Skip to main content

 none
Unable to parse result from asynchronous ldap_sasl_bind RRS feed

  • Question

  • I would like to parse the server response (temporally with a blocking ldap_result) to continue the authentication, but I always get a parameter error from the ldap_result function.

    Interesting part is that, if I use the ldap_simple_bind then the ldap_result (with the same parameters) works correctly (returns with LDAP_RES_BIND).

    LDAP *ld;
    int rc = -1; 
    int msgid = 0;
    const int version = LDAP_VERSION3;
    struct berval cred;
    LDAPMessage *ldapmsg = NULL;
    
    ld = ldap_init(L"localhost", LDAP_PORT);
    rc = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, (void*)&version);
    rc = ldap_connect(ld, NULL);
    
    rc = ldap_sasl_bind(ld, L"", L"GSSAPI", &cred, NULL, NULL, &msgid);
    //msgid = ldap_simple_bind(ld, L"cn=admin,dc=local", L"password"); // Works.
    rc = ldap_result(ld, msgid, LDAP_MSG_ALL, NULL, &ldapmsg); // Returns with -1.

    I also tried to use ldap_sasl_bind with "SIMPLE" mechanism (which should be equivalent with ldap_simple_bind as far as I know), but it has the same result.

    I understand that the (deprecated) ldap_bind only supports simple authentication (asynchronously), but the ldap_sasl_bind hasn't got this limitation. So how can I use it, if I'm unable to parse the response? 


    • Edited by Noirello Tuesday, June 23, 2015 12:54 PM
    Sunday, June 21, 2015 7:17 PM

All replies

  • The ldap_sasl_bind routine binds to an LDAP server using the Simple Authentication and Security Layer (SASL) protocol, I noticed that you don't have any credential information in you cred struct

    Best Regards,
    Please remember to mark the replies as answers if they help

    Tuesday, June 23, 2015 9:16 AM
  • The content of the cred struct depends on the type of the SASL mechanism, some of them (e.g DIGEST-MD5) sends empty credential information at the first call. For completeness, you're right that GSSAPI is not one of them, and it needs cred info, but my code example is not complete.

    I have a working code example with ldap_sasl_bind_s using DIGEST-MD5 and GSSAPI mechanisms. It's much longer than my posted example above (because of the needed SSPI function calls), but I don't think that rest of the code is relevant about my problem (but please let me know if you think I'm wrong about it).

    The problem is that I change the ldap_sasl_bind_s to ldap_sasl_bind and try to parse the result with ldap_result (like in the code example above), then I receive parameter error, which I don't understand why.

    The request is sent to the server correctly, and also the server response arrives. (Checked with Wireshark.)

    • Edited by Noirello Wednesday, June 24, 2015 6:55 AM Checked request and reply with Wireshark.
    Tuesday, June 23, 2015 12:54 PM