Hi Nico, I run on an OS where the available version of the cyrus-sasl library does not support SASL_GSS_CREDS. So openldap has LDAP_OPT_X_SASL_GSS_CREDS, but then when calling cyrus-sasl, it fails because it is not able to handle SASL_GSS_CREDS.
This is the reason why my code is failing (I didn't properly check the return codes). Is there any alternative to setting this option? Regards, Bernardo > Date: Wed, 8 May 2013 06:47:34 -0500 > Subject: Re: Multiple principals in a single application > From: [email protected] > To: [email protected] > CC: [email protected] > > On Wed, May 8, 2013 at 2:05 AM, Bernardo Pastorelli <[email protected]> > wrote: > > My application uses openldap and GSSAPI to connect to a remote LDAP server. > > GSSAPI leverages kerberos as the transport mechanism. > > a) It's one user at a time per-connection for LDAP. You can't > multiplex multiple user's LDAP PDUs over a single connection. > > b) First use gss_acquire_cred() with the given user's gss_name_t as > the desired name, then call ldap_int_sasl_set_option() with > LDAP_OPT_X_SASL_GSS_CREDS as the option and the gss_cred_id_t as the > value. > > c) Then call ldap_sasl_bind_s(). > > You need a version of OpenLDAP that has this option, and a version of > Cyrus SASL that has the SASL_GSS_CREDS options. But IIRC they've had > these for several years now. > > Nico > -- ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
