote:
On Fri, Jul 23, 2010 at 12:10 AM, Dan White dwhite@olp.net wrote:
See the man page for ldap_sasl_interactive_bind_s(), in which you provide a callback function for providing the sasl realm, authc identity, password, and authz identity.
Also see doc/programming.html in the cyrus sasl source for discussion of interactions, and plugins/ldapdb.c for a working example.
Thanks for your help. I will read the doc and the example.
Meanwhile I want to check if I can avoid ldap_sasl_interactive_bind_s(). Wouldn't ldap_sasl_bind_s() work for "DIGEST-MD5"? If it works, I would like to go with it. Can you point out a way to do that?
Can someone point me to a sample program which uses ldap_sasl_bind_s() with "DIGEST-MD5"?
The ldapdb.c library that I referred to above is a good example. Any of the OpenLDAP client utilities are also good examples.
You'd do good to steer clear of writing an application which attempts to hard code a specific mechanism. One of the advantages of the sasl library is that it abstracts a lot of the mechanism specific details away.
If you write your code using an interactive callback function, then you'll have the ability to support any of the password based mechanisms, which could be selected at runtime.