Using Sasl With An Ldap Client - Netscape DIRECTORY SERVER 6.2 - PLUG-IN Manual

Using SASL with an LDAP Client

nsslapd-pluginType: preoperation
nsslapd-pluginEnabled: on
nsslapd-plugin-depends-on-type: database
nsslapd-pluginId: test-bind
Check this source file for an example of a pre-operation plug-in function that
handles authentication:
<server_root>/plugins/slapd/slapi/examples/testbind.c
Using SASL with an LDAP Client
If you intend to use SASL as the method for authenticating clients, you need to
enable your LDAP clients to use SASL.
In your client, call the
request authentication using SASL. To parse credentials from an asynchronous
SASL bind operation, call
part of the Netscape LDAP C SDK 3.0.
The syntax for these functions are listed below:
LDAP_API(int) LDAP_CALL ldap_sasl_bind( LDAP *ld, const char *dn,
const char *mechanism, struct berval *cred,
LDAPControl **serverctrls, LDAPControl **clientctrls, int *msgidp
);
LDAP_API(int) LDAP_CALL ldap_sasl_bind_s( LDAP *ld, const char *dn,
const char *mechanism, struct berval *cred,
LDAPControl **serverctrls, LDAPControl **clientctrls,
struct berval **servercredp );
The parameters are described below:
•
ld
containing information about the connection to the LDAP server.
•
dn
authenticate as.
•
mechanism
authentication (the mechanism that you register in the initialization function
for your server plug-in).
•
cred
want to use for authentication.
106 Netscape Directory Server Plug-In Programmer's Guide • December 2003
ldap_sasl_bind()
ldap_parse_sasl_bind_result()
is the connection handle, which is a pointer to the LDAP structure
is the distinguished name (DN) that your client is attempting to
is the name of the SASL mechanism that you want to use for
is a pointer to the
or
ldap_sasl_bind_s()
structure containing the credentials that you
berval
function to
. These functions are