On Fri, Jul 23, 2010 at 12:10 AM, Dan White <[email protected]> wrote: > On 22/07/10 18:10 +0530, Shankar Anand R wrote: > >> Hi, >> >> The problem explained below must be fairly straightforward or even look >> silly for folks on this mailing list. Sorry for the trouble but I hope one >> of you might be willing to help a newbie. >> >> I am implementing an simple application that finds out a user's attributes >> using OpenLDAP. >> >> This a snippet of my code. >> ... >> BerValue cred; >> cred.bv_len = 10; >> cred.bv_val = strdup("mypassword"); >> ldap_sasl_bind_s(ld, "myuser", LDAP_SASL_SIMPLE /*NULL*/, &cred, NULL, >> NULL, >> NULL); >> >> This succeeds and I am able to proceed with my ldap_search_st() call. >> >> But since I don't want to send "mypassword" as plain text over the wire I >> opted for "DIGEST-MD5" >> >> ... >> BerValue cred; >> cred.bv_len = 10; >> cred.bv_val = strdup("mypassword"); >> ldap_sasl_bind_s(ld, "myuser", "DIGEST-MD5", &cred, NULL, NULL, NULL); >> >> This fails with the error 49 >> ldap_sasl_bind_s: Invalid credentials (49) >> additional info: 80090326: LdapErr: DSID-0C0904D1, comment: >> AcceptSecurityContext error, data 57, v1772 >> >> >> Note: I am using Active Directory. And I believe that my cyrus-sasl >> installation is good. >> >> >> I searched a lot but couldn't find the proper documentation for this. Do I >> have to fill up cred.bv_val differently while using DIGEST-MD5? Is there >> an >> OpenLDAP API to do that? >> Can someone explain or point me to the right documentation? >> > > See the man page for ldap_sasl_interactive_bind_s(), in which you provide a > callback function for providing the sasl realm, authc identity, password, > and authz identity. > > Also see doc/programming.html in the cyrus sasl source for discussion of > interactions, and plugins/ldapdb.c for a working example.
Thanks for your help. I will read the doc and the example. Meanwhile I want to check if I can avoid ldap_sasl_interactive_bind_s(). Wouldn't ldap_sasl_bind_s() work for "DIGEST-MD5"? If it works, I would like to go with it. Can you point out a way to do that? Thanks and Regards, Shankar
