> -----Original Message-----
> From:
> [email protected]
>
> [mailto:[email protected]
> illa.org] On Behalf Of Markus Moeller
> Sent: Wednesday, April 01, 2009 3:10 AM
> To: [email protected]
> Subject: Re: SASL authentication
>
> How does your source code look like ? I have the suspicion
> that you give wrong arguments to the ldap function. e.g.
> where the hostname goes you put hostname:port.
Marcus, the source code to do SASL binding is as follows:
=========================================
static int sasl_flags = LDAP_SASL_QUIET;
static char *sasl_mech = "GSSAPI";
/* warning! - the following requires intimate knowledge of sasl.h */
static char *default_values[] = {
"", /* SASL_CB_USER 0x4001 */
"", /* SASL_CB_AUTHNAME 0x4002 */
"", /* SASL_CB_LANGUAGE 0x4003 */ /* not used */
"", /* SASL_CB_PASS 0x4004 */
"", /* SASL_CB_ECHOPROMPT 0x4005 */
"", /* SASL_CB_NOECHOPROMPT 0x4006 */
"", /* SASL_CB_CNONCE 0x4007 */
"" /* SASL_CB_GETREALM 0x4008 */
};
/* this is so we can use SASL_CB_USER etc. to index into default_values */
#define VALIDVAL(n) ((n >= SASL_CB_USER) && (n <= SASL_CB_GETREALM))
#define VAL(n) default_values[n-0x4001]
...
static int example_sasl_interact(LDAP *ld, unsigned flags, void *defaults, void
*prompts) {
sasl_interact_t *interact = NULL;
if (prompts == NULL)
{
return (LDAP_PARAM_ERROR);
}
for (interact = prompts; interact->id != SASL_CB_LIST_END; interact++)
{
if (VALIDVAL(interact->id))
{
interact->result = VAL(interact->id);
interact->len = strlen((char *)interact->result);
}
}
return (LDAP_SUCCESS);
}
...
status = aba_ldap_retrieve_config_data(sessionInformation);
...
if ((ldapHandle = prldap_init((ldapServerConfigData.hostnames),
LDAP_PORT, 0)) == NULL)
{
LOGERROR("prldap_init failed");
return(ABA_LDAP_INIT_CALL_FAILED);
}
LOGINFO("prldap_init succeeded");
...
ldapStatus = ldap_sasl_interactive_bind_ext_s(ldapHandle, "", sasl_mech,
NULL, NULL, sasl_flags,
example_sasl_interact, NULL,
&responseControls);
if (responseControls != NULL)
{
LOGINFO("SASL binding finished, will destroy responseControls");
ldap_controls_free(responseControls);
responseControls = NULL;
}
LOGINFO("SASL LDAP BIND with GSSAPI: Value of ldapStatus %d", ldapStatus);
=========================================
The binding function ldap_sasl_interactive_bind_ext_s() doesn't explicitly have
an argument for server's hostname.
However, the simple binding interface doesn't need this parameter, either:
=========================================
ldapStatus = ldap_simple_bind_s(ldapHandle,
ldapServerConfigData.loginName,
ldapServerConfigData.loginPassword);
=========================================
The code to retrieve LDAP server's hostname is called by function
aba_ldap_retrieve_config_data() -> aba_ldap_retrieve_server_info(). In the
function, the server's hostname is extracted and combined in form of
"hostname:port". After that, it is copied into the data structure
"ldapServerConfigData.hostnames".
The data structures for ldapServerConfigData is here:
=========================================
typedef struct {
char hostnames[HOSTNAME_CAT_STRING+2];
char loginName[FIELD_MAX_SIZE+1];
char loginPassword[FIELD_MAX_SIZE+1];
bool_t referalsEnabled;
bool_t ldapVersion3;
int hopCount;
char base[FIELD_MAX_SIZE+1];
int timeOut;
int maxNames;
} LdapServerConfigData;
=========================================
It seems in simple binding, MozLDAP (or SASL2) library can handle this format
and correctly sends out the DNS request. On the other hand, in case of SASL
binding, the DNS request is formed incorrectly.
Is this helpful?
Thanks,
Xu Qiang
_______________________________________________
dev-tech-ldap mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-ldap
