OpenLDAP referrals and kerberos error for MAC

Mon, 04 May 2015 23:30:58 -0700 

Dear Technical of openLDAP,

  I use OpenLDAP development on the Mac platform, run into the following 2 
questions, find a lot of information, still not resolved.
  Could you help me, Thank you.


1.        Referrals error,

Code flow:
ld = ldap_init(host, port);
rc = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version);
rc = ldap_set_option(ld, LDAP_OPT_REFERRALS, LDAP_OPT_ON);
rc = ldap_set_rebind_proc(ld, bind_prompt, NULL);
rc = ldap_set_option(ld, LDAP_OPT_SIZELIMIT,&sizelimit);
rc = ldap_simple_bind_s(ld, adminDN, adminPwd);
rc = ldap_search_s(ld, findDN, LDAP_SCOPE_ONELEVEL, [filter UTF8String], attrs, 
0, &result);

CallBack function:
static int bind_prompt(LDAP *ld,LDAP_CONST char *url,ber_tag_t request, 
ber_int_t msgid, void *params)
{
    static char *dnsuffix;
    static char dn[256],password[256];
    int authmethod;
    NSLog(@"rebind for request=%ld,msgid=%ld,url=%s\n",request,(long)msgid,url);
    authmethod = LDAP_AUTH_SIMPLE;
    NSLog(@"re-bind dn?");
    strcat(dn, dnsuffix);
    if (authmethod == LDAP_AUTH_SIMPLE && dn[0] != '\0')
    {
           NSLog(@"re-bind password?");
    }
    else
    {
           password[0] = '\0';
    }
    return ldap_bind_s(ld, dn, password, authmethod);
}

Description of the problem:ldap_search_s() return value is 10, which is 
LDAP_REFERRAL,an it did not call the function “bind_prompt()”.


2.        Kerberos error,
Code flow:
ld = ldap_init(host, port);
rc = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version);
rc = ldap_set_option(ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF);
rc = ldap_set_option(ld, LDAP_OPT_SIZELIMIT,&sizelimit);
rc = ldap_set_rebind_proc(ld, bind_prompt, NULL);
rc = ldap_bind_s(ld, adminDN, adminPwd, LDAP_AUTH_KRBV4);

Description of the 
problem:LDAP_AUTH_KRBV4,LDAP_AUTH_KRBV41,LDAP_AUTH_KRBV42,ldap_bind_s return 
value is -6, which is LDAP_AUTH_UNKNOWN.

Windows Client with the same configuration connected to openLDAP server 
successfully.
Does my code or interface call for errors.


Regards!
Aimee He
Tel:15658


Confidential Information:This message is sent to the intended recipient and may 
contain privileged or confidential information. If you received this 
transmission in error, please notify the sender with a replying e-mail and 
delete the message and any attachment.Transmission Caveat and Virus Alert: 
Internet communications cannot be guaranteed to be timely, secure, error or 
virus-free. The sender does not accept liability for any errors or omissions.

Reply via email to