Good evening every-one,
Actually I don't have that much hands on experience in C programming [though I
am very through in java/j2ee] but I have a task with me to be done in C
language.
I have a C utility which performs certain tasks. I have to incorporate a check
that only valid users can run that utility. This I have to do by authenticating
their user names and pwds in LDAP.
Now, now I decided that I would break my problem in simple manageable tasks....
step (1) => I decided to write a sample C program which connects to our ldap
server and performs the validation
step (2) => try include the above program in my utility.
And I am at present on step1.
I am using sunstudio 12 for this purpose running it on solaris 10.
The LDAP authentication has to be done over SSL. I have the SSL certificates
with me and I can connect to my ldap server using them but When i try to bind a
particular user with it, the programe stucks there... it doesn't even give any
error message or logs so I actually don't know how to proceed further.
The approach that I have taken is ---
STEP (1) bind annonmously with the ldap server to find out the user DN in ldap.
This I have to do as I have the login ID and not the complete DN with me &
because the port on which SSL is enabled dosn't allow annonymous log-in so I
use a different port to get the DN and yes I didn't forget to unbind [the
pointer].
THIS is working fine.
[for the sake of simplicity I would be removing this step and the code outlined
below].
STEP(2) make a connection to ldap server using the certificates using
ldapssl_clientauth_init() and ldapssl_init() fucntions.
THIS is also working fine.
STEP(3) then I set the ldap version to version to version3 using
ldap_set_option() funciton
THIS is also working fine.
STEP(4) bind to the ldap server over ssl server using the user DN using
ldap_sasl_bind_s() function
this is NOT working fine and programe hangs at this point [you might see a few
extra variables used but these are just there as I was their trying out
different things, I would for sure remove them]
************************************************See code snippet
below.*****************************************************
int main(int argc, char** argv) {
LDAP ld;
LDAPMessage *result, *e;
struct berval *servcred , cred;
BerElement *ber;
int ret_val, search_ret_val, i, j;
int b;
int version;
char *a, *dn;
char **vals;
char *userDN;
char *pw = "users_passwd";
char *dn1 = "cn=ABCD EFGH (123456),ou=people,dc=example,dc=com";
//The above DN is absolutely correct and this I am using just for the sake of
simplyfying things... as I explained in the desc above
printf("\nstarting the sample program....\n");
b = ldapssl_clientauth_init( "/home/XXXXXXXX/ldaplib/cert8.db", NULL, 1,
"/home/XXXXXXXX/ldaplib/key3.db", NULL );
printf("\n 11111111111 \n");
// Get hold of a SSL LDAP connection.
if ((ld = ldapssl_init("my_ldap_server_name", XXXX, 0)) == NULL ) {
printf("\ncouldn't open SSL connection to the ldap server...\n");
exit( 1 );
}
else {
printf("\nSSL connection to ldap server is open...\n");
}
printf("\n 22222222222 \n");
version = LDAP_VERSION3;
ldap_set_option(ld,LDAP_OPT_PROTOCOL_VERSION,&version);
printf("\n 33333333333 \n");
cred.bv_val = "users_passwd";
cred.bv_len = strlen(cred.bv_val);
// Bind to the server. when we specify null, its an annonymous login
ret_val = ldap_sasl_bind_s(ld,dn1,LDAP_SASL_EXTERNAL,&cred,NULL,NULL,&servcred);
//ret_val = ldap_simple_bind_s( ld, dn1, pw );
if ( ret_val != LDAP_SUCCESS ) {
printf("\n COULD NOT BIND with annonymous log-in, return value is => %d ",
ret_val);
}
else {
printf("\nnow we are bind, with annonymous log-in, return value is => %d ",
ret_val);
printf("\nTHIS IS A VALID PASSWORD... USER CAN GO AHEAD TO PERFORM THE
ACTION... \n");
}
ldap_unbind_s(ld);
printf("\nfinally exiting....\n");
return (EXIT_SUCCESS);
}
****************************************************************************************************
************
The output of the program is below...
starting the sample program....
11111111111
SSL connection to ldap server is open...
22222222222
33333333333
and after this it hangs---- i mean no further statment gets prnted.
So the problem is wth this function ----> ldap_sasl_bind_s() but what exactly
it is I am not able to understand.
Any pointers OR code snippet OR any help is much appreciated.
Best Regards,
Vinay Mudgil
--
This message posted from opensolaris.org
