RE: SASL authentication

Wed, 05 Nov 2008 02:48:51 -0800 

> -----Original Message-----
> From: Xu, Qiang (FXSGSC)
> Sent: Wednesday, November 05, 2008 5:49 PM
> To: Xu, Qiang (FXSGSC); Rich Megginson
> Cc: Michael Ströder; [email protected]
> Subject: RE: SASL authentication
>
> Just found out that the function
> ldap_sasl_interactive_bind_ext_s() may be intended for a
> stand-alone application used in command-line, thus the name
> "interactive". So I guess when the function is executed, some
> prompt appears in the console to wait for my input. And it
> can explain the callback function "example_sasl_interact()".
>
> For me, the implementation is to be used in the printer,
> which cannot be interactively and repeatedly request so many
> parameters. Maybe the function ldap_sasl_bind_s() is more appropriate?

On second thoughts, it seems still OK if I insist on using  
ldap_sasl_interactive_bind_ext_s(). If the flag is LDAP_SASL_QUIET, actually I 
can provide the values in the array default_values[] in a batch mode.

An example is:
===========================
static char *default_values[] = {
    "xuan", /* SASL_CB_USER         0x4001 */
    "CN=xuan,CN=Users,DC=sesswin2003,DC=com", /* SASL_CB_AUTHNAME     0x4002 */
    "", /* SASL_CB_LANGUAGE     0x4003 */ /* not used */
    "Fair123", /* SASL_CB_PASS         0x4004 */
    "", /* SASL_CB_ECHOPROMPT   0x4005 */
    "", /* SASL_CB_NOECHOPROMPT   0x4006 */
    "", /* SASL_CB_CNONCE       0x4007 */
    ""  /* SASL_CB_GETREALM     0x4008 */
};
===========================
My questions are:

1. What is the difference between SASL_CB_USER and SASL_CB_AUTHNAME? Which one 
corresponds to the user's dn in the server? And the other one?

2. What is SASL_CB_AUTHNAME for? Shall I fill it with the Kerberos realm I am 
authenticated against? Or just leave it blank?

3. Still, I am not sure whether I should use ldap_sasl_interactive_bind_ext_s() 
or ldap_sasl_bind_s()? After all, the usage of the later seems simpler. But as 
Richard recommends the former, what defect does the later have?

Thanks,
Xu Qiang
_______________________________________________
dev-tech-ldap mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-ldap

Reply via email to