Problem Statement:-- I'm using portions of source code from MS ( http://www.microsoft.com/downloads/details.aspx?FamilyID=36e319fa-2699-4572-8489-86433254ea6f&displaylang=en ) to access Active Directory using the SASL-GSSAPI mechanism to authenticate against MS Active Directory. This code depend on the use of the MIT kerberos V library, and of course the Netscape C LDAP SDK. (also I'm using the source code for the SASL client side authentication for LDAP). I can use this sample to authenticate against Active Directory (the dialog explained in RFC 2222 using ldap_sasl_bind and ldap_result is fine), with the only problem that the socket descriptor of the ldap_connection is lost after the SASL-GSSAPI authentication is succesful. For example, after use ldap_sasl_bind to exchange the kerberos tickets with Active Directory, and use ldap_result to exchange he tokens, the problem is with the ldap_modify_s or ldap_search_ext_s() function call, the error is that the client cannot contact to the LDAP Server.
Brief History:-- I have found Ad.exe, an SASL samples using MIT Kerberos v5 & Netscape Directory SDK for C. This allows one to modify ActiveDirectory 2000 to be modified from unix systems. I downloaded the stuff from MS site and compiled the same for Mac & Solaris. This works fine for SEAM /Active Directory in UNIX based systems. I then ported the samples in windows and used kfw 1.6.3 libraries & Mozilla C-SDK 1.4.1/1.7.x. I am able to do the SASL communication and get the ldap/[EMAIL PROTECTED] ticket but ld handle fails after that. I am struck because no one answers this question at the mailing lists of Mozilla. As I have already got few bugs fixed on the part of MIT Kerberos libraries so I know that authentication goes off well but "ld" file handle getting lost is still a problem. What should I do after this. Server Details:-- Directory Server: Active Directory 2003/Active Directory 2000 OS : Windows 2003/Windows 2000 Mozilla C-SDK: 1.4.1/1.7.x Authentication Type: SASL/GSSAPI via MIT kfw 1.6.3 libraries. Samples: I am running samples from ad.exe available from ms site. My Debug Output:-- (I have bolded the problem lines below) LDAP service name: [EMAIL PROTECTED] who=DC=QDMS,DC=CO,DC=IN==> client_establish_context Sending init_sec_context token (size=1443)... 60 82 05 9f 06 09 2a 86 48 86 f7 12 01 02 02 01 00 6e 82 05 8e 30 82 05 8a a0 03 02 01 05 a1 03 02 01 0e a2 07 03 05 00 20 00 00 00 a3 82 04 b5 61 82 04 b1 30 82 04 ad a0 03 02 01 05 a1 0c 1b 0a 51 44 4d 53 2e 43 4f 2e 49 4e a2 24 30 22 a0 ........................................... c5 80 23 7e 02 e5 1d 3e bb 20 9c 08 f0 9d d2 cd 8a ba d0 ==> send_token <== send_token continue needed... ==> recv_token <== recv_token <== recv_token Received token (size=134)... 60 81 83 06 09 2a 86 48 86 f7 12 01 02 02 02 00 6f 74 30 72 a0 03 02 01 05 a1 03 02 01 0f a2 66 30 64 a0 03 02 01 17 a2 5d 04 5b ee 5c 7f ec 37 cb aa 8d e7 c7 3b 14 6d 6d 4f f0 26 38 c1 12 1f 9d 83 0e 9d 91 85 a3 4b aa 31 2d 92 73 fb 4d a0 a9 67 30 75 9c 76 62 a7 e3 ba fc 09 11 c4 ff 08 59 ba ff e1 f3 3a d7 8d c9 4e 1b f7 f4 51 51 bf 23 0f ad 75 6e 0e 67 35 a4 4e af e9 8e dc a3 2d 0a ad ec 1d b1 56 Sending init_sec_context token (size=0)... ==> send_token <== send_token <== client_establish_context ==> negotiate_security_options ==> recv_token <== recv_token <== recv_token Received token (size=50)... 60 30 06 09 2a 86 48 86 f7 12 01 02 02 02 01 11 00 ff ff ff ff 37 ea cc 24 f9 6e cf 27 b6 a3 a6 a1 19 64 bf 10 d4 59 5a d1 d0 b2 25 e6 07 a0 00 00 01 60 30 06 09 2a 86 48 86 f7 12 01 02 02 02 01 11 00 ff ff ff ff 37 ea cc 24 f9 6e cf 27 b6 a3 a6 a1 19 64 bf 10 d4 59 5a d1 d0 b2 25 e6 07 a0 00 00 01 Received security token level 7 size 160 Sending security token level 1 size 160 ==> send_token <== send_token ==> parse_bind_result ldap_first_message ldap_first_message::LDAP_RES_BIND <== parse_bind_result <== negotiate_security_options after negotiate_security_options 0 goes inside "[EMAIL PROTECTED]" to "ldap/[EMAIL PROTECTED]", lifetime 35942, flags 136, locally initiated, open after ldap_gssapi_bind before LDAP_MOD_REPLACE ldap_modify_s: Can't contact LDAP server ldap_modify_st: Can't contact LDAP server I have to run my SASL client on Windows/Solaris/Mac. I have already done so on MAC & Solaris but failed on Windows. I can mail to u the samples that I have made if u need them. Even if u can guide what has to be done or which group to as for shall be of great help. The fundamental problem is this that MS does not comply to open standards and have a number of things undocumented. Also the mozilla mailing list () are too inactive. Please guide or help me if u can I have already made a number of postings. Regards Vikas _______________________________________________ mozilla-directory mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-directory
