Hi,

I'm only ever going to use sasl_mech="EXTERNAL" with my client code. I tried using ldap_sasl_bind_s() but that returned with LDAP_SASL_BIND_IN_PROGRESS.

I then used ldap_sasl_interactive_bind_s() based on the example in clients/tools/common.c more or less. I don't actually need the defaults struct, so I pass defaults=NULL and therefore don't use anything like lutil_sasl_defaults(), etc.

I implemented a LDAP_SASL_INTERACT_PROC using the example in libraries/liblutil/sasl.c which is very similar to lutil_sasl_interact() except that it doesn't support LDAP_SASL_INTERACTIVE and my version of the interaction() function does nothing but return LDAP_SUCCESS.

Looking at it, I could probably shorten my version of the lutil_sasl_interact() to simply return LDAP_SUCCESS and not even bother with an interaction() function.

It appears to work just fine and the debug output says:

ldap_sasl_interactive_bind: user selected: EXTERNAL

ldap_int_sasl_bind: EXTERNAL ldap_int_sasl_open: host=server1.paxriver.progeny.net => ldap_dn2bv(16) <= ldap_dn2bv(cn=xxxxxxx,ou=xxxxxxx,ou=xxx,o=xxx,dc=xxxx,dc=xxx)=0 SASL/EXTERNAL authentication started sasl_interact() ldap_sasl_bind ldap_send_initial_request ldap_send_server_request ldap_msgfree ldap_result ld 0x1366940 msgid 2

So my questions:

1. Is there anything wrong with that approach? 2. Is there a better (simpler/easier) way to do this?

Any advice is highly appreciated!

Thanks, Frank