Howard Chu wrote: > Michael Ströder wrote: >> >> what is returned by >> >> ldap_get_options(LDAP_OPT_X_SASL_AUTHCID,[..]) >> ldap_get_options(LDAP_OPT_X_SASL_AUTHZID,[..]) >> >> I'm getting results with python-ldap which look strange to me after >> doing a >> SASL bind. But I'm not sure what should be returned. > > For AUTHCID, it is initialized to the first non-null environment > variable of USER / USERNAME / LOGNAME. AUTHZID is empty. > > Both of them can be overriden by .ldaprc or LDAP_SASL env variables.
So these are rather meant to be set by the client as defaults (instead of the call-back vars)? I was hoping to find a SASL option to query the Kerberbos principal name actually used after a successful SASL/GSSAPI bind. Ciao, Michael.
