Philip Guenther wrote: > On Sat, 15 Aug 2009, Michael Ströder wrote: > ... >> I was hoping to find a SASL option to query the Kerberbos principal name >> actually used after a successful SASL/GSSAPI bind. > > Are you trying to ask a purely local question or is the server's opinion > of what authorization ID you actually ended up with relevant?
Local. > For the latter, try ldap_whoami() or ldap_whoami_s(). Yes, that's already used in web2ldap for servers which implement it. But if that's not available (e.g. on MS AD W2K3 and it's almost useless in W2K8) I'm conducting a reverse lookup with a search request. So if bound by SASL/GSSAPI I'd search with a filter template like this: (|(userPrincipalName=%s)(krb5PrincipalName=%s)(krbPrincipalName=%s)) For other SASL methods other filters are used. > Does cyrus-sasl even provide a means to get the authentication ID used? That's exactly the question... Ciao, Michael.
