On Wed, May 8, 2013 at 2:05 AM, Bernardo Pastorelli <[email protected]> wrote: > My application uses openldap and GSSAPI to connect to a remote LDAP server. > GSSAPI leverages kerberos as the transport mechanism.
a) It's one user at a time per-connection for LDAP. You can't multiplex multiple user's LDAP PDUs over a single connection. b) First use gss_acquire_cred() with the given user's gss_name_t as the desired name, then call ldap_int_sasl_set_option() with LDAP_OPT_X_SASL_GSS_CREDS as the option and the gss_cred_id_t as the value. c) Then call ldap_sasl_bind_s(). You need a version of OpenLDAP that has this option, and a version of Cyrus SASL that has the SASL_GSS_CREDS options. But IIRC they've had these for several years now. Nico -- ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
