--On Monday, July 10, 2017 9:02 PM +0530 Nishanth Nagendra nishanth.amogh@gmail.com wrote:
From the openldap source code, I notice that sasl.c file has a constant LDAP_SASL_SIMPLE as a constant for mechanism which is a NULL value. I tried to pass a non NULL value in my function call to ldap_sasl_bind in the third parameter expecting it to hit the other code path to initiate SASL bind with credentials but the library does not seem to allow it and returns error from sasl bind.
As clearly noted in the source code comments, the third argument is the MECHANISM to use:
/* * ldap_sasl_bind - bind to the ldap server (and X.500). * The dn (usually NULL), mechanism, and credentials are provided. * The message id of the request initiated is provided upon successful * (LDAP_SUCCESS) return. * * Example: * ldap_sasl_bind( ld, NULL, "mechanism", * cred, NULL, NULL, &msgid ) */
I.e., you would pass in "GSSAPI" for a SASl/GSSAPI bind, etc.
It is also generally better form to use ldap_sasl_interactive_bind_s, as noted in the man page. In that case, as noted by the manual page:
The mechs parameter should contain a space-separated list of candidate mechanisms to use. If this parameter is NULL or empty the library will query the supportedSASLMechanisms attribute from the server's rootDSE for the list of SASL mechanisms the server supports.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
openldap-technical@openldap.org