Just found out that the function ldap_sasl_interactive_bind_ext_s() may be intended for a stand-alone application used in command-line, thus the name "interactive". So I guess when the function is executed, some prompt appears in the console to wait for my input. And it can explain the callback function "example_sasl_interact()".
For me, the implementation is to be used in the printer, which cannot be interactively and repeatedly request so many parameters. Maybe the function ldap_sasl_bind_s() is more appropriate? > -----Original Message----- > From: > [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] > illa.org] On Behalf Of Xu, Qiang (FXSGSC) > Sent: Wednesday, November 05, 2008 5:18 PM > To: Rich Megginson > Cc: Michael Ströder; [email protected] > Subject: RE: SASL authentication > > Hi, guys: > > Using ldap_sasl_interactive_bind_ext_s(), I've come up with > an implementation of SASL binding. The main idea is as follows: > ======================================================= > #include <sasl/sasl.h> > ... > static int sasl_flags = LDAP_SASL_QUIET; static char > *sasl_mech = "GSSAPI"; > ... > /* warning! - the following requires intimate knowledge of sasl.h */ > static char *default_values[] = { > "", /* SASL_CB_USER 0x4001 */ > "", /* SASL_CB_AUTHNAME 0x4002 */ > "", /* SASL_CB_LANGUAGE 0x4003 */ /* not used */ > "", /* SASL_CB_PASS 0x4004 */ > "", /* SASL_CB_ECHOPROMPT 0x4005 */ > "", /* SASL_CB_NOECHOPROMPT 0x4006 */ > "", /* SASL_CB_CNONCE 0x4007 */ > "" /* SASL_CB_GETREALM 0x4008 */ > }; > > /* this is so we can use SASL_CB_USER etc. to index into > default_values */ > #define VALIDVAL(n) ((n >= SASL_CB_USER) && (n <= SASL_CB_GETREALM)) > #define VAL(n) default_values[n-0x4001] > ... > static int example_sasl_interact(LDAP *ld, unsigned flags, > void *defaults, void *prompts); > ... > static int example_sasl_interact(LDAP *ld, unsigned flags, > void *defaults, void *prompts) { > sasl_interact_t *interact = NULL; > > if (prompts == NULL) > { > return (LDAP_PARAM_ERROR); > } > > for (interact = prompts; interact->id != > SASL_CB_LIST_END; interact++) > { > if (VALIDVAL(interact->id)) > { > interact->result = VAL(interact->id); > interact->len = strlen((char > *)interact->result); > } > } > return (LDAP_SUCCESS); > } > > ... > int ldapStatus = LDAP_SUCCESS; > LDAP *ldapHandle = (LDAP *)NULL; > LDAPControl **responseControls = NULL; ... > if ((ldapHandle = prldap_init((ldapServerConfigData.hostnames), > LDAP_PORT, 0)) == NULL) > { > LOGERROR("prldap_init failed"); > return(ABA_LDAP_INIT_CALL_FAILED); > } > LOGINFO("prldap_init succeeded"); > ... > version = LDAP_VERSION3; > if (ldap_set_option(ldapHandle,LDAP_OPT_PROTOCOL_VERSION,&version) > != LDAP_SUCCESS) > { > LOGERROR("Setting Version Failed"); > > /* > ** unbind ldap handle. > */ > if (ldapHandle != (LDAP *)NULL) > { > LOGINFO("ldap_unbind_s2"); > ldap_unbind_s(ldapHandle); > ldapHandle = (LDAP *)NULL; > > } > > return(ABA_LDAP_SET_UNABLE_TO_SET_PREFS); > } > ... > /* no need for dn and password in case of SASL binding */ > ldapStatus = ldap_sasl_interactive_bind_ext_s(ldapHandle, > "", sasl_mech, > NULL, NULL, > sasl_flags, > > example_sasl_interact, NULL, &responseControls); > > if (responseControls != NULL) > { > LOGINFO("SASL binding finished, will destroy > responseControls"); > ldap_controls_free(responseControls); > } > > LOGINFO("SASL LDAP BIND with GSSAPI: Value of ldapStatus > %d", ldapStatus); > ======================================================= > The core part is almost a direct copy from > http://mxr.mozilla.org/mozilla/source/directory/c-sdk/ldap/exa > mples/saslsearch.c or > http://mxr.mozilla.org/mozilla/source/directory/c-sdk/ldap/exa > mples/sasl.c. > > It looks straightforward. And after an operation of > "kinit..." followed by the above SASL binding, the log gives > me LDAP_SUCCESS. > > However, the network trace doesn't shows the SASL packets > between the printer and the ADS. No wonder the failure of the > following LDAP search, with the error message reminding me to > bind to the server before doing any query. > > Yes, I know binding is prerequisite to a query. But how come > the function ldap_sasl_interactive_bind_ext_s() returns 0 > when it actually doesn't contact the server? I am really bewildered. _______________________________________________ dev-tech-ldap mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-ldap
