Random bits, Week 2

• My beard has a lot of gray now. I should loose it.
• Reading RFC’s is worse then the bible. At least the bible reads like a fantasy novel.

Random bits, week 1

• I should write an e-book on the Openldap C API. After wrestling with it for a few days, it’s all coming together and the beauty of the API is showing through. The problem is that that there really isn’t a guide out there that gives you the big picture and with all deprecations and subtle function name differences, it’s tough to see the road to wander.
• If I didn’t approve your comment, it’s because it doesn’t contribute anything. The thank you note is however appreciated. So is pushing the like button.
• Yoghurt drink from Mona is really good. Those of you not familiar, should import it.
• My best friend is going to be a father. He does not want to be a father. His girlfriend knew that. He’s trying to redefine the relationship thinking things might still work out. I admire, but not share, his optimism.
• Watching season one of Bones again, I can see why I liked it. I suspect that I stopped liking it because gradually the squints turn into normal people and loose their charm.
• Instant gratification in gaming is killing the industry. I keep hoping one will rise that gets that and is capable of making effort/reward feel at it should and not as a collection of time sinks.

 

Openldap binding via C API

I completely agree with this post. The main problem being that it’s not obvious that ldap_sasl_bind(_s) can actually perform simple binds. Once you’ve looked at how ldap_simple_bind is implemented inside the Openldap source tree (sbind.c) you learn about the LDAP_SASL_SIMPLE flag that is defined in ldap.h to NULL and serves as an SASL mechanism. When you want your program to support both SASL and simple binds, this is actually convenient. All you have to do is to make sure that a mechanism is set when other SASL properties are set. A simple bind, without using deprecated functions then becomes:

// xFlag is set via command line
if( xFlag )
    authcMech = LDAP_SASL_SIMPLE;
res = ldap_sasl_bind_s(
    ld, // LDAP *, ldap handle
    authcUser, // char *, authentication user, dn in case of simple binds
    authcMech, // char *, mechanism
    &authcPw, // struct berval **, password in BER value
    NULL, // or specify client controls
    NULL, // or specify server controls
    &authcServerPw // not useful for simple binds, SASL server challenge
);

But, if your SASL mechanism requires several stages, you may actually need to use ldap_sasl_interactive_bind and that makes things complex again, mostly cause it’s not clear from the manpages whether the interact parameter is just for providing defaults and that the SASL library or LDAP library does the prompting, or that your program has to do the prompting.
Guess I’ll find out soon enough.