Well, I tried that and I ended up with the same thing. It returned LDAP_SASL_BIND_IN_PROGRESS. I'll just stick to my null sasl_interaction() approach.
Thanks, Frank On Tue, Apr 5, 2016 at 5:38 PM, Frank Crow <[email protected]> wrote: > Oh cool! I'll give that a try! > > Thanks, > Frank > > > On Tue, Apr 5, 2016 at 5:37 PM, David Hawes <[email protected]> wrote: > >> On 5 April 2016 at 16:44, Frank Crow <[email protected]> wrote: >> > Hi, >> > >> > I'm only ever going to use sasl_mech="EXTERNAL" with my client code. I >> > tried using ldap_sasl_bind_s() but that returned with >> > LDAP_SASL_BIND_IN_PROGRESS. >> > >> > I then used ldap_sasl_interactive_bind_s() based on the example in >> > clients/tools/common.c more or less. I don't actually need the >> defaults >> > struct, so I pass defaults=NULL and therefore don't use anything like >> > lutil_sasl_defaults(), etc. >> > >> > I implemented a LDAP_SASL_INTERACT_PROC using the example in >> > libraries/liblutil/sasl.c which is very similar to lutil_sasl_interact() >> > except that it doesn't support LDAP_SASL_INTERACTIVE and my version of >> the >> > interaction() function does nothing but return LDAP_SUCCESS. >> > >> > Looking at it, I could probably shorten my version of the >> > lutil_sasl_interact() to simply return LDAP_SUCCESS and not even bother >> with >> > an interaction() function. >> > >> > It appears to work just fine and the debug output says: >> > >> >> ldap_sasl_interactive_bind: user selected: EXTERNAL >> >> ldap_int_sasl_bind: EXTERNAL >> >> ldap_int_sasl_open: host=server1.paxriver.progeny.net >> >> => ldap_dn2bv(16) >> >> <= ldap_dn2bv(cn=xxxxxxx,ou=xxxxxxx,ou=xxx,o=xxx,dc=xxxx,dc=xxx)=0 >> >> SASL/EXTERNAL authentication started >> >> sasl_interact() >> >> ldap_sasl_bind >> >> ldap_send_initial_request >> >> ldap_send_server_request >> >> ldap_msgfree >> >> ldap_result ld 0x1366940 msgid 2 >> > >> > >> > So my questions: >> > >> > 1. Is there anything wrong with that approach? >> > 2. Is there a better (simpler/easier) way to do this? >> >> Yes. Pass an empty cred to ldap_sasl_bind_s(): >> >> cred.bv_val = ""; >> cred.bv_len = 0; >> ldap_sasl_bind_s(ldap, NULL, "EXTERNAL", &cred, NULL, NULL, NULL); >> > > > > -- > Frank > -- Frank
