> -----Original Message----- > From: Rich Megginson [mailto:[EMAIL PROTECTED] On > Behalf Of Rich Megginson > Sent: Tuesday, November 04, 2008 11:27 PM > To: Xu, Qiang (FXSGSC) > Cc: [email protected]; Michael Ströder > Subject: Re: SASL authentication > > This is a very bad example for using SASL/GSSAPI. Please > refer to the actual source code. There is an example file - > http://mxr.mozilla.org/mozilla/source/directory/c-sdk/ldap/exa > mples/saslsearch.c
Got it. Previously, I want to use ldap_sasl_bind_s() to avoid the hassle in dealing with asynchronous SASL binding with ldap_sasl_bind(), that is, to avoid the challenges sent back from the server with LDAP_SASL_BIND_IN_PROGRESS. > For GSSAPI, it doesn't matter, because the real credentials > will come from the TGT. Good to hear this. > Yes, but no, because you should not use ldap_sasl_bind_s, you > should use ldap_sasl_interactive_bind_ext_s instead - see > saslsearch.c above. Why can't I find the reference to the function ldap_sasl_interactive_bind_ext_s() in MozLDAP C SDK document page (http://www.mozilla.org/directory/csdk-docs/function.htm)? Is this document outdated? And what benefit does it have, compared to ldap_sasl_bind_s()? In other words, what potential risk does ldap_sasl_bind() have? Thanks a lot, Xu Qiang _______________________________________________ dev-tech-ldap mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-ldap
