Xu, Qiang (FXSGSC) wrote: >> -----Original Message----- >> Michale wrote: >> >> Since there are several very different SASL mechanisms it >> would help if you'd explain what you want to achieve by using >> SASL bind. > > It is GSSAPI. The scenario is, the user logs in (against a Kerberos > server),
First the client has to obtain a ticket granting ticket (TGT) from the Kerberos KDC (e.g. via GSSAPI). > then LDAP query will be initiated to find the user's detail > in the LDAP server. This can get tricky since there is no standardized way how the LDAP server maps the SASL authc-ID to the authz-ID. And how to query the authz-ID is also not supported the same way on all LDAP servers. Which LDAP server do you plan to use? > I know something about LDAP but it is almost completely dark for me on SASL + > GSSAPI. I'd recommend to 1. play with the Kerberos utils on your platform (obtaining TGT with command-line tool kinit, then using command-line tool ldapsearch with SASL). Note that your DNS has to be set up correctly! Ciao, Michael. _______________________________________________ dev-tech-ldap mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-ldap
