Michael Ströder wrote: > [email protected] wrote: >>> Disclaimer: I'm not a C programmer. >>> >>> I'd like to evaluate response controls (e.g. ppolicy) also when doing a >>> SASL bind. I'm using python-ldap which in turn uses OpenLDAP C API's >>> function ldap_sasl_interactive_bind_s(). >> >> Not sure about that. In clients/tools/common.c there is an example of >> using ldap_sasl_interactive_bind() asynchronously that purposely allows to >> extract controls information from the (last) response > > I'm staring at line 1473 in clients/tools/common.c of RE24 but I simply don't > get it: IMHO in opposite to later call of ldap_sasl_bind() (in a separate else > clause starting at line 1490) a msgid is not returned by the API and therefore > it seems to me that ldap_result() is not and cannot be called in the SASL > part.
Is the ppolicy control supported by the command-line tools if SASL is used? The code does not look like that and using ldapsearch also seems to lead to different results when using SASL and simple bind: $ ldapsearch -H ldap://server -Y DIGEST-MD5 -e ppolicy -U test -w test -LL -b"" -s base SASL/DIGEST-MD5 authentication started SASL username: test SASL SSF: 128 SASL data security layer installed. version: 1 Server is unwilling to perform (53) $ ldapsearch -x -H ldap://server -e ppolicy -D "uid=test,dc=example,dc=com" -w test -LL -b"" -s base ldap_bind: Success (0); Password must be changed (Password expires in 0 seconds) version: 1 Server is unwilling to perform (53) Ciao, michael.
