[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: init REALM with backend ldap

>Looks like OpenLDAP 2.1 requires that a bind is performed before
>any modifications are. Looks like the Heimdal backend will need
>to be modified to perform a bind first.

The following (untested) patch will do a SASL EXTERNAL bind to the
LDAP server over the ldapi:// domain socket. The latest OpenLDAP
CVS HEAD supports retrieving peer domain socket credentials using

You can do something like the following:

sasl-regexp uidNumber=0\\\+gidNumber=0,cn=peercred,cn=external,cn=auth cn=manager,dc=sics,dc=se

where cn=manager,dc=sics,dc=se is the rootdn.

-- Luke

Index: hdb-ldap.c
RCS file: /home/project/cvs/heimdal/lib/hdb/hdb-ldap.c,v
retrieving revision
diff -u -r1.1.1.2 hdb-ldap.c
--- hdb-ldap.c	2002/09/11 03:30:03
+++ hdb-ldap.c	2002/12/09 05:42:16
@@ -986,6 +986,12 @@
+    rc = ldap_sasl_bind_s((LDAP *) db->db, NULL, "EXTERNAL", NULL, NULL, NULL, NULL);
+    if (rc != LDAP_SUCCESS) {
+	krb5_set_error_string(context, "ldap_sasl_bind_s: %s", ldap_err2string(rc));
+    }
     return 0;
Luke Howard | PADL Software Pty Ltd | www.padl.com