Hi, I'm only ever going to use sasl_mech="EXTERNAL" with my client code. I tried using ldap_sasl_bind_s() but that returned with LDAP_SASL_BIND_IN_PROGRESS.
I then used ldap_sasl_interactive_bind_s() based on the example in clients/tools/common.c more or less. I don't actually need the defaults struct, so I pass defaults=NULL and therefore don't use anything like lutil_sasl_defaults(), etc. I implemented a LDAP_SASL_INTERACT_PROC using the example in libraries/liblutil/sasl.c which is very similar to lutil_sasl_interact() except that it doesn't support LDAP_SASL_INTERACTIVE and my version of the interaction() function does nothing but return LDAP_SUCCESS. Looking at it, I could probably shorten my version of the lutil_sasl_interact() to simply return LDAP_SUCCESS and not even bother with an interaction() function. It appears to work just fine and the debug output says: ldap_sasl_interactive_bind: user selected: EXTERNAL > ldap_int_sasl_bind: EXTERNAL > ldap_int_sasl_open: host=server1.paxriver.progeny.net > => ldap_dn2bv(16) > <= ldap_dn2bv(cn=xxxxxxx,ou=xxxxxxx,ou=xxx,o=xxx,dc=xxxx,dc=xxx)=0 > SASL/EXTERNAL authentication started > sasl_interact() > ldap_sasl_bind > ldap_send_initial_request > ldap_send_server_request > ldap_msgfree > ldap_result ld 0x1366940 msgid 2 So my questions: 1. Is there anything wrong with that approach? 2. Is there a better (simpler/easier) way to do this? Any advice is highly appreciated! Thanks, Frank
