> -----Original Message-----
> From:
> [email protected]
>
> [mailto:[email protected]
> illa.org] On Behalf Of Markus Moeller
> Sent: Wednesday, April 01, 2009 3:10 AM
> To: [email protected]
> Subject: Re: SASL authentication
>
> How does your source code look like ? I have the suspicion
> that you give wrong arguments to the ldap function. e.g.
> where the hostname goes you put hostname:port.
Good news, Marcus.
The original code is like this:
========================================
if ((ldapHandle = prldap_init((ldapServerConfigData.hostnames),
LDAP_PORT, 0)) == NULL)
{
LOGERROR("prldap_init failed");
return(ABA_LDAP_INIT_CALL_FAILED);
}
LOGINFO("prldap_init succeeded");
========================================
As you have noticed, the value of the variable "ldapServerConfigData.hostnames"
is actually in a format of "host:port", which is incorrect. The reason that
simple binding can succeed may be due to the high tolerance of the function
"ldap_simple_bind_s()", whereas "ldap_sasl_interactive_bind_ext_s()" is more
sensitive. It is strange that the function "prldap_init()" doesn't report any
error when the hostname comes in the form of "host:port". The log entry
"prldap_init succeeded" is always visible, even in the case of SASL binding
failure.
According to your advice, I modifed the code as follows:
========================================
char *pSemicolon = NULL;
char serverHost[PRIMARY_HOSTNAME+1] = {0};
int serverPort = 0;
......
pSemicolon = strchr(ldapServerConfigData.hostnames, ':');
strncpy(serverHost, ldapServerConfigData.hostnames, pSemicolon -
ldapServerConfigData.hostnames);
serverPort = atoi(pSemicolon + 1);
LOGINFO("serverHost is [%s]", serverHost);
LOGINFO("serverPort is [%d]", serverPort);
if ((ldapHandle = prldap_init(serverHost,
serverPort, 0)) == NULL)
{
LOGERROR("prldap_init failed");
return(ABA_LDAP_INIT_CALL_FAILED);
}
LOGINFO("prldap_init succeeded");
========================================
Now SASL LDAP binding with "ldap_sasl_interactive_bind_ext_s()" returns
LDAP_SUCCESS now. I am greatly relieved. Many thanks about it.
Still, I have seen some strange packets:
========================================
32 17.839052 13.198.98.107 13.198.98.35 LDAP bindRequest(1)
"<ROOT>" sasl
33 17.917608 13.198.98.35 13.198.98.107 LDAP bindResponse(1)
saslBindInProgress
35 17.919333 13.198.98.107 13.198.98.35 LDAP bindRequest(2)
"<ROOT>" [Malformed Packet]
36 17.919637 13.198.98.35 13.198.98.107 LDAP bindResponse(2)
saslBindInProgress
37 17.920316 13.198.98.107 13.198.98.35 LDAP bindRequest(3)
"<ROOT>" sasl
38 17.920691 13.198.98.35 13.198.98.107 LDAP bindResponse(3)
success
========================================
I am not sure if packet 35 is normal or not? After all, it says the packet is
malformed.
In contrast, a trace captured with OpenLDAP ldapsearch utility does not have
this malformat packet:
========================================
22 24.805633 13.198.98.35 13.198.98.190 LDAP bindResponse(1)
saslBindInProgress
28 26.616093 13.198.98.190 13.198.98.35 LDAP bindRequest(2)
"<ROOT>" sasl
29 26.616459 13.198.98.35 13.198.98.190 LDAP bindResponse(2)
saslBindInProgress
31 26.616705 13.198.98.190 13.198.98.35 LDAP bindRequest(3)
"<ROOT>" sasl
32 26.633134 13.198.98.35 13.198.98.190 LDAP bindResponse(3)
success
========================================
Packet 29 is normal, compared to Packet 35 in the last trace.
Another question: In SASL LDAP binding, I can't see explicit unbinding request
and response, while I can see them in simple binding. Is this normal?
Thanks a million,
Xu Qiang
_______________________________________________
dev-tech-ldap mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-ldap
