Oh cool! I'll give that a try!
Thanks, Frank
On Tue, Apr 5, 2016 at 5:37 PM, David Hawes dhawes@vt.edu wrote:
On 5 April 2016 at 16:44, Frank Crow fjcrow2008@gmail.com wrote:
Hi,
I'm only ever going to use sasl_mech="EXTERNAL" with my client code. I tried using ldap_sasl_bind_s() but that returned with LDAP_SASL_BIND_IN_PROGRESS.
I then used ldap_sasl_interactive_bind_s() based on the example in clients/tools/common.c more or less. I don't actually need the
defaults
struct, so I pass defaults=NULL and therefore don't use anything like lutil_sasl_defaults(), etc.
I implemented a LDAP_SASL_INTERACT_PROC using the example in libraries/liblutil/sasl.c which is very similar to lutil_sasl_interact() except that it doesn't support LDAP_SASL_INTERACTIVE and my version of
the
interaction() function does nothing but return LDAP_SUCCESS.
Looking at it, I could probably shorten my version of the lutil_sasl_interact() to simply return LDAP_SUCCESS and not even bother
with
an interaction() function.
It appears to work just fine and the debug output says:
ldap_sasl_interactive_bind: user selected: EXTERNAL ldap_int_sasl_bind: EXTERNAL ldap_int_sasl_open: host=server1.paxriver.progeny.net => ldap_dn2bv(16) <= ldap_dn2bv(cn=xxxxxxx,ou=xxxxxxx,ou=xxx,o=xxx,dc=xxxx,dc=xxx)=0 SASL/EXTERNAL authentication started sasl_interact() ldap_sasl_bind ldap_send_initial_request ldap_send_server_request ldap_msgfree ldap_result ld 0x1366940 msgid 2
So my questions:
- Is there anything wrong with that approach?
- Is there a better (simpler/easier) way to do this?
Yes. Pass an empty cred to ldap_sasl_bind_s():
cred.bv_val = ""; cred.bv_len = 0; ldap_sasl_bind_s(ldap, NULL, "EXTERNAL", &cred, NULL, NULL, NULL);
Well, I tried that and I ended up with the same thing. It returned LDAP_SASL_BIND_IN_PROGRESS. I'll just stick to my null sasl_interaction() approach.
Thanks, Frank
On Tue, Apr 5, 2016 at 5:38 PM, Frank Crow fjcrow2008@gmail.com wrote:
Oh cool! I'll give that a try!
Thanks, Frank
On Tue, Apr 5, 2016 at 5:37 PM, David Hawes dhawes@vt.edu wrote:
On 5 April 2016 at 16:44, Frank Crow fjcrow2008@gmail.com wrote:
Hi,
I'm only ever going to use sasl_mech="EXTERNAL" with my client code. I tried using ldap_sasl_bind_s() but that returned with LDAP_SASL_BIND_IN_PROGRESS.
I then used ldap_sasl_interactive_bind_s() based on the example in clients/tools/common.c more or less. I don't actually need the
defaults
struct, so I pass defaults=NULL and therefore don't use anything like lutil_sasl_defaults(), etc.
I implemented a LDAP_SASL_INTERACT_PROC using the example in libraries/liblutil/sasl.c which is very similar to lutil_sasl_interact() except that it doesn't support LDAP_SASL_INTERACTIVE and my version of
the
interaction() function does nothing but return LDAP_SUCCESS.
Looking at it, I could probably shorten my version of the lutil_sasl_interact() to simply return LDAP_SUCCESS and not even bother
with
an interaction() function.
It appears to work just fine and the debug output says:
ldap_sasl_interactive_bind: user selected: EXTERNAL ldap_int_sasl_bind: EXTERNAL ldap_int_sasl_open: host=server1.paxriver.progeny.net => ldap_dn2bv(16) <= ldap_dn2bv(cn=xxxxxxx,ou=xxxxxxx,ou=xxx,o=xxx,dc=xxxx,dc=xxx)=0 SASL/EXTERNAL authentication started sasl_interact() ldap_sasl_bind ldap_send_initial_request ldap_send_server_request ldap_msgfree ldap_result ld 0x1366940 msgid 2
So my questions:
- Is there anything wrong with that approach?
- Is there a better (simpler/easier) way to do this?
Yes. Pass an empty cred to ldap_sasl_bind_s():
cred.bv_val = ""; cred.bv_len = 0; ldap_sasl_bind_s(ldap, NULL, "EXTERNAL", &cred, NULL, NULL, NULL);-- Frank
openldap-technical@openldap.org
-
Frank Crow