--On Monday, July 10, 2017 9:02 PM +0530 Nishanth Nagendra
From the openldap source code, I notice that sasl.c file has a constant
LDAP_SASL_SIMPLE as a constant for mechanism which is a NULL value. I
tried to pass a non NULL value in my function call to ldap_sasl_bind in
the third parameter expecting it to hit the other code path to initiate
SASL bind with credentials but the library does not seem to allow it and
returns error from sasl bind.
As clearly noted in the source code comments, the third argument is the
MECHANISM to use:
* ldap_sasl_bind - bind to the ldap server (and X.500).
* The dn (usually NULL), mechanism, and credentials are provided.
* The message id of the request initiated is provided upon successful
* (LDAP_SUCCESS) return.
* ldap_sasl_bind( ld, NULL, "mechanism",
* cred, NULL, NULL, &msgid )
I.e., you would pass in "GSSAPI" for a SASl/GSSAPI bind, etc.
It is also generally better form to use ldap_sasl_interactive_bind_s, as
noted in the man page. In that case, as noted by the manual page:
The mechs parameter should contain
a space-separated list of candidate mechanisms to use. If
parameter is NULL or empty the library will query
supportedSASLMechanisms attribute from the server's rootDSE for
list of SASL mechanisms the server supports.
Packaged, certified, and supported LDAP solutions powered by OpenLDAP: