I completely agree with this post. The main problem being that it’s not obvious that ldap_sasl_bind(_s)
can actually perform simple binds. Once you’ve looked at how ldap_simple_bind is implemented inside the Openldap source tree (sbind.c
) you learn about the LDAP_SASL_SIMPLE
flag that is defined in ldap.h
to NULL
and serves as an SASL mechanism. When you want your program to support both SASL and simple binds, this is actually convenient. All you have to do is to make sure that a mechanism is set when other SASL properties are set. A simple bind, without using deprecated functions then becomes:
// xFlag is set via command line if( xFlag ) authcMech = LDAP_SASL_SIMPLE; res = ldap_sasl_bind_s( ld, // LDAP *, ldap handle authcUser, // char *, authentication user, dn in case of simple binds authcMech, // char *, mechanism &authcPw, // struct berval **, password in BER value NULL, // or specify client controls NULL, // or specify server controls &authcServerPw // not useful for simple binds, SASL server challenge );
But, if your SASL mechanism requires several stages, you may actually need to use ldap_sasl_interactive_bind
and that makes things complex again, mostly cause it’s not clear from the manpages whether the interact
parameter is just for providing defaults and that the SASL library or LDAP library does the prompting, or that your program has to do the prompting.
Guess I’ll find out soon enough.