Thanks for the reply Howard, if i can further clarify what you mean is that given the ldap_sasl_bind fucntion prototype below :
ldap_sasl_bind( LDAP *ld, LDAP_CONST char *dn, LDAP_CONST char *mechanism, struct berval *cred, LDAPControl **sctrls, LDAPControl **cctrls, int *msgidp ) i first call the Kerberos authentication functions to get the service ticket to the ldap server. Next i can simply use the above fuction specifying mechanism as "GSSAPI" and pointing cred to the Kerberos service ticket i just got ? If this is right the ldap server will just verify the service ticket and send back the response for the fucntion to return success. Is there anything else i need to take care of ? On 11/26/07, Howard Chu <[EMAIL PROTECTED]> wrote: > > Austin Cherian wrote: > > Hi, > > Im quite new to Openldap and am searching for answers to some > > questions on a particular case i have, i'd be glad if some one could > > help me out on this particular topic. > > > > I have a situation where i have to perform an LDAP bind to a given > > LDAP server with only being provided a service ticket to that > > particular LDAP server and nothing else, i have already explored the > > possibility of using SASL authentication method with GSSAPI as the > > mechanism, however i guess the GSSAPI mechanism takes user credentials > > as input and moves through the Kerberos protocol to finally provide > > the LDAP server with the service ticket. > > Wrong. The GSSAPI mechanism does exactly what you're looking for. > -- > -- Howard Chu > Chief Architect, Symas Corp. http://www.symas.com > Director, Highland Sun http://highlandsun.com/hyc/ > Chief Architect, OpenLDAP http://www.openldap.org/project/ >
