Xu, Qiang (FXSGSC) wrote:
-----Original Message-----
From: [email protected] [mailto:[email protected]]
i hate to ask the silly question but do you actually have
SASL builtin?
https://wiki.mozilla.org/LDAP_C_SDK#Building_using_autoconf_.2
8preferred_method.29
see "Build with SASL support" section there. otherwise you
might be hitting a stub which does nothing but returns
LDAP_SUCCESS [ i have no idea why do we actually return
success in those stubs but we do ].
Finally, OS team sent over a new package of MozLDAP library built with SASL support. It doesn't return LDAP_SUCCESS any more. However, a new error pops up:
=========================================
<apManager> (Fri Feb 27 2009 14:14:15.223)
<p23847,t3079044000,aba_ldap_interface.c,2373>
INFO>> SASL Login
<apManager> (Fri Feb 27 2009 14:14:15.224)
<p23847,t3079044000,aba_ldap_interface.c,2388>
INFO>> SASL LDAP BIND with GSSAPI: Value of ldapStatus 86
<apManager> (Fri Feb 27 2009 14:14:15.224)
<p23847,t3079044000,aba_ldap_interface.c,2459>
ERROR>> LDAP BIND: Value of ldap failure status and text 86 Unknown
authentication method
<apManager> (Fri Feb 27 2009 14:14:15.225)
<p23847,t3079044000,aba_ldap_interface.c,2500>
ERROR>> ABA_LDAP_UNKNOWN_BIND_FAILURE
=========================================
In the network trace captured, I didn't see the binding request be sent to the
server.
The core part of the code is as follows:
=========================================
static int sasl_flags = LDAP_SASL_QUIET;
static char *sasl_mech = "GSSAPI";
/* warning! - the following requires intimate knowledge of sasl.h */ static
char *default_values[] = {
"", /* SASL_CB_USER 0x4001 */
"", /* SASL_CB_AUTHNAME 0x4002 */
"", /* SASL_CB_LANGUAGE 0x4003 */ /* not used */
"", /* SASL_CB_PASS 0x4004 */
"", /* SASL_CB_ECHOPROMPT 0x4005 */
"", /* SASL_CB_NOECHOPROMPT 0x4006 */
"", /* SASL_CB_CNONCE 0x4007 */
"" /* SASL_CB_GETREALM 0x4008 */
};
/* this is so we can use SASL_CB_USER etc. to index into default_values */
#define VALIDVAL(n) ((n >= SASL_CB_USER) && (n <= SASL_CB_GETREALM))
#define VAL(n) default_values[n-0x4001]
...
static int example_sasl_interact(LDAP *ld, unsigned flags, void *defaults, void
*prompts) {
sasl_interact_t *interact = NULL;
if (prompts == NULL)
{
return (LDAP_PARAM_ERROR);
}
for (interact = prompts; interact->id != SASL_CB_LIST_END; interact++)
{
if (VALIDVAL(interact->id))
{
interact->result = VAL(interact->id);
interact->len = strlen((char *)interact->result);
}
}
return (LDAP_SUCCESS);
}
...
ldapStatus = ldap_sasl_interactive_bind_ext_s(ldapHandle, "", sasl_mech,
NULL, NULL, sasl_flags,
example_sasl_interact, NULL,
&responseControls);
if (responseControls != NULL)
{
LOGINFO("SASL binding finished, will destroy responseControls");
ldap_controls_free(responseControls);
responseControls = NULL;
}
LOGINFO("SASL LDAP BIND with GSSAPI: Value of ldapStatus %d", ldapStatus);
=========================================
Is it a problem of SASL library?
Probably. It probably cannot find the mechanism plugins. The
cyrus-sasl library is in two pieces - the main libsasl, and the plugins
for the various mechanisms. For example, on my RHEL5 system, libsasl2
is installed in $libdir, and the mechanism plugins are installed in
$libdir/sasl2. The sasl on RHEL5 has been compiled so that libsasl
looks in $libdir/sasl2 for the mechanism plugins. You can also set the
env. var. SASL_PATH to point to the directory containing the mechanism
plugins.
I already have cyrus-sasl-2.1.22 in place.
Any help is appreciated,
Xu Qiang
_______________________________________________
dev-tech-ldap mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-ldap
