I completely agree with this post. The main problem being that it’s not obvious that ldap_sasl_bind(_s) can actually perform simple binds. Once you’ve looked at how ldap_simple_bind is implemented inside the Openldap source tree (sbind.c) you learn about the LDAP_SASL_SIMPLE flag that is defined in ldap.h to NULL and serves as an SASL mechanism. When you want your program to support both SASL and simple binds, this is actually convenient. All you have to do is to make sure that a mechanism is set when other SASL properties are set. A simple bind, without using deprecated functions then becomes:
// xFlag is set via command line
if( xFlag )
authcMech = LDAP_SASL_SIMPLE;
res = ldap_sasl_bind_s(
ld, // LDAP *, ldap handle
authcUser, // char *, authentication user, dn in case of simple binds
authcMech, // char *, mechanism
&authcPw, // struct berval **, password in BER value
NULL, // or specify client controls
NULL, // or specify server controls
&authcServerPw // not useful for simple binds, SASL server challenge
);
But, if your SASL mechanism requires several stages, you may actually need to use ldap_sasl_interactive_bind and that makes things complex again, mostly cause it’s not clear from the manpages whether the interact parameter is just for providing defaults and that the SASL library or LDAP library does the prompting, or that your program has to do the prompting.
Guess I’ll find out soon enough.
conflictable 