Michael Ströder wrote:
masarati@aero.polimi.it wrote:
Disclaimer: I'm not a C programmer.
I'd like to evaluate response controls (e.g. ppolicy) also when doing a SASL bind. I'm using python-ldap which in turn uses OpenLDAP C API's function ldap_sasl_interactive_bind_s().
Not sure about that. In clients/tools/common.c there is an example of using ldap_sasl_interactive_bind() asynchronously that purposely allows to extract controls information from the (last) response
I'm staring at line 1473 in clients/tools/common.c of RE24 but I simply don't get it: IMHO in opposite to later call of ldap_sasl_bind() (in a separate else clause starting at line 1490) a msgid is not returned by the API and therefore it seems to me that ldap_result() is not and cannot be called in the SASL part.
Is the ppolicy control supported by the command-line tools if SASL is used? The code does not look like that and using ldapsearch also seems to lead to different results when using SASL and simple bind:
$ ldapsearch -H ldap://server -Y DIGEST-MD5 -e ppolicy -U test -w test -LL -b"" -s base SASL/DIGEST-MD5 authentication started SASL username: test SASL SSF: 128 SASL data security layer installed. version: 1
Server is unwilling to perform (53)
$ ldapsearch -x -H ldap://server -e ppolicy -D "uid=test,dc=example,dc=com" -w test -LL -b"" -s base ldap_bind: Success (0); Password must be changed (Password expires in 0 seconds) version: 1
Server is unwilling to perform (53)
Ciao, michael.